Ad blocking with dnsmasq

Table of Contents

1 Why

Some people just hate adblockers like ublock other can't install them because 'reasons'. If you consider pi-hole bloated and sketchy you can use this as an alternative. Dns blackholing is much faster than any modern browser adblocker, ofcourse it blocks far less ads than any specialised tool.

2 Installation

First you'll need to install dnsmasq. 

yum install dnsmasq
yum enable --now dnsmasq

3 Configuration

# Make sure that line conf-dir=/etc/dnsmasq.d/,… is uncommented
conf-dir=/etc/dnsmasq.d/,*.conf # Include all files in a directory which end in .conf

In /etc/dnsmasq.d create two config files 10-config.conf and 20-block.conf 

domain-needed
bogus-priv
no-resolv
server=4.2.2.2 # Change dns servers to your liking or leave as is
server=1.1.1.1
interface=enp7s0 # Change network interface name
listen-address=127.0.0.1
cache-size=10000
log-queries
log-facility=/var/log/dnsmasq-adblock.log
local-ttl=300
log-async

conf-file=/etc/dnsmasq.d/domains.txt
addn-hosts=/etc/dnsmasq.d/hostnames.txt

Make sure you've configured logrotate. /var/log/dnsmasq-adblock.log can become huge. 

/var/log/dnsmasq-adblock.log {
        monthly
        missingok
        rotate 5
        compress
        copytruncate
        sharedscripts
        postrotate
                systemctl reload dnsmasq.service || true
        endscript
}

Now for the last and most important part block lists. I am using notracking/hosts-blocklists, they are generated daily from multiple sources and they are compatible with dnsmasq. You'll need to create lists-update.sh and make it executable. 

#!/bin/bash

# Logger entries are just for fun and you can remove them without any consequince
cd /etc/dnsmasq.d/
logger --journald <<end
MESSAGE_ID=b5390cad8d054b79b5edc97cc9758bc5
MESSAGE=[AD BLOCK] Removing old lists
PRIORITY=6
end
rm /etc/dnsmasq.d/*.txt
logger --journald <<end
MESSAGE_ID=b5390cad8d054b79b5edc97cc9758bc5
MESSAGE=[AD BLOCK] Updating dnsmasq ad blocking lists
PRIORITY=6
end
for URL in https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt
do
wget -q $URL
done

logger --journald <<end
MESSAGE_ID=b5390cad8d054b79b5edc97cc9758bc5
MESSAGE=[AD BLOCK] Applying updated lists
PRIORITY=6
end
systemctl reload dnsmasq

Now check config file for errors and restart dnsmasq. 

dnsmasq --test
systemctl restart dnsmasq

4 Usage

You will need to configure your wifi ac or router or network connection locally and select your server with installed dnsmasq as first dns server.

To test if everything is working as intended: 

$ drill <domain from blocklist>
…
;; ANSWER SECTION:
blocked.domain.com.   300     IN      A       0.0.0.0
…
$ drill i.ua 
…
;; ANSWER SECTION:
i.ua.   4023    IN      A       91.198.36.14
…
# Next queries will be much faster

That's it.

Most pages will load MUCH faster, some (one in a thousand for me) will become broken but why would you want to visit site which wouldn't even work without some ads or trackers.

5 Links

  1. uBlock Origin
  2. notracking/hosts-blocklists
  3. Pi-hole
  4. dnsmasq (Arch wiki)
  5. Same idea but with pi-hole blocklists

Author: Rajiv Parfenov <rajiv@nwesc.top>

Created: 2019-10-30 Wed 20:32

Validate