Sorry, I have been swamped with other (real life) projects and didn't check back here for quite some time.
Firstly, yes, this looks about right (I changed your itemization into an enumeration):
with come comments:
- There is a "zeroth" step you have to prepend which are the "special domains" (
use-application-dns.netandmask.icloud.com+mask-h2.icloud.com). But their behavior can be changes easily via config options. - Executing regular expressions is a lot more computationally expensive than doing lookups in our exact domain. While the exact domains are organized in a B-tree (allowing logarithmic lookup times), regular expressions have to be iterated one after another for every domain. Running a single regular expression against a domain can easily be more work than comparing the domain against several millions of exact domains (not because regular expressions are so slow but because looking up in the tree is so blazingly fast).
Furthermore, FTL tries to stay out of your everyday browsing as much as possible. Hence, we look at whitelisted domains first (this is typically stuff you want to visit) while you usually don't care too much if it takes some extra milliseconds until ads are blocked. - You have to make an important distinction in the code-flow between 5. and 6. because this is where we leave
FTLcode and enterdnsmasqcode. When nothing matches in steps 0-5, FTL hands the query to the embeddeddnsmasqcore as if nothing would have happened. Hence, we have no influence on prioritizing anddnsmasqconfig files.
The second being
which is something worth considering. However, it also needs some (maybe non-trivial) code changes as whitelist is currently simply pushing though queries as fast as possible to the embedded dnsmasq for further processing. Equipping whitelist with the reply option means we need to add another code path that basically handles these queries as if they were blacklisted (while they are not) so FTL steps in and crafts the DNS response with the requested reply type.
I'll think about how to achieve this, however, it will either be hacky or require some good amount of generalization in the code (basically widely remove the separate code paths for black and white domains). As it will be the latter, it is some work.
Feel free to ping me when you get the impression that I forgot about this.