Difference between revisions of "Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up Ad blocking with dnsmasq"

From bering-uClibc
Jump to: navigation, search
(Manual setup)
(References)
Line 71: Line 71:
 
   
 
   
 
  ...
 
  ...
 +
 +
==Testing==
 +
 +
You want to see if this works, well try this command on any Linux machine you might be fortunate enough to have at your disposal on your network:
 +
 +
$ time nslookup 101com.com
 +
 +
Server: 192.168.1.254
 +
Address: 192.168.1.254#53
 +
 +
** server can't find 101com.com: NXDOMAIN
 +
 +
real 0m0.030s
 +
user 0m0.004s
 +
sys 0m0.012s
 +
 +
Good so far, it is a non existant domain.
 +
 +
The "real 0m0.030s" measures the first time response for this server, let's do a second "time nslookup 101com.com" to see with the cache what is the response time.
 +
 +
time nslookup 101com.com
 +
Server: 192.168.1.254
 +
Address: 192.168.1.254#53
 +
 +
** server can't find 101com.com: NXDOMAIN
 +
 +
real 0m0.014s
 +
user 0m0.005s
 +
sys 0m0.005s
 +
 +
We are now down to 14 msec response time...
  
  

Revision as of 21:56, 19 November 2016

Setting Up Ad blocking with dnsmasq
Prev Bering-uClibc 5.x - User Guide Next


Objectives

There is a lot of info on the net about setting dnsmasq to block advertisements, trackings, etc.. LEAF Bering-uClibc5.x comes with dnsmasq already installed, so here is a quick guide that shows a simple setup that will filter out advertisements sites from web pages on your networked devices, how lucky can we get !

Manual setup

(treading carefully :-))

Enter the command:

wget -O - http://pgl.yoyo.org/as/serverlist.php?hostformat=dnsmasq-server | grep server= > /root/tmpfile.list


Check the file /root/tmpfile.list, you should have a list of servers with the following format:

server=/101com.com/
server=/101order.com/
server=/123found.com/
...
server=/zeusclicks.com/
server=/zintext.com/
server=/zmedia.com/
server=/zv1.november-lax.com/

Then:

cp /root/tmpfile.list /etc/dnsmasq.d/addblock.list

Edit /etc/dnsmasq.conf and enter near the end:

conf-dir=/etc/dnsmasq.d

Restart dnsmasq with:

/etc/init.d/dnsmasq restart

That's it, all the nasty ads should be gone ! (well a bunch of them !)

Hum yeah ! don't forget to save your configuration, a simple:

lrcfg and s) Save configuration

will suffice.

References

...
In dnsmasq "address" and "server" do different things.
address=/example.org/127.0.0.1 would return 127.0.0.1 for any DNS queries for example.org and any subdomains.

server=/example.org/127.0.0.1 tells dnsmasq to forward any DNS queries for example.org or subdomains to a DNS server located at the 127.0.0.1 IP.

So "address" should be used if you're going to supply an IP that the domain resolves to.

Using server=/example.org/ (without any IP) makes the dnsmasq server authoritative for that domain. It will then look in its own /etc/hosts (and DHCP leases) file to see if the domain has an IP listed. If not then it'll respond with an NX Domain.

I personally think this is a more elegant solution than responding with an IP, as there's no chance of this potentially causing delays as the browser attempts to pull ads from the resolved IP, but some people prefer the IP method so they can run a webserver serving transparent gifs.

...

Testing

You want to see if this works, well try this command on any Linux machine you might be fortunate enough to have at your disposal on your network:

$ time nslookup 101com.com

Server:	192.168.1.254
Address:	192.168.1.254#53

** server can't find 101com.com: NXDOMAIN

real	0m0.030s
user	0m0.004s
sys	0m0.012s

Good so far, it is a non existant domain.

The "real 0m0.030s" measures the first time response for this server, let's do a second "time nslookup 101com.com" to see with the cache what is the response time.

time nslookup 101com.com
Server:		192.168.1.254
Address:	192.168.1.254#53

** server can't find 101com.com: NXDOMAIN

real	0m0.014s
user	0m0.005s
sys	0m0.005s

We are now down to 14 msec response time...


The usual "Enjoy" takes a whole new lot of sense now !



Prev Up Next