Difference between revisions of "Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up Ad blocking with dnsmasq"

From bering-uClibc
Jump to: navigation, search
(Prerequisites)
(Objectives)
 
(42 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Objectives==
+
{| summary="Navigation header" width="100%"
 +
! colspan="3" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up Ad blocking with dnsmasq|Setting Up Ad blocking with dnsmasq]]
 +
|-
 +
| width="20%" align="left"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Home Automation controller with heyu|Prev]]
 +
! width="60%" align="center" | [[Bering-uClibc 5.x - User Guide]]
 +
| width="20%" align="right"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Modifying initrd.lrp|Next]]
 +
|}
 +
----
  
There is a lot of info on the net about setting <code class="filename">dnsmasq</code> to block advertisements, trackings... etc. Bering-uClibcx.x comes with <code class="filename">dnsmasq</code> already installed, so here is a quick guide that shows a simple setup that will filter out advertisements sites from web pages on your networked devices, how lucky can we get !
 
  
==Prerequisites==
+
==Objectives==
  
  * You will need Bering-uClibc 5.x or higher.
+
There is a lot of info on the net about setting <code class="filename">dnsmasq</code> to block advertisements, trackings, etc.. LEAF Bering-uClibc5.x comes with <code class="filename">dnsmasq</code> already installed, so here is a quick guide that shows a simple setup that will filter out advertisements sites from web pages on your networked devices, how lucky can we get !
  * The <code class="filename">curl.lrp</code> package, add it in your <code class="filename">leaf.cfg</code> list of package.
+
  
 
==Manual setup==
 
==Manual setup==
====(treading carefully :-))====
+
*Enter the command:
  
Enter the command:
+
wget -O - http://pgl.yoyo.org/as/serverlist.php?hostformat=dnsmasq-server | grep server= > /etc/dnsmasq.d/adblock.list
  
curl -s -d mimetype=plaintext http://pgl.yoyo.org/as/serverlist.php?hostformat=dnsmasq-server > /root/tmpfile.list
+
*Check the file <code class="filename">/etc/dnsmasq.d/adblock.list</code>, make sure you have a list of servers with the following format:
  
Check your file tmpfile.list, you should have a list of server with the following format:
+
server=/101com.com/
 +
server=/101order.com/
 +
server=/123found.com/
 +
...
 +
server=/zeusclicks.com/
 +
server=/zintext.com/
 +
server=/zmedia.com/
 +
server=/zv1.november-lax.com/
  
server=/yieldlab.net/
+
*Edit <code class="filename">/etc/dnsmasq.conf</code> and enter near the end:
server=/yieldmanager.com/
+
server=/yieldmanager.net/
+
server=/... etc /
+
 
+
Then:
+
 
+
cp /root/tmpfile.list /etc/dnsmasq.d/addblock.list
+
 
+
Edit /etc/dnsmasq.conf and enter:
+
  
 
  conf-dir=/etc/dnsmasq.d
 
  conf-dir=/etc/dnsmasq.d
  
Restart dnsmasq with:
+
*Restart <code class="filename">dnsmasq</code> with:
  
 
  /etc/init.d/dnsmasq restart
 
  /etc/init.d/dnsmasq restart
  
That's it, all the nasty adds should be gone ! (well a bunch of them !)
 
  
Hum yeah! don't forget to save your configuration, a simple:
+
<big>That's it, all the nasty ads should be gone!</big> (Well a bunch of them!)
  
  lrcfg and s) Save configuration
+
 
 +
*Hum yeah! Don't forget to save your configuration, a simple:
 +
 
 +
  lrcfg  
 +
 +
s) Save configuration
  
 
will suffice.
 
will suffice.
 +
 +
==References==
 +
 +
 +
 +
Extracted from : https://www.reddit.com/r/openwrt/comments/3l7iy8/dnsbased_ad_blocking/cxj9k0q/?context=3
 +
...
 +
In dnsmasq "address" and "server" do different things.
 +
address=/example.org/127.0.0.1 would return 127.0.0.1 for any DNS queries for example.org and any subdomains.
 +
 +
server=/example.org/127.0.0.1 tells dnsmasq to forward any DNS queries for example.org or subdomains to a DNS server located at the 127.0.0.1 IP.
 +
 +
So "address" should be used if you're going to supply an IP that the domain resolves to.
 +
 +
Using server=/example.org/ (without any IP) makes the dnsmasq server authoritative for that domain. It will then look in its own /etc/hosts (and DHCP leases) file to see if the domain has an IP listed. If not then it'll respond with an NX Domain.
 +
 +
I personally think this is a more elegant solution than responding with an IP, as there's no chance of this potentially causing delays as the browser attempts to pull ads from the resolved IP, but some people prefer the IP method so they can run a webserver serving transparent gifs.
 +
 +
...
 +
 +
==Testing==
 +
 +
You want to see if this works, well try this command on any Linux machine or Mac you might be fortunate enough to have connected on your LEAF firewall:
 +
 +
$ time nslookup 101com.com
 +
You should get something like this:
 +
 +
Server: 192.168.1.254
 +
Address:192.168.1.254#53
 +
 +
** server can't find 101com.com: NXDOMAIN
 +
 +
real 0m0.030s
 +
user 0m0.004s
 +
sys 0m0.012s
 +
 +
*We get a non existant domain for 101com.com.
 +
*The "real 0m0.030s" measures the first time response for this server.
 +
*Let's do a second "time nslookup 101com.com" to see what is the new response time since 101com.com is now in dnsmasq cache:
 +
 +
time nslookup 101com.com
 +
 +
and we get:
 +
 +
Server: 192.168.1.254
 +
Address:192.168.1.254#53
 +
 +
** server can't find 101com.com: NXDOMAIN
 +
 +
real 0m0.014s
 +
user 0m0.005s
 +
sys 0m0.005s
 +
 +
We are now down to 14 msec response time... looks like it works faster, but your mileage may vary ! Anyway, this gives a rough guess of the delay this type of filtering generates.
 +
 +
 +
The usual "Enjoy" takes a whole new lot of sense now !
 +
 +
 +
 +
----
 +
{| summary="Navigation footer" width="100%"
 +
| width="40%" align="left"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Home Automation controller with heyu|Prev]]
 +
| width="20%" align="center" | [[Bering-uClibc 5.x - User Guide - Advanced Topics|Up]]
 +
| width="40%" align="right"  | [[Bering-uClibc 5.x - User Guide - Advanced Topics - Modifying initrd.lrp|Next]]
 +
|}
 +
 +
[[Category:Bering-uClibc 5.x]]
 +
[[Category:User Guide]]

Latest revision as of 20:28, 20 November 2016

Setting Up Ad blocking with dnsmasq
Prev Bering-uClibc 5.x - User Guide Next


Objectives

There is a lot of info on the net about setting dnsmasq to block advertisements, trackings, etc.. LEAF Bering-uClibc5.x comes with dnsmasq already installed, so here is a quick guide that shows a simple setup that will filter out advertisements sites from web pages on your networked devices, how lucky can we get !

Manual setup

  • Enter the command:
wget -O - http://pgl.yoyo.org/as/serverlist.php?hostformat=dnsmasq-server | grep server= > /etc/dnsmasq.d/adblock.list
  • Check the file /etc/dnsmasq.d/adblock.list, make sure you have a list of servers with the following format:
server=/101com.com/
server=/101order.com/
server=/123found.com/
...
server=/zeusclicks.com/
server=/zintext.com/
server=/zmedia.com/
server=/zv1.november-lax.com/
  • Edit /etc/dnsmasq.conf and enter near the end:
conf-dir=/etc/dnsmasq.d
  • Restart dnsmasq with:
/etc/init.d/dnsmasq restart


That's it, all the nasty ads should be gone! (Well a bunch of them!)


  • Hum yeah! Don't forget to save your configuration, a simple:
lrcfg 

s) Save configuration

will suffice.

References

Extracted from : https://www.reddit.com/r/openwrt/comments/3l7iy8/dnsbased_ad_blocking/cxj9k0q/?context=3

...
In dnsmasq "address" and "server" do different things.
address=/example.org/127.0.0.1 would return 127.0.0.1 for any DNS queries for example.org and any subdomains.

server=/example.org/127.0.0.1 tells dnsmasq to forward any DNS queries for example.org or subdomains to a DNS server located at the 127.0.0.1 IP.

So "address" should be used if you're going to supply an IP that the domain resolves to.

Using server=/example.org/ (without any IP) makes the dnsmasq server authoritative for that domain. It will then look in its own /etc/hosts (and DHCP leases) file to see if the domain has an IP listed. If not then it'll respond with an NX Domain.

I personally think this is a more elegant solution than responding with an IP, as there's no chance of this potentially causing delays as the browser attempts to pull ads from the resolved IP, but some people prefer the IP method so they can run a webserver serving transparent gifs.

...

Testing

You want to see if this works, well try this command on any Linux machine or Mac you might be fortunate enough to have connected on your LEAF firewall:

$ time nslookup 101com.com

You should get something like this:

Server:	192.168.1.254
Address:192.168.1.254#53

** server can't find 101com.com: NXDOMAIN

real	0m0.030s
user	0m0.004s
sys	0m0.012s
  • We get a non existant domain for 101com.com.
  • The "real 0m0.030s" measures the first time response for this server.
  • Let's do a second "time nslookup 101com.com" to see what is the new response time since 101com.com is now in dnsmasq cache:
time nslookup 101com.com

and we get:

Server:	192.168.1.254
Address:192.168.1.254#53

** server can't find 101com.com: NXDOMAIN

real	0m0.014s
user	0m0.005s
sys	0m0.005s

We are now down to 14 msec response time... looks like it works faster, but your mileage may vary ! Anyway, this gives a rough guess of the delay this type of filtering generates.


The usual "Enjoy" takes a whole new lot of sense now !



Prev Up Next