Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

DNS & Adlist

Post Reply
 
Faceplate5158
just joined
Topic Author
Posts: 14
Joined: Sun Jan 14, 2024 12:44 am

DNS & Adlist

Mon Mar 17, 2025 12:03 am

Hi,
I've just bought a Hex S for my home network and all is working well, in general. Some questions about the DNS resolver & new adlist feature (am on 7.18):

- I use the Steven Black list as per the docs, 132k entries loaded, however CNAME records still resolve:
Code: Select all
me@pc:~$ host api.taboola.com
api.taboola.com has address 0.0.0.0
api.taboola.com has IPv6 address ::
api.taboola.com is an alias for tls13.taboola.map.fastly.net.
... so some adverts are still getting through - is there anything I'm missing here? I've cleared the cache, yet the above domain always seems to re-resolve and appear back in the cache.
- as has been mentioned previously on some posts, when using DoH, docker containers within the network cannot resolve local static entries - am I missing something obvious here?
- am i better off turning off remote requests on the built in resolver and offloading all the DNS to a pihole LXC container with static entries for my local servers as it seems the DNS/adlist functionality is all relatively new?

Otherwise, great bit of kit. Wireguard server & client/several VLANs/etc all configured and running excellently.
Top
 
Faceplate5158
just joined
Topic Author
Posts: 14
Joined: Sun Jan 14, 2024 12:44 am

Re: DNS & Adlist

Tue Mar 18, 2025 5:18 pm

I've offloaded DNS to a pihole + unbound and the adblocking is working much better. Curious to know what others are doing?
My Hex S unfortunately doesn't support containers so I'll always need another place for pihole to live until Adlist gets some improvments. Or maybe I send it back for an RB5009...
Top
 
Josephny
Forum Guru
Forum Guru
Posts: 1226
Joined: Tue Sep 20, 2022 12:11 am
Location: New York, USA

Re: DNS & Adlist

Tue Mar 18, 2025 6:10 pm

I am not at all an expert, but I just enabled adlist and found the recommended/default stevenblack list prevented access to some web sites.

See here:

viewtopic.php?t=215635
Top
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1595
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: DNS & Adlist

Tue Mar 18, 2025 6:52 pm

I am not at all an expert, but I just enabled adlist and found the recommended/default stevenblack list prevented access to some web sites.

See here:

viewtopic.php?t=215635
But you are Forum guru :D

@OP it all depends on which blocklists do you load. I loaded same blocklist from my adguard to my RB5009 and it's working just as it did on adguard.
Top
 
Faceplate5158
just joined
Topic Author
Posts: 14
Joined: Sun Jan 14, 2024 12:44 am

Re: DNS & Adlist

Tue Mar 18, 2025 6:57 pm

Thanks, yeah I had enabled it too and it works on some sites/adverts, but I'm finding the opposite problem - too many are still getting through via CNAME resolution (original post has the host command I used, against api.taboola.com which is listed in the stevenblack list and does get removed with A record lookups).

The pihole / unbound solution is much more effective. Hopefully Adlist will catch up some day.
Top
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1595
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: DNS & Adlist

Tue Mar 18, 2025 6:59 pm

It's a quite a new feature. I believe Mikrotik will continue to work on it.
Top
 
Faceplate5158
just joined
Topic Author
Posts: 14
Joined: Sun Jan 14, 2024 12:44 am

Re: DNS & Adlist

Tue Mar 18, 2025 7:33 pm

Thanks - yeah i see it's a newish feature.
I'm learning that the feature I'm referring to is called Deep CNAME inspection, and was implemented in pihole v5.0 in 2020. Big discussion here https://discourse.pi-hole.net/t/apply-p ... es/25445/1, release notes https://pi-hole.net/blog/2020/05/10/pi- ... ge-content
Not trivial!
Top
Post Reply
  4. RouterOS
  5. Beginner Basics