Arch Linux

xoma

Member

Registered: 2013-08-10

Posts: 17

Blocking web trackers/advertisers with pdnsd

Hi! I run my own dns server using pdnsd and I thought I would share the config file I wrote.  It has a small list of trackers and advertisers in it.  Any suggestions would be appreciated.  Also this will block Facebook and some Google services so keep that in mind.

// pdnsd configuration file

global {
	perm_cache=2048; # Amount of cache in kb
	cache_dir="/var/cache/pdnsd";
	run_as="pdnsd"; 
	server_ip = 127.0.0.1;
	status_ctl = on;
	paranoid = off;
	query_method=udp_only;
	run_ipv4=on;
	timeout=10;
	
}

server {
	label = "root-servers";
	root_server = discover; # Discovers more root servers
	randomize_servers = on; # Each server gets an equal chance of being selected
	
	ip =	198.41.0.4,	# Root server A
		192.228.79.201,	# Root server B
		192.33.4.12,	# Root server C
		199.7.91.13;	# Root server D
	uptest = ping;
	timeout=5;
	purge_cache=on;
	
}

# Blocked domains

neg { name = 4chan-ads.org; types = domain; }
neg { name = adsonar.com; types = domain; }
neg { name = adzerk.net; types = domain; }
neg { name = clicktale.com; types = domain; }
neg { name = clicktale.net; types = domain; }
neg { name = doubleclick.net; types = domain; }
neg { name = exponential.com; types = domain; }
neg { name = facebook.com; types = domain; }
neg { name = facebook.net; types = domain; }
neg { name = fbcdn.com; types = domain; }
neg { name = fbcdn.net; types = domain; }
#neg { name = google.com; types = domain; }
#neg { name = googleapis.com; types = domain; }
neg { name = googleadservices.com; types = domain; }
neg { name = google-analytics.com; types = domain; }
#neg { name = googlesyndication.com; types = domain; }
neg { name = kontera.com; types = domain; }
neg { name = quantserve.com; types = domain; }
neg { name = scorecardresearch.com; types = domain; }

jasonwryan

Anarchist

From: .nz

Registered: 2009-05-09

Posts: 30,426

Website

Re: Blocking web trackers/advertisers with pdnsd

Moving to Community Contributions...

---

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

xoma

Member

Registered: 2013-08-10

Posts: 17

Re: Blocking web trackers/advertisers with pdnsd

Moving to Community Contributions...

Sorry about that.  I get lost easily whenever I join a new forums.

WonderWoofy

Member

From: Los Gatos, CA

Registered: 2012-05-19

Posts: 8,414

Re: Blocking web trackers/advertisers with pdnsd

You can get a pdnsd formatted list of known bad sites.  There is only one list that I know of that offers this, and you can get it here.  So then you can save this as an additional file that gets sourced by the pdnsd.conf.

I used to use this method, but I moved away from pdnsd as I found that every so often I would get stale dns resolutions.  So now I use hostsblock from the AUR to generate a list /etc/hosts.block that is specified to get loaded by dnsmasq.  Hostsblock is just a set of scripts, but it features a whilelist and blacklist, and also includes a tool to see if a given site is being blocked by your current list.  In the event that it is, it gives you the option to unblock it, and it is supposed to restart dnsmasq, but recently it stopped doing that for me... not sure what went wrong.

xoma

Member

Registered: 2013-08-10

Posts: 17

Re: Blocking web trackers/advertisers with pdnsd

I didn't know that there already was a list like that for pdnsd.  Also thanks for telling me about hostsblock.

WonderWoofy

Member

From: Los Gatos, CA

Registered: 2012-05-19

Posts: 8,414

Re: Blocking web trackers/advertisers with pdnsd

It wouldn't be terribly hard to script out something that converts an /etc/hosts formatted file to pdnsd format either.

I think though that you can set pdnsd to actually load the /etc/hosts file.  So you could actually just create a monolithic ad-blocking hosts file that will get loaded by pdnsd.

graysky

Wiki Maintainer

From: :wq

Registered: 2008-12-01

Posts: 10,678

Website

Re: Blocking web trackers/advertisers with pdnsd

There are many little utils like this... on a related topic to this, if you use a router running TomatoUSB or the like, here is a very simple and powerful dns poisoning script you can run on the router itself thus protecting all devices and machines behind it to accomplish a similar blocking effect.

Last edited by graysky (2013-08-10 21:48:20)

---

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packages • Zsh and other configs

WonderWoofy

Member

From: Los Gatos, CA

Registered: 2012-05-19

Posts: 8,414

Re: Blocking web trackers/advertisers with pdnsd

Oh yeah, graysky's link reminds me, I also run kwakd (same concept as pixelserv) so that all my 127.0.0.1 redirects get served a single transparent pixel.

t0m5k1

Member

From: overthere

Registered: 2012-02-10

Posts: 324

Re: Blocking web trackers/advertisers with pdnsd

I use a mixture of squid3, adzapper, havp & ipblock works pretty well & with adzapper it will replace banners & advert images with those from your own webserver if you want.
This provides: traditional page caching, known advertisers blocked, google safe browsing protection, virus detection & IP blocking.
I implemented this because my connection is used by 3 others which is a 3g connection via 8.ta that has a bandwidth limit of 10Gb so the blocking & chaching really helps keep traffic down all of this is done within my pfsense router.

I wonder if I can get pdnsd on pfsense as well to reduce the dns traffic.

---

ROG Strix (GD30CI) - Intel Core i5-7400 CPU - 32Gb 2400Mhz - GTX1070 8GB - AwesomeWM (occasionally XFCE, i3)

If everything in life was easy, we would learn nothing!
Linux User: 401820  Steam-HearThis.at-Last FM-Reddit

WonderWoofy

Member

From: Los Gatos, CA

Registered: 2012-05-19

Posts: 8,414

Re: Blocking web trackers/advertisers with pdnsd

@t0m5k1, if you are going to use a DNS caching daemon, I would suggest using one that isn't persistent if it is for your router box.  Using pdnsd actually stores the cache to disk, whereas bind, dnsmasq, and others actually just store them to RAM.  So a simple reset of the box will clear the cache and get your started over in the event of stale dns issues.  For you, I would imagine that you could fix it by going into the box.  But since you share it with others, having a super simple way of fixing any issue (resetting) would probably be ideal.

Also, if you use the box as a dhcp server, then you can also use dnsmasq as a DNS caching daemon as well as a dhcp server at the same time, as it has both functionalities.

t0m5k1

Member

From: overthere

Registered: 2012-02-10

Posts: 324

Re: Blocking web trackers/advertisers with pdnsd

@Wonderwoofy

cheers for the advice. As I use pfsense many of what you mentioned is available as well so gonna check 'em out

---

ROG Strix (GD30CI) - Intel Core i5-7400 CPU - 32Gb 2400Mhz - GTX1070 8GB - AwesomeWM (occasionally XFCE, i3)

If everything in life was easy, we would learn nothing!
Linux User: 401820  Steam-HearThis.at-Last FM-Reddit

divide

Member

Registered: 2012-09-23

Posts: 5

Re: Blocking web trackers/advertisers with pdnsd

I use a similar method as Wonderwoofy, use a seperate file to keep all the domain names (eg /etc/hosts-reject ) to be blocked, and specify in /etc/pdnsd.conf

source {
  owner=localhost;
  file=/etc/hosts-reject;
}

though they dont need to be in pdnsd format, just get it from mvps

WonderWoofy

Member

From: Los Gatos, CA

Registered: 2012-05-19

Posts: 8,414

Re: Blocking web trackers/advertisers with pdnsd

though they dont need to be in pdnsd format, just get it from mvps

This is good info.  I was not aware that pdnsd would accept anything in the standard hosts format except /etc/hosts... though it certainly makes sense that if it accepts /etc/hosts, there is no real reason that it couldn't load others.

xoma

Member

Registered: 2013-08-10

Posts: 17

Re: Blocking web trackers/advertisers with pdnsd

WonderWoofy, could I see your dnsmasq.conf?  I've been having problems with pdnsd too actually.  I'd like to see how yours is setup.

WonderWoofy

Member

From: Los Gatos, CA

Registered: 2012-05-19

Posts: 8,414

Re: Blocking web trackers/advertisers with pdnsd

Theres not much to it.  I don't use it as a dhcp server or anything else really fancy.  So after removing all the comments I have the following left:

$ sed -e 's/^.*$//g' -e '/^$/d' /etc/dnsmasq.conf
server=8.8.8.8
server=8.8.4.4
listen-address=127.0.0.1
addn-hosts=/etc/hosts.block
cache-size=1000
all-servers

xoma

Member

Registered: 2013-08-10

Posts: 17

Re: Blocking web trackers/advertisers with pdnsd

Theres not much to it.  I don't use it as a dhcp server or anything else really fancy.  So after removing all the comments I have the following left:

Thank you

xoma

Member

Registered: 2013-08-10

Posts: 17

Re: Blocking web trackers/advertisers with pdnsd

dnsmasq doesn't want to work for some reason.  Here's my current config:

# Never forward plain names (without a dot or domain part)
#domain-needed

# IP address to listen on
listen-address=127.0.0.1

# Servers

server=198.41.0.4
server=192.228.79.201
server=192.33.4.12
#server=199.7.91.13

# Blocked domains
address=/double-click.net/127.0.0.1
address=/facebook.com/127.0.0.1

# Resolv location
# resolv-file=/etc/resolv.dnsmasq.conf

cache-size=1024

I also keep getting this message in my journal:

Aug 17 01:17:11 arch dnsmasq[2224]: nameserver 192.33.4.12 refused to do a recursive query

It doesn't matter what IP it is.  That comes up no matter what.

EDIT: Apparently I'm not able to use root dns servers with dnsmasq yet it's fine with pdnsd.  Any reason for this?

Last edited by xoma (2013-08-17 18:56:30)