ad blocking
- Thread starter ducky124
- Start date
shabbs
Very Senior Member
D
Deleted member 62525
Guest
By far, IMO the easiest way is to block ads and malware is to use Unbound DNS with RPZ. Its fast, flexible, very stable, uses small memory/cpu and runs on anything. You don't get the flushy graphs or management console but it works.
ColinTaylor
Part of the Furniture
Original? This technique had been in common use at least 15 years before the existence of PiHole.
shabbs
Very Senior Member
Before I discovered pi-hole... this was my go to:
Updating hosts files with that list.... good times. Not elegant, but did work.
Tech9
Part of the Furniture
Correct. The idea for stand alone solution that works with every router. I believe it's still the most popular one.
I have a B+ from 2013 and 2B in 2015. I swapped in new high quality SDs when I setting them up and they've just run. I've periodically image copied the SDs just in case. I've gone through long periods where I forgot about them "doing their thing", sometimes have to pause to remember the credentials.
jtp10181
Senior Member
I used to use Diversion a long time ago but it was starting to crush my old AC56U so I switched to Pi-Hole on a VM on an old laptop. Recently got some older mini-PCs for free and also a new AX68U. Decided to switch to AdGuard Home on the new mini PC server setup to test it out.
I would say Diversion is a good start for basic DNS blocking, simple to setup and use. Nothing flashy, it just works.
AdGuard Home has a nice web interface but the custom filtering can be a little complex (but more powerful) if you want to just key it in by hand.
AdGuard also puts out some nice stats if you like that kind of thing.
I think in the end they can both use similar lists and block domains in a similar way.
I would say Diversion is a good start for basic DNS blocking, simple to setup and use. Nothing flashy, it just works.
AdGuard Home has a nice web interface but the custom filtering can be a little complex (but more powerful) if you want to just key it in by hand.
AdGuard also puts out some nice stats if you like that kind of thing.
I think in the end they can both use similar lists and block domains in a similar way.
spicynujac
New Around Here
I am fanatical about eliminating ads.
Network-wide (hardware) ad blocking is the only way to broadly block ads and spam, including banner ads on apps on your phone, google and facebook embedded ads, and ad trackers.
I see zero ads, until I leave home, then I will see ads for things I have been searching while at home (from cookies).
My blocking is so severe that I can't even access referral / redirect links.
I too am interested in the OP's question. My current setup:
1) Netgear R7000 running FreshTomato AdBlock script (running as a LAN switch only, using ASUS Merlin Wifi router, and network drive host/media server)
2) DNS managed by a Raspberry Pi running PiHole, blocking domain name lookup requests to known ad sites
It seems that both my methods are using DNS blocking / masking, so I could probably eliminate the older FreshTomato.
The only thing that isn't blocked fully by the above are youtube ads.
I also use browser add ons like ublock Origin, Adblock, AdNaseum, and Ghostery as well.
If you see some of the screenshots from pi hole posted above, one user has over 43% of network traffic blocked as spam/ads. You can actually double your internet speeds just by bypassing ads!
From what I can see Diversion and Unbound are two options for AsusMerlin. But they are using the same DNS blocking scheme.
Is there any added benefit these would give you, above and beyond the Pi Hole?
I understand OP is hesitant to use a Pi Hole, but I *HIGHLY* recommend it. One time purchase of around $60, and it is 100% dedicated to running as a DNS server, so there's no impact to your main router's performance. Also highly configurable and well supported / updated. I don't think I've rebooted or touched mine in 3 years. It just works.
Network-wide (hardware) ad blocking is the only way to broadly block ads and spam, including banner ads on apps on your phone, google and facebook embedded ads, and ad trackers.
I see zero ads, until I leave home, then I will see ads for things I have been searching while at home (from cookies).
My blocking is so severe that I can't even access referral / redirect links.
I too am interested in the OP's question. My current setup:
1) Netgear R7000 running FreshTomato AdBlock script (running as a LAN switch only, using ASUS Merlin Wifi router, and network drive host/media server)
2) DNS managed by a Raspberry Pi running PiHole, blocking domain name lookup requests to known ad sites
It seems that both my methods are using DNS blocking / masking, so I could probably eliminate the older FreshTomato.
The only thing that isn't blocked fully by the above are youtube ads.
I also use browser add ons like ublock Origin, Adblock, AdNaseum, and Ghostery as well.
If you see some of the screenshots from pi hole posted above, one user has over 43% of network traffic blocked as spam/ads. You can actually double your internet speeds just by bypassing ads!
From what I can see Diversion and Unbound are two options for AsusMerlin. But they are using the same DNS blocking scheme.
Is there any added benefit these would give you, above and beyond the Pi Hole?
I understand OP is hesitant to use a Pi Hole, but I *HIGHLY* recommend it. One time purchase of around $60, and it is 100% dedicated to running as a DNS server, so there's no impact to your main router's performance. Also highly configurable and well supported / updated. I don't think I've rebooted or touched mine in 3 years. It just works.
Tech9
Part of the Furniture
Is limiting yourself a good thing?
Not traffic, but DNS queries. Pi-hole doesn't count traffic.
macster2075
Very Senior Member
I too have pihole setup and using OpenDns as the upstream. I am thinking of installing Unbound as resursive dns for more privacy..but...
My question is this..
What is the difference between setting up Unbound and OpenDns as the upstream compared to the way I have it now which is running pihole with OpenDns as upstream, but unbound is not installed?
Tech9
Part of the Furniture
One extra unnecessary step. Pi-hole's dnsmasq based own DNS server already does upstream forwarding quite well.
macster2075
Very Senior Member
I was just asking because I read when using Unbound, to set 127.0.0.1#5335 as the upstream dns server in Pihole.
If I want more privacy, does this mean I shouldn't be using ANY other upstream dns server than 127.0.0.1 (for Unbound)?
But, if I use OpenDns as the upstream, then I defeat the privacy purpose?
If I want more privacy, does this mean I shouldn't be using ANY other upstream dns server than 127.0.0.1 (for Unbound)?
But, if I use OpenDns as the upstream, then I defeat the privacy purpose?
Last edited:
Tech9
Part of the Furniture
Well... read first what 127.0.0.1 address is.
If you want OpenDNS as your upstream DNS server you don't need Unbound as forwarder to the same OpenDNS upstream DNS server. You already have it via FTL DNS (Pi-hole's own DNS server based on dnsmasq). It makes more sense to use Unbound as resolver in your case, not forwarder. When running DNS leak tests you'll see your own WAN IP address assigned by your ISP DHCP server.
Test here:
dnscheck.tools - check your dns resolvers
A tool to test for DNS leaks, DNSSEC validation, and more
dnscheck.tools
macster2075
Very Senior Member
Right.. the 127.0.0.1 is a loopback address and it's not a DNS address. I was pointing out what the instructions says to use in that field.
So this means, I would only see a benefit when using Unbound without setting an upstream DNS server, right?
The moment I use an upstream DNS server, then I lose that privacy since I would be sharing my queries with OpenDns?
So this means, I would only see a benefit when using Unbound without setting an upstream DNS server, right?
The moment I use an upstream DNS server, then I lose that privacy since I would be sharing my queries with OpenDns?
Tech9
Part of the Furniture
What privacy are you talking about? I'm getting sick of privacy ideas, honestly.
Run Unbound as resolver and spread your "privacy" to 10+ servers, if you want.
macster2075
Very Senior Member
What i mean is.. not letting third parties see my dns queries. Supposedly, Unbound helps with that.
I just wanted to see if whether or not I would benefit from using Unbound since I will also use OpenDns (third party) for content blocking.
Commonsense tells me, no. I would get no benefit if I want to keep my queries private...I would have to NOT use OpenDns as upstream.
I just wanted to see if whether or not I would benefit from using Unbound since I will also use OpenDns (third party) for content blocking.
Commonsense tells me, no. I would get no benefit if I want to keep my queries private...I would have to NOT use OpenDns as upstream.
Tech9
Part of the Furniture
If all your DNS queries are forwarded to OpenDNS they obviously have all your browsing history. It doesn't matter if Unbound, dnsmasq or something else is forwarding your queries to OpenDNS. Your ISP also has pretty god idea what you connect to because they connect you to the servers, remember? They don't need to see exactly your DNS queries - they have the IP addresses. If you need total privacy - Unplug is the one to use.
Similar threads
Diversion
Diversion help
Similar threads
Similar threads
-
-
Time Scheduling blocking internet access on newest firmware
- Started by BrimoXD99
- Replies: 9
-
-
-
-
Blocking GoogleDNS & others via Diversion, Firewall-NSF &/or static routing
- Started by Dux
- Replies: 11
-
-
Latest threads
-
-
-
-
ASUSwrt DNSMASQ service can't be restarted
- Started by pseu_asus
- Replies: 1
-
2tb ssd with external power go offline during copy
- Started by corrykof
- Replies: 12
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!