Network-level ad blocking

Turris Omnia
5

I finally chose to use adblock because it’s simpler and supported out of the box in OpenWRT. It requires manual configuration of the resolver and packages outside of the Turris ecosystem (those should really be updated), so there is still room for improvement, but this works for me and covers a few problems that were found in other tutorials.

Here’s a step-by-step process, as seen from a terminal logged in as root in the Turris router:

  1. Download and install the adblock APKs from LEDE (the ones from Omnia are too old):

     wget https://downloads.lede-project.org/snapshots/packages/x86_64/luci/luci-app-adblock_git-17.328.04231-802d5b6-1_all.ipk
 wget https://downloads.lede-project.org/snapshots/packages/x86_64/packages/adblock_3.1.0-2_all.ipk
 opkg install adblock_3.1.0-2_all.ipk luci-app-adblock_git-17.328.04231-802d5b6-1_all.ipk

  2. reload the LUCI cache, otherwise you get a weird backtrace in the web interface:

     rm -rf /tmp/luci-*
 /etc/init.d/lighttpd restart

  3. start adblock and check that it works:

     /etc/init.d/adblock enable
 /etc/init.d/adblock start
 adblock.sh
 /etc/init.d/adblock status
 /etc/init.d/adblock query doubleclick.net

    the last line should show something like:

     ::: max. ten results for domain 'doubleclick.net'
   + doubleclick.net

    and a file should have been created in /etc/kresd/adb_list.overall with all the blacklists configured in the GUI.

  4. hook that configuration in the resolver and restart it. for this, you need to add the following line in the config resolver 'kresd' section of /etc/config/resolver:

     list rpz_file "/etc/kresd/adb_list.overall"

    … and restart the resolver:

     /etc/init.d/resolver restart

If this works, DNS resolution should fail for blocked domains, for example:

root@octavia:~# dig doubleclick.net

; <<>> DiG 9.10.5-P3 <<>> doubleclick.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;doubleclick.net.		IN	A

;; AUTHORITY SECTION:
blocked.		900	IN	SOA	blocked. nobody.invalid. 0 3600 900 604800 900

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 29 09:52:39 EST 2017
;; MSG SIZE  rcvd: 101

… and, obviously, most ads should be gone from your devices. :slight_smile: It doesn’t work for everything: ads may still show up in Youtube videos for example. But it will go a long way.

5 Likes