Implement Network-Wide Ad-Blocking

[troglobit]

Description

Integrate a Pi-hole-style DNS "blackhole" feature into Infix OS by leveraging the existing dnsmasq package. This requires a mechanism to ingest, format, and update domain blocklists to sinkhole unwanted traffic to 0.0.0.0.

Requirements

1. Configuration Changes

• Update the dnsmasq configuration (e.g., /etc/dnsmasq.conf) to support external host files.
• Directive: Add addn-hosts=/var/lib/dnsmasq/adblock.hosts.
• Optimization: Ensure expand-hosts and localise-queries are enabled to maintain local network efficiency.

2. Blocklist Management Script

Develop a POSIX-compliant shell script (for BusyBox/Infix compatibility) to:

• Fetch community-maintained lists (e.g., StevenBlack/hosts).
• Filter and sanitize input to ensure compatibility with dnsmasq host format.
• Perform atomic writes to /var/lib/dnsmasq/adblock.hosts (ensuring this path is on a persistent, writable partition).
• Reload dnsmasq (e.g., killall -SIGHUP dnsmasq) after updates without restarting the full service.

3. Buildroot Integration

• Kconfig: Add BR2_PACKAGE_INFIX_ADBLOCK to Config.in.
• Provisioning: Include a default, lightweight blocklist in the rootfs overlay to ensure functionality if the device is offline during initial setup.
• Automation: Add a crond entry to /etc/periodic/weekly/ to automate list refreshes.

4. Constraints & Performance

• Memory Footprint: The script must handle large files (100k+ entries) using stream processing (sed/awk) rather than loading into memory.
• Storage: Ensure the blocklist does not exhaust available flash space on low-resource targets.

Acceptance Criteria

1. dnsmasq successfully loads the supplemental host file on startup.
2. The update script correctly parses a remote source into a 0.0.0.0 <domain> format.
3. DNS queries for blocked domains return 0.0.0.0 to the client.
4. The solution survives a system reboot and maintains persistent lists.