Looking for the best solution to block ads/trackers on my entire home network.

land@lemmy.ml · edit-2 2 days ago

Looking for the best solution to block ads/trackers on my entire home network.

ertai@programming.dev · edit-2 1 day ago

dnsmasq with a blocklist, like /etc/hosts except you can use wildcards on whole domains. Then you just make your router’s default dns to point to the computer running dnsmasq. https://landchad.net/dnsmasq/

kekmacska@lemmy.zip · 2 days ago

either pi-hole or or a filtering dnscrypt server

like blahdns-de, odoh-koki-noads-ams

Matt@lemmy.ml · 2 days ago

NextDNS or many other DoH services that are out there (I personally recommend Mullvad).

melroy@kbin.melroy.org · 2 days ago

You want the truth? Setup OPNsense firewall on your network. Add EasyPrivacy, EasyList, AdGuard List and other blocklists to the Unbound DNS service on the OPNsense server.

Then configure your DHCP to use the OPNsense router/firewall IP (eg. 192.168.1.1) as DNS server in DHCP provisioned computers on your LAN network.

This is how I do it and it’s an enterprise setup, which works and scales really well.

tetris11@lemmy.ml · 1 day ago

Do you have any lies to offer?

melroy@kbin.melroy.org · 1 day ago

Do you want a lie? 2+3 = 8

tetris11@lemmy.ml · 21 hours ago

that’s terrible, shame on you

melroy@kbin.melroy.org · 19 hours ago

Nintendo once had to patch Tetris because players were stacking blocks so perfectly that the game started running out of pieces and crashed.

Majestic@lemmy.ml · 2 days ago

As an extra step you can block DNS requests to external services from within your network to prevent devices trying to reach hardcoded for example Google DNS servers to bypass your filtering which isn’t uncommon with some IoT/streaming devices. Best to both block the known IPs as well as have DNS redirects for the urls that point back to your firewall at whatever IP it’s using to serve DNS from. There is a list called DoH servers by name or something like that which you can add to the blocklist to try and prevent usage of any DNS but your own.

Corgana@startrek.website · 2 days ago

OP if you enjoy a fun weekend project, don’t go with a pi-hole. It literally only takes about 5 minutes. Also I recommend the blocklistproject lists https://blocklistproject.github.io/Lists/

Xanza@lemm.ee · edit-2 2 days ago

Light + TIF                     https://sky.rethinkdns.com/1:AAkACAQA
Normal + TIF                https://sky.rethinkdns.com/1:AAkACAgA
Pro + TIF                 https://sky.rethinkdns.com/1:AAoACBAA
Pro plus + TIF               https://sky.rethinkdns.com/1:AAoACAgA
Ultimate + TIF              https://sky.rethinkdns.com/1:gAgACABA

Light + TIF                 https://dns.dnswarden.com/00000000000000000000048  
Normal + TIF                 https://dns.dnswarden.com/00000000000000000000028  
Pro + TIF                 https://dns.dnswarden.com/00000000000000000000018  
Pro plus + TIF               https://dns.dnswarden.com/0000000000000000000000o  
Ultimate + TIF              https://dns.dnswarden.com/0000000000000000000000804  

Light                https://freedns.controld.com/x-hagezi-light
Normal                https://freedns.controld.com/x-hagezi-normal
Pro                https://freedns.controld.com/x-hagezi-pro  
Pro plus                https://freedns.controld.com/x-hagezi-proplus  
Ultimate                https://freedns.controld.com/x-hagezi-ultimate
TIF                https://freedns.controld.com/x-hagezi-tif

DNS based adblocking with Hegezi blocklist and TIF (threat intelligence feeds). Works with any device on your network in one way or another (QUIC, DoH/3, DoT, etc) and doesn’t require installing anything. Just changing dns settings.

This is a great list. Blocks about 95% of all advertisements. About 4% are unblockable due to one reason or another, and the remaining 1% get added very quickly. I highly recommend this solution. Sure, you can setup a PiHole and do it all yourself, but in the end that requires time and attention. It’s the same list, but if you roll PiHole yourself you don’t get access to TIF, which are amazing for protecting you from different kinds of threats.

JanUwU42@lemm.ee · 2 days ago

Either Pi-Hole or there is also AdGuard Home

From what I’ve heard their as good as each other it just comes down on what UI you prefer^^

2 days ago

yep, 100% set yourself up a pihole. You’ll likely need to set it as your DNS via DHCP in your router, or configure it manually on devices that allow that.

Faceman🇦🇺@discuss.tchncs.de · 3 days ago

I use Ad-Guard instead of Pihole because the pi-hole software used to be missing some of the DNS features I wanted at the time, and I just stuck with it ever since. I have the main DNS server running on my Unraid Box, and a backup that runs on my HomeAssistant Pi4B.

supervent@lemmy.dbzer0.com · 3 days ago

I use Adguard’s public DNS on my router for convenience, no problems at all. In the past I had pi-hole with some lists that in the end, from time to time, broke things.

Thorned_Rose@sh.itjust.works · edit-2 3 days ago

We have an Odroid with AdGuard that’s worked great for many years. We used to use Pihole but had niggles that Meany AdGuard was easier. For us we wanted a completely free solution that we had complete control over.

sic_semper_tyrannis@lemmy.today · 3 days ago

Make a NextDNS with the settings/features you like and add that as your router’s DNS service. Super simple

lepinkainen@lemmy.world · 2 days ago

This is the lazy option that just works, the free tier is decent but their paid one is so cheap that you can run it for years with the price of a single Rapberry Pi

Xuderis@lemmy.world · 3 days ago

Pi-hole works great for me, but everyone else on the network that uses Google hates it because the entire first page is ads and they can’t click on them.

AtariDump@lemmy.world · edit-2 2 days ago

For a mobile device / TV, sure.

For a browser on a computer, uBlock or AdNauseum will fix that.

piyuv@lemmy.world · 2 days ago

I install some local adblocker to their devices and they don’t see those ads

qjkxbmwvz@startrek.website · 2 days ago

I have one SSID with pihole (which I use), and one without. Works pretty well, if you’re ok with a VLAN-aware network.

ohshit604@sh.itjust.works · 2 days ago

Yeah, PiHole is great if you live by yourself otherwise the entire household will have it out for you.

Learned that lesson the hard way.

smallpatatas@lemm.ee · 23 hours ago

Dunno, I found it pretty easy to set up different rules for different devices.

ohshit604@sh.itjust.works · 20 hours ago

Yes! PiHole does offer whitelisting profiles for devices however, Apple/IOS devices with their “Private Wi-Fi addresses” make it pain given how the Mac Addresses regularly rotate.

AtariDump@lemmy.world · 2 days ago

Only Apple the filtering to your MAC addresses.

Autonomous User@lemmy.world · edit-2 3 days ago

Put their router into modem mode and daisy chain your own router. Look up its labels and find the original manufacture for manuals. Watch out for name changes and mergers. ISPs do not manufacture routers. They buy them from companies, change a few logos and lend them to you.

azron@lemmy.ml · 3 days ago

You can also use the DMZ setting for your router depending on the software on the device from your ISP. DMZ means all traffic is forwarded that hits the device.

BombOmOm@lemmy.world · 3 days ago

I second your idea of going with Pi-Hole. It is purpose-made for this and easy to setup.

Akip@discuss.tchncs.de · 2 days ago

Plugging my favorite block lists:

general browsing https://firebog.net/
For TV’s https://github.com/hkamran80/blocklists
For Phones https://github.com/craiu/mobiletrackers