block ads at router level

    Hello. After i put online my dns blackhole i have 2 more things to do. 1. Set up a https local proxy for my dns for using dns over https and 2. try to find if is possible to set up a basic adblock at router level.

    It turned up that task nr. 2 is very easy. All you have to do is accessing your router interface (mine is tp-link) and use parental control or access control menu. I used Access Control menu. You have to enable Internet Access Control first. Default filter policy must be "disable the packets.....". Then you use Add New button to add a new rule. For every rule there will be 4 hosts you can block - at least with my router make. For every rule you can add up to 4 host to block and, guess what, those 4 host will be sites and domains that serves adds. After you name the rule and added hosts to block you must use Save button. I didn't tested how many rules i can have, all i have needed was to test if i can do that.

    It's up to you to create how many rules you want and add hosts for every rule.
Search for most major domains that serves adds and block those dommains.

    The main advantages using this method is that is working with every device connected to that specific router and you get rid of tracking cookies served by blocked domains.

 The main cons with this method is that you cannot set too many rules because a router has a limited memory capacity.

   If you want more rules or blocked domains appart for what Access Control can offer, you can use Parental control menu in router interface.

  So far, most reliable and simple method for blocking ads is to use an addon like "NoScript" in combination with ublock or other ads blocker. NoScript addon is a must for efficient ads block.

dns blackhole with bind nameserver

   Setting a DNS blackhole to block malicious sites is not hard and is not new. The new term "PI hole" is nothing else than a pi machine running a dns server with additional files for settings.
    If you don't want to buy a new machine only for setting ap an adblocker you can use your own machine and a personal dns server. Read the following, is very easy to do, nothing special complicated.
    I use bind nameserver on linux but you can use whatever operating system, i think bind nameserver is running on windows too.
   Nothing special here, we want to block some sites at DNS server level so to all apps running on machines using that specific dns server aren't capable of reaching those sites.

  Appart from configuration files bundled with bind nameserver, you need only two more files and a little modification in named.conf file.

  In named.conf file add this at the end:
include "/etc/bind/blocked.conf.zones";

  Create a new file in /etc/bind an name that file blocked.conf.zones

My blocked.conf.zones file is like this:

 zone "pagead2.googlesyndication.com" { type master; notify no; file "/etc/bind/null.zone.file"; };
zone "googleadservices.com"  { type master; notify no; file "/etc/bind/null.zone.file"; };
zone "myphonenumbers-pa.googleapis.com" { type master; notify no; file "/etc/bind/null.zone.file"; };

    We need to create a new file in the same directory /etc/bind. Name that file null.zone.file

    My null.zone.file  file is like this:

$TTL    600
@                       1D IN SOA       localhost root (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        1D IN NS        @
                        5 IN A          127.0.0.1
        ;     *       IN      A          127.0.0.1



    And that's it! Nothing more, nothing less!

    For every site you want to block you need to add a new line in blocked.conf.zones file, i.e. if you want to block adservices.com site you will have to add a new line and write
zone "adservices.com" { type master; notify no; file "/etc/bind/null.zone.file"; };

That's it!

If you want a large list with malicious sites you can search on duckduckgo, there's a lot of lists there!

=========

    One more step, don't forget to set your dns server to match your local dns server. (instead of 8.8.8.8 or 4.2.2.1 or other internet nameservers you have to use 127.0.0.1 or localhost or whatever interface you are using in bind settings. Listen ports, net interfaces and access control list (i.e. who can use your dns server) - all these settings made for bind nameserver are up to you and must be configured by you - every machine has a specific environment. Fortunately, these settings are not complicated at all and you can do it after 5 minutes reading on internet.

=============
  Tested and working on entire LAN, for pc's and phones!@