I'm trying out a simple way of blocking malware/ad IP using a router-based host file, using the one in http://www.mvps.org/winhelp2002/hosts.htm. That file is perfectly formatted to black hole known domain names to 127.0.0.1 on the router's DNS server. To do this in Tomato, run the following steps:
1. Under Advanced-DHCP/DNS, add the following line into Dnsmasq custom configuration:
2. In Administration-Scripts, add the following line into the WAN up box:
[ ! -f /etc/hosts.ads ] && (wget http://www.mvps.org/winhelp2002/hosts.txt -O /etc/hosts.ads;service dnsmasq restart)
Reboot the router. The start up script will download the hosts.txt into the router's ramdisk, restart dnsmasq to register that as a new hosts file to reference. You computer must be configured to use the router as your DNS, and all known malware or ads domain will resolve to 127.0.0.1, effectively blocking your browser from reaching them.
Other than higher memory usage for dnsmasq process, could anyone any disadvantage using this method?