Community discussions

MikroTik App
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Ad-blocking by static DNS (just don't do it)

Sun Aug 13, 2017 11:47 pm

Hey guys,

I found this site https://blocklister.gefoo.org/ads only ads and facebook lists are free on their main page. They look like they are doing a great job. The thing is I want something like uBlock Origin in my router. Right now, I'm using public Adguard DNS server (default), seems like itself alone doing a decent job on mobile phones (freeware games, facebook etc. can't see any ad). I want to improve this more with DNS static entries on Routeros because I still see sponsored ads on Instagram and Twitter etc.

What way should I follow? Above link has tons of entries, if I import them at once, does it make my rb951ui-2hnd crawl and freeze due to CPU and RAM overload?

Thanks.
Last edited by Xtreme512 on Wed Aug 16, 2017 8:42 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Ad-blocking in DNS

Mon Aug 14, 2017 1:28 am

Use an external DNS service that allows blocking, e.g. OpenDNS.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: Ad-blocking in DNS

Mon Aug 14, 2017 2:50 am

Use an external DNS service that allows blocking, e.g. OpenDNS.
I wrote already, I'm using Adguard DNS. Is OpenDNS better at ad blocking than Adguard? Can you also answer my above question, please?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Ad-blocking in DNS

Mon Aug 14, 2017 11:04 am

I don't know that service but I only mentioned OpenDNS because it is an external service, not a blocklist that could potentially affect your router performance.
 
whitbread
Member Candidate
Member Candidate
Posts: 119
Joined: Fri Nov 08, 2013 9:55 pm

Re: Ad-blocking in DNS

Mon Aug 14, 2017 12:46 pm

my experience is that external services like OPENDNS dont't really block the stuff I would rate as evil. So go for DNS blocking on your router or proxy with blocking rules.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: Ad-blocking in DNS

Mon Aug 14, 2017 7:02 pm

Adguard DNS is also an external public DNS service like Google's 8.8.8.8. https://adguard.com/en/adguard-dns/overview.html
Just alone itself doing wonders for my mobile phones in my network, just like I said above about freeware games and their ugly fullscreen ads, can't see them anymore.

How many DNS static entries I can enter to my board without overwhelming it?
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: Ad-blocking in DNS

Wed Aug 16, 2017 8:41 pm

Anyways, I tested this http://www.squidblacklist.org/downloads/tik-dns-ads.rsc which has 5K entries. It took half a min. or so for importing and It is OK for the memory as it took 20MB approx. but the thing is when browsing, CPU spikes up to 70%-80% and it is not ideal at all!

So I deleted those entries. After all, using Adguard public DNS does great job, it also has malware domains on their filter list (don't know if its good like Norton's DNS) but it must be a decent one.

I just entered 10 DNS static entries now, just specific for Twitter, YouTube and Google's sponsored ads etc. that I see on my mobile devices. I took a look on uBlock Origin's ad list for it.
 
User avatar
Ferrograph
Member Candidate
Member Candidate
Posts: 154
Joined: Wed Mar 07, 2012 4:05 am

Re: Ad-blocking by static DNS (just don't do it)

Fri Mar 09, 2018 3:18 pm

Im interested in this method of blocking stuff. Ive been experimenting with using a small list of well chosen names and "catch" words. After doing a bit of browsing on sites well know to be littered with ads and looking through the dns cache, I have good results with this small list. Not perfect by any means but Im looking to just block the most common stuff.

Perhaps a few of us can work on this and refine it? Its quite small currently and could grow a bit bigger without affecting performance - although lets face it there is going to be a hit but optimising the list will give good results without it being noticeable.

/ip dns static
add address=127.0.0.1 comment="Block Common Ads" regexp=cnbc7.com
add address=127.0.0.1 regexp=doubleclick
add address=127.0.0.1 regexp=liveadvert.com
add address=127.0.0.1 regexp=voluumtrk.com
add address=127.0.0.1 regexp=dynamic.dol.ru
add address=127.0.0.1 regexp=302br.net
add address=127.0.0.1 regexp=banner
add address=127.0.0.1 regexp=51yes.com
add address=127.0.0.1 regexp=s3xified
add address=127.0.0.1 disabled=yes regexp=switchads
add address=127.0.0.1 regexp=adns
add address=127.0.0.1 regexp="\\.ads"
add address=127.0.0.1 regexp="ads\\."
add address=127.0.0.1 regexp=adnxs
 
kakaxa
just joined
Posts: 15
Joined: Thu Feb 01, 2018 5:46 am

Re: Ad-blocking by static DNS (just don't do it)

Fri Mar 09, 2018 11:42 pm

I use https://stopad.kplus.pro/ for StopAD om my ROS

PS: site in russian
 
Nate998
just joined
Posts: 1
Joined: Sat Apr 28, 2018 7:55 am

Re: Ad-blocking by static DNS (just don't do it)

Sat Apr 28, 2018 8:57 am

Some observations regarding ad blocking in my experience.
Using Firefox,[and possibly chromecast], always use Ublock Origin and Decentraleyes on PC or android. Ublock lets you customize extra blocking of images you dont like on a page, and can be turned off on a per page basis. Decentraleyes minimizes content delivery volume.
Use static DNS in your router to apply filtering to all devices in your network. OpenDNS Family protects 17 content areas from porn to drugs using 208.67.220.123 and 208.67.222.123. Sadly, it does not filter ads. Adguard DNS Default + Safesearch does all at 176.103.130.132 and 176.103.130.134. [As of now, adguardDNS is offline temporarily.] If u want a way to filter global content on your android, use DNS66; it does selectable host files [Adaway one is minimal and effective;you can do multiple] and custom DNS servers. You get it using Fdroid...both are free.

I did notice by using Adguard DNS in my router that the big banner ad always on the right in the channels menu of my ROKU is GONE! kinda nice...
If you are willing to pay, the best for taking all ads out of everything including games for phones is Adguard Pro, but the setup is tedious... happy filtering...:)
 
User avatar
Ferrograph
Member Candidate
Member Candidate
Posts: 154
Joined: Wed Mar 07, 2012 4:05 am

Re: Ad-blocking by static DNS (just don't do it)

Tue Sep 18, 2018 12:13 pm

After some success and failures I refined my small list down to the following which covers a great deal of ads and stuff I dont want curious kids looking at. Extremely low impact on performance.Hope its useful.

/ip dns static
add address=127.0.0.1 comment="Block Some Bad Stuff" regexp=porn
add address=127.0.0.1 regexp=sex.com
add address=127.0.0.1 regexp=beeg.com
add address=127.0.0.1 regexp=redtube.com
add address=127.0.0.1 regexp=xhamster.com
add address=127.0.0.1 regexp=xvideos.com
add address=127.0.0.1 regexp=xnxx.com
add address=127.0.0.1 comment="Block Common Ads" regexp=cnbc7.com
add address=127.0.0.1 regexp=doubleclick.net
add address=127.0.0.1 regexp=liveadvert.com
add address=127.0.0.1 regexp=voluumtrk.com
add address=127.0.0.1 regexp=dynamic.dol.ru
add address=127.0.0.1 regexp=302br.net
add address=127.0.0.1 regexp=banner
add address=127.0.0.1 regexp=51yes.com
add address=127.0.0.1 regexp=s3xified
add address=127.0.0.1 regexp=switchads
add address=127.0.0.1 regexp=adns
add address=127.0.0.1 regexp="\\.ads"
add address=127.0.0.1 regexp="(\?<!lo)ads\\."
add address=127.0.0.1 regexp=adnxs
 
fastfallcon
just joined
Posts: 1
Joined: Fri Nov 23, 2018 6:29 am

Re: Ad-blocking by static DNS (just don't do it)

Fri Nov 23, 2018 6:45 am

ADGUARD Blocks ads fine with me :

Use these servers to block ads, tracking and phishing
176.103.130.130
176.103.130.131
Or use IPv6 addresses
2a00:5a60::ad1:0ff
2a00:5a60::ad2:0ff
Family protection
Default + blocking adult websites + safe search
176.103.130.132
176.103.130.134
Or use IPv6 addresses
2a00:5a60::bad1:0ff
2a00:5a60::bad2:0ff
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: Ad-blocking by static DNS (just don't do it)

Fri Nov 23, 2018 11:56 am

get piHole running on an RaspberryPi or on a VM... Fast & simple.

There are "public piholes" as well, like https://freek.ws/2017/03/18/public-pi-hole/

Ralf.
 
Temorizador
just joined
Posts: 16
Joined: Fri Aug 25, 2017 6:25 am

Re: Ad-blocking by static DNS (just don't do it)

Fri Nov 23, 2018 6:30 pm

Cleanbrowsing also has free ads service i use it on the wireless guest, it has malware, porn filtering, vpn filter too for you to bypass your ads is very good. regards
Filter	     Primary Address	Secondary Address	IPv6	DNS over TLS
Family Filter	185.228.168.168	185.228.169.168	2a0d:2a00:1::	family-filter-dns.cleanbrowsing.org
Adult Filter	185.228.168.10	185.228.169.10	2a0d:2a00:1::1	adult-filter-dns.cleanbrowsing.org
Security Filter	185.228.168.9	185.228.169.9	2a0d:2a00:1::2	security-filter-dns.cleanbrowsing.org

  
Family Filter
Blocks access to adult content, proxy and VPNs, phishing and malicious domains. It enforces Safe Search on Google, Bing and YouTube.

Adult Filter
Less restrictive than the Family filter and only blocks access to adult content and malicious/phishing domains.

Security Filter
Blocks access to malicious and phishing domains.[6][better source needed]

Who is online

Users browsing this forum: Majestic-12 [Bot] and 24 guests