Adblocking with address lists

RouterOS General
1

Hi all,

I’m trying to implement some form of adblocking at router level for the whole network but I’m running into some issues. I have a Hex Lite (rb750gr3)

Firstly, i tried setting up a big list of static DNS entries and blocking that way but that quickly went out of the window as you can’t really add more than say 30,000 entries into the list without causing significant performance issues. However, the approach seems to work fairly well.

I then saw some ideas about implementing the adblocking lists as an addres list - here I found I was able to add a lot more entries without too many noticeable issues. The problems I have run into seems to be that when you add an entry to the address list as a hostname - it attempts to automatically resolve to IP address to work with (dynamic entries?). This is great, but for a few blocklists I’ve come across, there appears to be some false positives from address resolution. I don’t seem to have any control over how often the names resolve or anything like that. I’m finding that browsing is very unpredictable - there are periods where I cannot access some major sites e.g. Google and then suddenly something changes and then I can access again (without doing anything to the router).

I guess the answer is to use a more reliable blocklist - I’ve tried many so far but as soon as I use hostname entries, this dynamic resolution seems to be causing issues and it makes it quite hard to track down what is what.

Is anybody out there implementing any adblocking lists like this? I am trying to implement Steven Black’s unified hosts but this gives me the most headaches (https://github.com/StevenBlack/hosts). I find that If I use lists which are just IP addresses (e.g. Peter Lowe’s list or Blocklister’s list), it works much better. The only problem is that the blocking is very ineffective - e.g. https://pi-hole.net/pages-to-test-ad-blocking-performance/ - the first add on the page still shows up). It would be good if anyone could point me in the direction of a good solid Mikrotik adblocking list and pointers as to if I should really be using address lists for this purpose as I cannot see how it can work reliably.

Thanks in advance

2

Hey

I think doing it on MT directly will be very inefficient, performance & accuracy wise.
Why don’t you try:

  • opendns allows to block ads
  • proxy (other than MT) with ad blocking enabled
  • on client, ex Opera does it out of the box
3

Thank you for your suggestions.

Are you sure about openDNS? I’ve just checked here: https://support.opendns.com/hc/en-us/articles/227986647-Can-I-Block-Advertisers-and-Ad-Servers- which states that they don’t offer this feature.

A proxy is a good idea also (possibly PiHole) but it involves another piece of equipment ergo more resources, etc.

On client you loose the ability to do this for all devices and is very difficult to manage once you have a lot of devices.

I see that there exists a lot of adblocking lists formatted for use with Mikrotik but I’m struggling to see how it can be implemented well. Maybe I’m just looking in the wrong places for the lists?

4

You’re correct, OpenDNS doesn’t do it. I did a quick search and got the impression they did, in error.

5

Pi-hole is running in low power usage, and not that expensive devices. Pi-hole also features Regex so Facebook and Google can be caught and blocked. Youtube advertising is not blockable by DNS.

6

Blocking adverts is simply stealing from content creators, and will lead to not having the content available.

7

suggest you contact this chap. He is quite knowledgeable at blocking crap, although the bad crap, advertising is just annoying LOL.
Mozerd
https://forum.mikrotik.com/memberlist.php?mode=viewprofile&u=108234

8

Use Pi-Hole, problem solved.

Beautiful ain’t it?