What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ad blocking

Correct me if I am wrong someone, but wont setting that on the router just effect the upstream DNS the ROUTER itself uses? This will not change anything for the clients who get the two DNS servers via DHCP, they will still decide for themselves which one to use. The only way this would help is if you point your LAN clients to the router for DNS, then configure the router WAN DNS for your Pi and NextDNS. Bad thing doing that is it looks like every query comes from the router, which is exactly why I don't do that.
Exactly. This is the wrong way to setup the DHCP options IMHO as you lose control over which servers the clients use, and lose local name resolution and caching performance.

If there was a way to hand out the DNS via DHCP and tell the clients which one to use Primary and which is backup that would be awesome.
Which DNS servers the clients use from the DHCP supplied list is down to the client's behaviour, not the router.
 
I am fanatical about eliminating ads.
Network-wide (hardware) ad blocking is the only way to broadly block ads and spam, including banner ads on apps on your phone, google and facebook embedded ads, and ad trackers.
I see zero ads, until I leave home, then I will see ads for things I have been searching while at home (from cookies).
My blocking is so severe that I can't even access referral / redirect links.

I too am interested in the OP's question. My current setup:
1) Netgear R7000 running FreshTomato AdBlock script (running as a LAN switch only, using ASUS Merlin Wifi router, and network drive host/media server)
2) DNS managed by a Raspberry Pi running PiHole, blocking domain name lookup requests to known ad sites
It seems that both my methods are using DNS blocking / masking, so I could probably eliminate the older FreshTomato.
The only thing that isn't blocked fully by the above are youtube ads.

I also use browser add ons like ublock Origin, Adblock, AdNaseum, and Ghostery as well.
If you see some of the screenshots from pi hole posted above, one user has over 43% of network traffic blocked as spam/ads. You can actually double your internet speeds just by bypassing ads!

From what I can see Diversion and Unbound are two options for AsusMerlin. But they are using the same DNS blocking scheme.
Is there any added benefit these would give you, above and beyond the Pi Hole?

I understand OP is hesitant to use a Pi Hole, but I *HIGHLY* recommend it. One time purchase of around $60, and it is 100% dedicated to running as a DNS server, so there's no impact to your main router's performance. Also highly configurable and well supported / updated. I don't think I've rebooted or touched mine in 3 years. It just works.
Diversion and Unbound...I see both of these in use (presumably at the same time) in multiple sigs on this site. Usually with Skynet as well. Must be the "more is better" philosophy. Or is there something to it?
 
I mean, at least the publish their policy

Quad9 is pretty "open" as well. Look who's behind though. Where is the funding coming from and for what reason? Think about it.
 
Quad9 is pretty "open" as well. Look who's behind though. Where is the funding coming from and for what reason? Think about it.
Wasn't/isn't Microsoft behind Quad9? At least in the beginning I recall.
 
Microsoft doesn't need that. They already know more than everyone. One guy involved was jumping around and stopped by Microsoft. GCA is a sponsor. They even have Quad9 advertisement on their page. Read Who We Are, Funding Organizations. Looks like government services involvement to me.
 
Microsoft doesn't need that. They already know more than everyone. One guy involved was jumping around and stopped by Microsoft. GCA is a sponsor. They even have Quad9 advertisement on their page. Read Who We Are, Funding Organizations. Looks like government services involvement to me.
1670394176440.png
 
Diversion and Unbound...I see both of these in use (presumably at the same time) in multiple sigs on this site. Usually with Skynet as well. Must be the "more is better" philosophy. Or is there something to it?
Probably going off more is better. I am using just AdGuard Home on a separate LAN server. I had Pi-hole and Unbound setup at one point and ran a bunch of tests, performance was slower due to Unbound, which is to be expected. Didn't feel worth it to me, AGH by itself does everything I want it to do.

Exactly. This is the wrong way to setup the DHCP options IMHO as you lose control over which servers the clients use, and lose local name resolution and caching performance.
Which DNS servers the clients use from the DHCP supplied list is down to the client's behaviour, not the router.

Yeah, but I see it being recommended all the time. It is too bad there is no easy way to have a fail-over. Hmmmm...

What if you setup some sort of basic DNS server on the router (binding to another interface/IP) that just forwards everything to the main router IP.
Have a script that checks the main DNS server and if it fails it launches this redirector.

In DHCP you can set this DNS server second, clients will stop trying it once they figure out its normally dead, but if the main goes down and that one comes up they should all switch over right?
 
Last edited:
Probably going off more is better. I am using just AdGuard Home on a separate LAN server. I had Pi-hole and Unbound setup at one point and ran a bunch of tests, performance was slower due to Unbound, which is to be expected. Didn't feel worth it to me, AGH by itself does everything I want it to do.



Yeah, but I see it being recommended all the time. It is too bad there is no easy way to have a fail-over. Hmmmm...

What if you setup some sort of basic DNS server on the router (binding to another interface/IP) that just forwards everything to the main router IP.
Have a script that checks the main DNS server and if it fails it launches this redirector.

In DHCP you can set this DNS server second, clients will stop trying it once they figure out its normally dead, but if the main goes down and that one comes up they should all switch over right?
The problem I have noticed with all "fail-over" techniques is that they typically still require you to restart the setup to switch back to the primary, or clients will continue to use 'fail-over' until it fails-over to primary. If I still have to restart the dns, what was the point in failover since it is suppose to help prevent me from having to interfere. To me it is better to have redundancy and high availability-i.e. more than one pihole. In such configuration, I run three pihole in similar fashion and practically never have to adjust one of them. If I do have to adjust them, it doesn't interrupt the internet service or change the manner of filtering.
 
Last edited:
Never had any leak/block list getting through with minimal NextDNS DoT config. Something breaking the type=65 in Diversion (Quad9 DoT)
 

Attachments

  • 0E1A6686-F7F8-4F44-AED6-B5F55B12A203.png
    0E1A6686-F7F8-4F44-AED6-B5F55B12A203.png
    111.2 KB · Views: 91
The problem I have noticed with all "fail-over" techniques is that they typically still require you to restart the setup to switch back to the primary, or clients will continue to use 'fail-over' until it fails-over to primary. If I still have to restart the dns, what was the point in failover since it is suppose to help prevent me from having to interfere. To me it is better to have redundancy and high availability-i.e. more than one pihole. In such configuration, I run three pihole in similar fashion and practically never have to adjust one of them. If I do have to adjust them, it doesn't interrupt the internet service or change the manner of filtering.
I run two piholes (one Rasp Pi and one VM) for the same reason. Whenever I start hearing people talking about this stuff with home DNS setups, I just scratch my head. Just run 2, the clients will take care of connecting to the one that's up.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top