Hello folks! There has been an increasing pace of changes over the last couple of years or so to adblock, simple-adblock (now adblock-fast), adblock-lean, and dnsmasq packages (not to mention nftables). I'm a little lost as to what package is best for what scenario.
I've been using adblock (dnsmasq) along with a couple well-performing unfiltered (non-ISP) public DNS servers as the upstream resolvers, but it would be nice if I could get the same functionality with better performance in these other packages.
Has anyone recently tested/compared the performance of adblock, adblock-fast, and adblock-lean?
I'm asking in general terms so others on the forum with different hardware than me may also be able to use this information.
Yeah, if someone volunteers to test these and post the outcome, it would be amazing! Maybe you can do it @hurmo?
I'd say stick with what you're familiar with, unless you have time/desire to experiment with and learn about other packages.
I'd also like to point out that https-dns-proxy can also be considered an ad-blocking package -- you can use any of the ad-blocking resolvers and for some of them there are customization options to pick and choose what specifically you want to block. And the beauty of it is that you don't have a powerful router with a lot of RAM to use ad-blocking.
Update on 2024'04'22:
While I was working on this reply to a generic OpenWrt name resolution question, I've realized that there's one pretty substantial difference between the three packages mentioned by the OP and even https-dns-proxy when used with the adblocking resolver. The adblock contains the collection of the block-lists curated by author, from the glimpse at the README they are even grouped into categories. If you use adblock-lean, the pre-made block-list (or rather the dnsmasq-config file) is curated by whoever produces/maintains the list. Similar with the https-dns-proxy you can select the adblocking resolver (some may be customizable to a point), but it's essentially what the DoH resolver selects for the block-list.
The goal/design of the adblock-fast is to allow the easiest customization so you could add/delete the blocked or allowed domains/lists, however if you want the curated/categorized lists, you may be better off using adblock, adblock-lean or https-dns-proxy with customizable adblocking DoH resolver or if you just want to use the prepared dnsmasq-config file, you can use either adblock-fast in non-processing mode or adblock-lean.
Adblock always worked for me. The ram requirements seem exaggerated. (I dunno if Adblock too uses the method as adblock-lean.)
Simple-adblock never worked for me. (Now, I’m gonna admit it would probably work fine if I spent 5mins figuring it out) it also seemed to be not that «simple» after all and required more dependencies, while having less features.
Since adblock works fine for me and I have enough RAm, I never had any reason to try out adblock-lean (not that I’m totally against it but there’s also no luci package).
I use adblock together with https-proxy and banip. Lists update one a week. Just works and I never have to mess with it ever. Others may have a different experience.
use adguard home instead all of it, it just superior performance/stability etc..but uses a lot of space if you have space for additional lists, or at least you have usb-stickable router, you should use AGH.
p.s. if you would have questions how to move adblock lists to usb stick, i will help you, just Reply this message
Things like cosmetic filter and ads loading can be blocked by browsers, otherwise whatever domains are in red, just stop allowing them or put them into blocked domains to get to 100%.
A lot of these seem to be browser-dependent, as there are certain things (like flash banners or animated gifs) which can be easily blocked by browser extensions and not so easily (or just impractical) blocked on the router. If you want to get 100% on that you also need to add browser ad-blocking extensions.
AGH may be superior in reporting and Pi-hole may be superior in speed, but there's nothing AGH/Pi-hole can do that adblock/adblock-fast can't with regard to blocking. Even more so with adblock as it supports a wider range of block-list formats than adblock-fast does AFAIK.
They all take the domain name in and decide wherever to reply with the actual IP address for it or reply it doesn't exist (or can't be resolved) if the domain is in the block-list.
As much as it will be a privacy sacrifice, I believe the future is with the DOH/DOT resolvers with ad-blocking built in tho. Just like gmail can detect/react to spam/scam emails better just because of the sheer volume of emails it processes than a standalone mail server for a limited amount of users, if any of the DOH/DOT resolvers want to seriously get into ad-blocking, they can deliver a superior (but less private) solution than any ad-blocking running on distributed devices.
mitm certificate + privoxy can block almost as much as uBlock origin. But it requires some extra skills and there was a bug (or just a compilation option) in openwrt builds.
To prove the point and demonstrate the idea you can run privAxy (requires no installation and can be used as a proxy): https://github.com/Barre/privaxy
Thanks all, this is exactly the sort of well-rounded discussion that I was hoping for! For some reason I was under the impression that adguard home required the use of a paid adguard account, so I had never even looked into it until right now!
Based on the discussion, I'm going to proceed with switching from adblock to adguard home! Will come back and post any useful information here
I've been using both Tinyproxy (for select client) and AdGuard Home (network-wide) on the router. From what I saw, the proxy captures a lot, but not all the client's DNS requests (before these go to a DNS resolver, AGH in my case). But it definitely does capture all the browser requests from a client.
This is an interesting software. From the first glance the idea of filtering outside of a browser seems similar to what AdGuard for Windows does (which can do traffic filtering, also HTTPS filtering).
AdGuard Home is free, their other apps are not. Probably because AGH is not that easy to set up AFAIK, AGH is the only app they have which can be used on Linux systems.
I'd rather benchmark it in milliseconds of introduced delay. It's far more important than RAM or storage. In case of a router if it's enough it's enough. Doesn't matter if it takes 30% or 60% of it.
for me I had some routers with limited cpu and ram, what saved me was the work of @Lynx and @Wizballs with adblock-lean I use it in combination of
dnscrypt-proxy-2
before that I was using adblock-fast I think you should definitly test it too.
and when I started to learn openwrt my first option was adblock because one developer "Notengobattery" included the package in a custom firmware for a specific router that I have.
So eventually I migrated from one to another, but I think one you think to considerate is your current hardware and use the right tools, I think if your router is very limited with cpu and hardware is adblock-lean because I'm using a very limited hardware. Don't expect a GUI in LuCi or something fancy, mostly is terminal and scripts.
If you want to see more details or lists, you should consider adblock or adblock-fast if your router resources allows it.
In general I think you should give and test yourself the three options.
Measure delay introduced to DNS requests by your router and compare it to dns.adguard-dns.com. If latter is faster then what's the point of using local DNS filter?
