paulgorman.org

Blocking Ads with DNS

I block advertisements (and malware and various other things) for all the clients on my network by running my own DNS server, and denying outbound DNS queries through the firewall for anything except that server. Pi-hole does roughly the same thing, but I use Unbound for DNS. Excepting adjustment of the Unbound config paths, the same setup runs on pfSense, OpenBSD, and Debian. Just install Unbound, and schedule a cron job to periodically run this shell script:

#!/bin/sh
set -euf

bl0=/tmp/ph-0-stevenblack-hosts
bl1=/tmp/ph-1-malwaredomains-justdomains
bl2=/tmp/ph-2-cameleon-hosts
bl3=/tmp/ph-3-zeustracker-domainblocklist
bl4=/tmp/ph-4-disconnect.me-simpletracking
bl5=/tmp/ph-5-disconnect.me-simpleads
bl6=/tmp/ph-6-hosts-file.net-adservers

# Pi-Hole lists found in https://github.com/pi-hole/pi-hole/blob/master/adlists.default
curl --silent --output "$bl0" https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
curl --silent --output "$bl1" https://mirror1.malwaredomains.com/files/justdomains
curl --silent --output "$bl2" http://sysctl.org/cameleon/hosts
curl --silent --output "$bl3" https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
curl --silent --output "$bl4" https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
curl --silent --output "$bl5" https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
curl --silent --output "$bl6" https://hosts-file.net/ad_servers.txt

if [ -s "$bl0" -a -s "$bl1" -a -s "$bl2" -a -s "$bl3" -a -s "$bl4" -a -s "$bl5" -a -s "$bl6" ]
then
cat "$bl0" "$bl1" "$bl2" "$bl3" "$bl4" "$bl5" "$bl6" "$bl7" "$bl8" | sort | uniq \
        | sed 's/^\.//'  \
        | sed '/^\s*$/d' \
        | sed '/^#.*/d'  \
                | sed '/^deviantart.com$/d' \
                | sed '/^docs.google.com$/d' \
                | sed '/^drive.google.com$/d' \
                | sed '/\.googleusercontent.com$/d' \
                | sed '/\.imgur.com$/d' \
                | sed '/^informit.com$/d' \
                | sed '/^pastebin.com$/d' \
                | sed '/^proboards.com$/d' \
                | sed '/^staticflickr.com$/d' \
        | awk '{print "local-zone: \""$1"\" redirect\nlocal-data: \""$1" A 127.0.0.1\""}' \
        | sed '1 i\
server:
' > /etc/unbound/unbound.conf.d/blacklist.conf
        /usr/sbin/unbound-control -c /etc/unbound/unbound.conf reload
fi

#dns

⬅ Older Post Newer Post ➡