Adblock-lean: set up adblock using dnsmasq blocklist

BTW, this is an alternate method of whitelisting. local is a synonym for server and the trailing # says, “use the standard servers for this domain.”

1 Like

But isn't whitelisting the absence of a block line? Surely I'm being dense here, but with our allowlist we just ensure we don't have any blocks. So I'm trying to understand significance of line that is not a block but an allow.

@Wizballs likewise NXDOMAIN seems OK so far for me too. So maybe let's just stick with NXDOMAIN and park toggling for now, and see if demand for null IP emerges in the future.

In any case, it seems apt to me now to leave our check_dnsmasq with both the NXDOMAIN and null IP checks in place just to keep options open.

For my main DNS over TLS provider I actually just switched from CleanBrowsing to Cloudflare Family (, and webpage load times seem a little faster. I only just discovered that Cloudflare has an option for families.

1 Like

Yes, I was just offering a commentary on the example you posted. Plus I see that is how @dibdot processes whitelists in Adblock.

TL;DR Don’t mind me…

Not in the slightest. In my book you're one of Jedi Masters on this platform.

And crikey Charlie that's some serious complexity. @Wizballs take a look at the code @dave14305 just linked above.

1 Like

Not even close, but doing my best to catch up. You must be thinking of the “old dave14305”. :sauropod:

guys I'm testing your new version, on a linksys E5600 is more limited with ram but it is working fine I'm going to add a wireguard server soon. My report is working flawless at the moment.

I notice that OISD Big list for dnsmasq ver 2.86 uses this syntax is that okay?


HaGeZi uses


I just wonder if I can try to mix and match other lists to see the performance but so far is doing well (dnsmasq only).

This is my setup for this tiny router Linksys e5600

  • DNS HTTPS Proxy Settings DNSMASQ (this super enforces all the dns request and I get DoT/DoH to cloudflare)

  • DDNS to cloudflare

  • Adblock-Lean (blocking ads with dnsmasq) OISD + HaGeZi Pro

  • WireGuard Server (soon)

thank you again!

Thanks a lot for your report.

Yes we accommodate this difference and swap any instances of the latter to the former.

Yes we allow for this. Please try different combinations and let us know what works well.

Is this an alternative to DNS over TLS via stubby? I use the latter. Not sure what the difference is. Anyone?

Ace! Glad to hear this.

All running good here. Sent a small github pull request to save one step, and a few CPU cycles. See what you think.