Table of Contents
Ads Blocking
Today's internet experience is, let's say it out loud, mostly wrecked by online-advertisement. I think it's a good idea to filter them out at the gate or your home network.
Why?
- ADs are useless bytes that needs to be downloaded in addition to the content you want to see, and they are usually many times more bytes that the content iself. Specially with video-ads, you might be downloading megabytes of useless data. This is a concern on data-caps but also on the environment (wasted power and such)
- ADs can carry malwares and viruses, even safe web sites cannot control which ADs are server by the ADs networks
- ADs can make a mess of a webpage and seriously disrupt it's content flow
- ADs can and will track you and your browsing habits
How ADs are served
Back in times ads where mostly some text-only links provided by Google (when it was still close to the don't do evil motto). Today ads are a mess of videos, text, porno, malaware, virus stuff brought you by independent ads networks. The website you are browsing has no control on what ads are offered to you (and they don't even see them) and often not even the ads networks really know what they are serving, because of shitty advertisers.
There are different kinds of ads:
- Browser ads: easy filtered at DNS level
- App's ads (like in mobile apps): easily filtered at DNS level
- Embedded ads (like in YouTube videos): cannot be filtered at DNS level
I will show you how to filter out all ads at DNS level. This will not get rid of embedded ads, but luckly those are very limited. You can solve also that issue by using things like uBlock Origin or using non-official apps. Using embedded ads is not common, and it will not become common anytime soon, so you should be good to go.
DNS based ADs block
You have already installed the DNS service to manage your home network DNS (and DHCP), so you can easily use it to filter ads as well.
First of all you need a good, comprehensive and up-to-date block list. I suggest you using the official OISD blocklist, but there are tons out there for you to pick and choose. Just check out that your preferred supplier use the format you need (Unbound or DNSMasq).
Ad Blocking with Unbound
Download the block list for the first time by hand:
wget 'https://big.oisd.nl/unbound' -O /etc/unbound/adservers.conf
Just add a cron task to daily update your blocklist. Add the following line:
0 0 * * * wget 'https://big.oisd.nl/unbound' -O /etc/unbound/adservers.conf
to root's crontab:
crontab -e
To add this block list to Unbound, you need a row in the unbound configuration file like:
include: /etc/unbound/adservers.conf
as i have already shown you in the Unbound setup page, and you are all set.
Ad Blocking with DNSMasq
DNSMasq support two different ways to add blocklist. One is via custon hosts files, the other is via custom configuration files. OISD blocklists are in configuration files format.
To use hosts format, just download your file and put it somewhere (i will assume /etc/adblock.hosts) and add the following line to your /etc/dnsmasq.conf:
addn-hosts=/etc/adblock.hosts
and reload dnsmasq.
To use configuration format, create a folder called /etc/dnsmaq.d put your file inside and add the following to your /etc/dnsmasq.conf:
conf-dir=/etc/dnsmasq.d,*.conf
this will load any file with .conf extension in that folder.
Now you need to download the OISD blocklist in that folder.
mkdir /etc/dnsmasq.d wget 'https://big.oisd.nl/dnsmasq2' -O /etc/dnsmasq.d/oisd.conf /etc/init.d/dnsmasq reload
This will work in addition to the AdGuard DNS you have already setup, but this will prevent any query going out to AdGuard for those domain. This is even more efficient.
For automatic updates, just add a cron task to daily update your blocklist. Add the following line:
0 0 * * * wget 'https://big.oisd.nl/dnsmasq2' -O /etc/dnsmasq.d/oisd.conf
to root's crontab:
crontab -e
and you are all set.