OpenWrt Forum Archive

Topic: DNS-based Ad Blocking

The content of this topic has been archived on 23 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I wanted a simple DNS-based ad blocking solution.

I set up uHTTPd to respond with a 1x1 pixel transparent gif for any invalid page requests. Since LuCI is set up on port 80 and 443 already, I simply added

option error_page '/1.gif'

to /etc/config/uhttpd  Any valid requests will still go to LuCI, but invalid requests will return a 1 pixel gif. I downloaded a 1x1 pixel transparent gif and put it into /www/

/usr/bin/wget -O /www/1.gif http://upload.wikimedia.org/wikipedia/commons/c/ce/Transparent.gif

And then restarted uHTTPd:

/etc/init.d/uhttpd restart

I saved this script to /etc/adblock.sh, but it could be stored anywhere:

#!/bin/sh
 
GIFSERVER=192.168.1.1
 
/usr/bin/wget -qO- http://mvps.org/winhelp2002/hosts.txt | /bin/grep -v -e localhost -e=feeds.feedburner.com | /bin/grep '^0.0.0.0' | /bin/sed "s/^0\.0\.0\.0\s*//" | /bin/sed 's/#.*$//' | /bin/sed 's/\s*$//' > /etc/hosts.block-1

/usr/bin/wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt | /bin/grep -v -e localhost | /bin/grep '^127.0.0.1' | /bin/sed "s/^127\.0\.0\.1\s*//" | /bin/sed 's/#.*$//' | /bin/sed 's/\s*$//' > /etc/hosts.block-2

/usr/bin/wget -qO- http://hosts-file.net/ad_servers.txt | /bin/grep -v -e localhost | /bin/grep '^127.0.0.1' | /bin/sed "s/^127\.0\.0\.1\s*//" | /bin/sed 's/#.*$//' | /bin/sed 's/\s*$//' | /bin/sed 's/\.$//' > /etc/hosts.block-3

/usr/bin/wget -qO- http://adaway.org/hosts.txt | /bin/grep -v -e localhost | /bin/grep '^127.0.0.1' | /bin/sed "s/^127\.0\.0\.1\s*//" | /bin/sed 's/#.*$//' | /bin/sed 's/\s*$//' > /etc/hosts.block-4

/bin/cat /etc/hosts.block-1 /etc/hosts.block-2 /etc/hosts.block-3 /etc/hosts.block-4 | /usr/bin/tr [A-Z] [a-z] | /usr/bin/awk -F "." '{for(i=NF; i > 1; i--) printf "%s.", $i; print $1}' | /usr/bin/sort -fn | /usr/bin/awk -F "." '{for(i=NF; i > 1; i--) printf "%s.", $i; print $1}' | /bin/sed "s/^/$GIFSERVER\t/" | /usr/bin/uniq >> /etc/hosts.block

/bin/rm /etc/hosts.block-1 /etc/hosts.block-2 /etc/hosts.block-3 /etc/hosts.block-4

This script basically downloads four different host lists of ad servers, replaces the ad servers IP addresses with the IP address of the OpenWRT box, and combines them into one file without duplicate entries. This script could be run with cron, or by hand like so:

/bin/sh /etc/adblock.sh

Take a look at /etc/hosts.block to see the result. Next I replaced the contents of /etc/dnsmasq.conf with the following:

addn-hosts=/etc/hosts.block
all-servers
bogus-priv
domain-needed
no-resolv
server=8.8.8.8
server=8.8.4.4

It adds the contents of /etc/hosts.block to the local DNS. All that is needed is to restart Dnsmasq:

/etc/init.d/dnsmasq restart

Now browsing the web (with or without a ad block browser extension) will result in a much cleaner browsing experience. It'll also be faster since the requests for ads will be handled locally.

The drawbacks are that many web sites out there depend on ad revenue and with this solution, you'd be depriving them of that revenue. Also, "sponsored" ads in Google searches don't work, but usually the URL can be modified to get to the expected site. Other than that, I've been using this solution in my home for several years, albeit with DD-WRT, Pixelserv, and Dnsmasq. Now that I've switched to OpenWRT, it's a much simpler solution than I'm used to.  :-)

(Last edited by ptb on 23 May 2015, 03:22)

Hi

PTB / anyone

What's the purpose of

keep-in-foreground    # do not go into the background at startup

Is it necessary? I can't make sense of it ... shouldn't it be a background daemon?

Is there a special purpose to it?

You're right, it should be a background daemon.  When I was running dnsmasq on Mac OS X, I used that directive to keep it from backgrounding so launchd could manage it. On OpenWRT, it should be removed.

- Peter

Thank you for sharing, but it's not working for me.. i still see the error "server rejected the connection".

It works for me. Also note that settings in /etc/dnsmasq.conf may be overridden by luci with its generated /var/etc/dnsmasq.conf so you may need to tweak those settings according to your requirement.

what's the $DNSSERVER=192.168.1.1 used for, shall I change to my local ip address or dns server address?

Thank you.

ptb wrote:

Now browsing the web (with or without a ad block browser extension) will result in a much cleaner browsing experience. It'll also be faster since the requests for ads will be handled locally.

I am extremely thankful that you have shared this technique for DNS ad-blocking with OpenWrt. I am a new member to this forum, but have followed the forum for quite some time. I was able to implement your DNS technique here a few months ago and it has been very successful as far as ad-blocking goes. Very efficient and fast as well. Web browsing has been great now since I don't have to rely on ad-blocking browser extensions slowing things down.

Not only have I implemented your technique for DNS ad-blocking, but in addition, I have also pointed the DNS servers at Norton DNS (ConnectSafe) to let Symantec do the heavy lifting as far as malware DNS filtering goes. It has been a great solution thus far and I will stick to it for a long time. Thank you so much for sharing. Cheers!

Is it possible to have another instance of uHTTPd running to serve the 1x1 pixel image?

What I mean is:

- uHTTPd running on 192.168.1.1 for normal LuCI functionality
- separate uHTTPd process running on 192.168.1.5 to serve 1.x pixel image to browsers

I just don't know if the {option error_page '/1.gif'} option in the uhttpd settings file would still work in this setup or if it would be specific to LuCI. Can someone help point me in the right direction for this? Thank you.

WildByDesign wrote:

1) Is it possible to have another instance of uHTTPd running to serve the 1x1 pixel image?

2)  What this mean is:

2a) uHTTPd running on 192.168.1.1 for normal LuCI functionality
2b) separate uHTTPd process running on 192.168.1.5 to serve 1.x pixel image to browsers

3) I just don't know if the {option error_page '/1.gif'} option in the uhttpd settings file would still work in this setup or if it would be specific to LuCI. Can someone help point me in the right direction for this? Thank you.

@WildByDesign,

1) Yes. You'd need to make that configuration. That instance, in theory, could run on the same machine, but that might be impractical.
2a) That statement means that the default setting (out-of-the-box) for the webserver - using LuCI as it's configuration engine is  192.168.1.1  This setting can be reconfigure a number of ways. The explanation would be out of the scope of this thread.
2b) Yes. You could have a separate machine doing this with ease. Doing it on the same machine requires a bit of research and work.
3)
Web Server Configuration (uHTTPd)
http://wiki.openwrt.org/doc/uci/uhttpd

LuCI – Technical Reference
http://wiki.openwrt.org/doc/techref/luci

OpenWRT Documentation
http://wiki.openwrt.org/doc/start

Index of many HowTOs
http://wiki.openwrt.org/doc/howto/start

Will that work for you?
Jesse

(Last edited by jessemonroy650 on 3 Feb 2015, 02:07)

The discussion might have continued from here.