diff --git a/content/blog/adblock-blocky.md b/content/blog/adblock-blocky.md new file mode 100644 index 0000000..1b4d4b4 --- /dev/null +++ b/content/blog/adblock-blocky.md @@ -0,0 +1,82 @@ ++++ +title = "DNS-level adblock on the go with blocky" +date = 2024-05-31 +draft = false + +[taxonomies] +categories = ["Self-hosting"] +tags = ["blocky", "adblock", "headscale", "tailscale"] + +[extra] +lang = "en" +toc = true +comment = true +copy = true +math = false +mermaid = false ++++ + +# Introduction +An adblocker is something you commonly find installed in browsers, usually through an extension. However, what if you wanted an adblocking system that was a bit deeper? Something that doesn't require a browser extension, and gives you a consistent adblocking system? This is where DNS-level adblockers like [AdGuard Home](https://adguard.com/en/adguard-home/overview.html) or [Pi-hole](https://pi-hole.net) come in. + +# DNS? +DNS stands for **D**omain **N**ame **S**ystem. It's what points URLs like `https://duck.com` to an IP address (like `52.142.124.215`), making it much easier to find things on the internet. + +DNS-level adblockers work by filtering out queries for URLs pointing to IP addresses serving ads. In this blog post, I'll use [blocky](https://0xerr0r.github.io/blocky) as an example of one such adblocker for demonstration purposes. + +# Setting up blocky +## NixOS configuration +There's a configuration option for `blocky` provided by NixOS, so you can enable and configure it in your NixOS config: + +```nix,linenos +services.blocky = { + enable = true; + settings = { + prometheus.enable = true; + blocking = { + blackLists.ads = [ + "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" + "https://sysctl.org/cameleon/hosts" + "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" + "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" + ]; + clientGroupsBlock = { + default = [ "ads" ]; + }; + }; + upstreams = { + groups.default = [ + "9.9.9.9" + "1.1.1.1" + ]; + }; + ports = { + dns = "0.0.0.0:53"; + }; + }; +}; +``` + +{% alert(header="Why isn't it running?") %} +You might need to reboot after running a `nixos-rebuild switch`, or move/kill any process running on port `53` for this to work. +{% end %} + +{% note(header="Custom DNS mapping") %} +You can use blocky to map a domain of your choice to an IP of your choice - refer to the [documentation](https://0xerr0r.github.io/blocky/latest/configuration/) for more information. +{% end %} + +Here, I've used two upstream nameservers for blocky to forward valid DNS requests to (since blocky doesn't do any DNS resolution itself - except for custom mapping, detailed later). One is [Cloudflare's DNS](https://one.one.one.one) (`1.1.1.1`) and the other is [Quad9](https://quad9.net) (`9.9.9.9`). + +As indicated by lines 6 through 11, you need to add lists containing URLs you want to be filtered from your DNS requests. + +## Making it work everywhere +The thing is, you'll need to set the IP address of the machine running blocky as a nameserver for all of your workstations - it just won't recieve any requests otherwise, so it won't be *doing* any adblocking if you don't do this. + +Of course, if you've got a router worth keeping around, you should be able to set a network-wide DNS resolver, and you can point this to your blocky-running machine in your router's settings. + +However, what if you wanted to have this work everywhere you go, perhaps on a portable laptop? Well, if you're using [Tailscale](https://tailscale.com) or [Headscale](https://headscale.net) you can just can edit the nameservers you use in your VPN's settings and set it to the *IP address* of the device running blocky. This way, any device on your VPN can utilise blocky and have a functioning DNS-level adblocker no matter where you are. + +If you're looking to setup headscale, I've made [a blog post about it](../selfhost-tailscale). + +# Finishing thoughts +With the existence of browser extensions doing the same thing adblockers like blocky and Pi-hole can, not everyone is going to need something this sophisticated. I think something like this is better suited to those looking for better coverage in their adblocking, or something that gives more control over DNS requests - for example, to easily setup custom DNS mappings or to restrict access to certain websites. diff --git a/public/blog/adblock-blocky/index.html b/public/blog/adblock-blocky/index.html new file mode 100644 index 0000000..97d2051 --- /dev/null +++ b/public/blog/adblock-blocky/index.html @@ -0,0 +1,27 @@ +DNS-level adblock on the go with blocky

DNS-level adblock on the go with blocky

2024-05-31

Introduction#

An adblocker is something you commonly find installed in browsers, usually through an extension. However, what if you wanted an adblocking system that was a bit deeper? Something that doesn't require a browser extension, and gives you a consistent adblocking system? This is where DNS-level adblockers like AdGuard Home or Pi-hole come in.

DNS?#

DNS stands for Domain Name System. It's what points URLs like https://duck.com to an IP address (like 52.142.124.215), making it much easier to find things on the internet.

DNS-level adblockers work by filtering out queries for URLs pointing to IP addresses serving ads. In this blog post, I'll use blocky as an example of one such adblocker for demonstration purposes.

Setting up blocky#

NixOS configuration#

There's a configuration option for blocky provided by NixOS, so you can enable and configure it in your NixOS config:

1services.blocky = { +
2 enable = true; +
3 settings = { +
4 prometheus.enable = true; +
5 blocking = { +
6 blackLists.ads = [ +
7 "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" +
8 "https://sysctl.org/cameleon/hosts" +
9 "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" +
10 "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" +
11 ]; +
12 clientGroupsBlock = { +
13 default = [ "ads" ]; +
14 }; +
15 }; +
16 upstreams = { +
17 groups.default = [ +
18 "9.9.9.9" +
19 "1.1.1.1" +
20 ]; +
21 }; +
22 ports = { +
23 dns = "0.0.0.0:53"; +
24 }; +
25 }; +
26}; +

Why isn't it running?

You might need to reboot after running a nixos-rebuild switch, or move/kill any process running on port 53 for this to work.

Custom DNS mapping

You can use blocky to map a domain of your choice to an IP of your choice - refer to the documentation for more information.

Here, I've used two upstream nameservers for blocky to forward valid DNS requests to (since blocky doesn't do any DNS resolution itself - except for custom mapping, detailed later). One is Cloudflare's DNS (1.1.1.1) and the other is Quad9 (9.9.9.9).

As indicated by lines 6 through 11, you need to add lists containing URLs you want to be filtered from your DNS requests.

Making it work everywhere#

The thing is, you'll need to set the IP address of the machine running blocky as a nameserver for all of your workstations - it just won't recieve any requests otherwise, so it won't be doing any adblocking if you don't do this.

Of course, if you've got a router worth keeping around, you should be able to set a network-wide DNS resolver, and you can point this to your blocky-running machine in your router's settings.

However, what if you wanted to have this work everywhere you go, perhaps on a portable laptop? Well, if you're using Tailscale or Headscale you can just can edit the nameservers you use in your VPN's settings and set it to the IP address of the device running blocky. This way, any device on your VPN can utilise blocky and have a functioning DNS-level adblocker no matter where you are.

If you're looking to setup headscale, I've made a blog post about it.

Finishing thoughts#

With the existence of browser extensions doing the same thing adblockers like blocky and Pi-hole can, not everyone is going to need something this sophisticated. I think something like this is better suited to those looking for better coverage in their adblocking, or something that gives more control over DNS requests - for example, to easily setup custom DNS mappings or to restrict access to certain websites.

\ No newline at end of file diff --git a/public/blog/feed.xml b/public/blog/feed.xml index e34077f..7ab74c2 100644 --- a/public/blog/feed.xml +++ b/public/blog/feed.xml @@ -4,8 +4,85 @@ All of the posts for my blog - 2024-03-28T00:00:00+00:00 + 2024-05-31T00:00:00+00:00 https://devraza.giize.com/blog/feed.xml + + DNS-level adblock on the go with blocky + 2024-05-31T00:00:00+00:00 + 2024-05-31T00:00:00+00:00 + + https://devraza.giize.com/blog/adblock-blocky/ + <h1 id="introduction">Introduction<a class="zola-anchor" href="#introduction" aria-label="Anchor link for: introduction">#</a></h1> +<p>An adblocker is something you commonly find installed in browsers, usually through an extension. However, what if you wanted an adblocking system that was a bit deeper? Something that doesn't require a browser extension, and gives you a consistent adblocking system? This is where DNS-level adblockers like <a rel="nofollow noreferrer" href="https://adguard.com/en/adguard-home/overview.html">AdGuard Home</a> or <a rel="nofollow noreferrer" href="https://pi-hole.net">Pi-hole</a> come in.</p> +<h1 id="dns">DNS?<a class="zola-anchor" href="#dns" aria-label="Anchor link for: dns">#</a></h1> +<p>DNS stands for <strong>D</strong>omain <strong>N</strong>ame <strong>S</strong>ystem. It's what points URLs like <code>https://duck.com</code> to an IP address (like <code>52.142.124.215</code>), making it much easier to find things on the internet.</p> +<p>DNS-level adblockers work by filtering out queries for URLs pointing to IP addresses serving ads. In this blog post, I'll use <a rel="nofollow noreferrer" href="https://0xerr0r.github.io/blocky">blocky</a> as an example of one such adblocker for demonstration purposes.</p> +<h1 id="setting-up-blocky">Setting up blocky<a class="zola-anchor" href="#setting-up-blocky" aria-label="Anchor link for: setting-up-blocky">#</a></h1> +<h2 id="nixos-configuration">NixOS configuration<a class="zola-anchor" href="#nixos-configuration" aria-label="Anchor link for: nixos-configuration">#</a></h2> +<p>There's a configuration option for <code>blocky</code> provided by NixOS, so you can enable and configure it in your NixOS config:</p> +<pre data-linenos data-lang="nix" style="background-color:#151515;color:#e8e8d3;" class="language-nix "><code class="language-nix" data-lang="nix"><table><tbody><tr><td>1</td><td><span style="color:#ffb964;">services</span><span>.</span><span style="color:#ffb964;">blocky </span><span>= { +</span></td></tr><tr><td>2</td><td><span> </span><span style="color:#ffb964;">enable </span><span>= true; +</span></td></tr><tr><td>3</td><td><span> </span><span style="color:#ffb964;">settings </span><span>= { +</span></td></tr><tr><td>4</td><td><span> </span><span style="color:#ffb964;">prometheus</span><span>.</span><span style="color:#ffb964;">enable </span><span>= true; +</span></td></tr><tr><td>5</td><td><span> </span><span style="color:#ffb964;">blocking </span><span>= { +</span></td></tr><tr><td>6</td><td><span> </span><span style="color:#ffb964;">blackLists</span><span>.</span><span style="color:#ffb964;">ads </span><span>= [ +</span></td></tr><tr><td>7</td><td><span> </span><span style="color:#99ad6a;">&quot;https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts&quot; +</span></td></tr><tr><td>8</td><td><span> </span><span style="color:#99ad6a;">&quot;https://sysctl.org/cameleon/hosts&quot; +</span></td></tr><tr><td>9</td><td><span> </span><span style="color:#99ad6a;">&quot;https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt&quot; +</span></td></tr><tr><td>10</td><td><span> </span><span style="color:#99ad6a;">&quot;https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt&quot; +</span></td></tr><tr><td>11</td><td><span> ]; +</span></td></tr><tr><td>12</td><td><span> </span><span style="color:#ffb964;">clientGroupsBlock </span><span>= { +</span></td></tr><tr><td>13</td><td><span> </span><span style="color:#ffb964;">default </span><span>= [ </span><span style="color:#99ad6a;">&quot;ads&quot; </span><span>]; +</span></td></tr><tr><td>14</td><td><span> }; +</span></td></tr><tr><td>15</td><td><span> }; +</span></td></tr><tr><td>16</td><td><span> </span><span style="color:#ffb964;">upstreams </span><span>= { +</span></td></tr><tr><td>17</td><td><span> </span><span style="color:#ffb964;">groups</span><span>.</span><span style="color:#ffb964;">default </span><span>= [ +</span></td></tr><tr><td>18</td><td><span> </span><span style="color:#99ad6a;">&quot;9.9.9.9&quot; +</span></td></tr><tr><td>19</td><td><span> </span><span style="color:#99ad6a;">&quot;1.1.1.1&quot; +</span></td></tr><tr><td>20</td><td><span> ]; +</span></td></tr><tr><td>21</td><td><span> }; +</span></td></tr><tr><td>22</td><td><span> </span><span style="color:#ffb964;">ports </span><span>= { +</span></td></tr><tr><td>23</td><td><span> </span><span style="color:#ffb964;">dns </span><span>= </span><span style="color:#99ad6a;">&quot;0.0.0.0:53&quot;</span><span>; +</span></td></tr><tr><td>24</td><td><span> }; +</span></td></tr><tr><td>25</td><td><span> }; +</span></td></tr><tr><td>26</td><td><span>}; +</span></td></tr></tbody></table></code></pre> +<blockquote class="callout alert"> + + <div class="icon"> + <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="20" height="20"><path d="M4.00098 20V14C4.00098 9.58172 7.5827 6 12.001 6C16.4193 6 20.001 9.58172 20.001 14V20H21.001V22H3.00098V20H4.00098ZM6.00098 20H18.001V14C18.001 10.6863 15.3147 8 12.001 8C8.68727 8 6.00098 10.6863 6.00098 14V20ZM11.001 2H13.001V5H11.001V2ZM19.7792 4.80761L21.1934 6.22183L19.0721 8.34315L17.6578 6.92893L19.7792 4.80761ZM2.80859 6.22183L4.22281 4.80761L6.34413 6.92893L4.92991 8.34315L2.80859 6.22183ZM7.00098 14C7.00098 11.2386 9.23956 9 12.001 9V11C10.3441 11 9.00098 12.3431 9.00098 14H7.00098Z" fill="currentColor"></path></svg> + </div> + <div class="content"> + + <p><strong>Why isn&#x27;t it running?</strong></p> + + <p>You might need to reboot after running a <code>nixos-rebuild switch</code>, or move/kill any process running on port <code>53</code> for this to work.</p> + + </div> +</blockquote><blockquote class="callout note"> + + <div class="icon"> + <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" width="20" height="20"><path d="M12 22C6.47715 22 2 17.5228 2 12C2 6.47715 6.47715 2 12 2C17.5228 2 22 6.47715 22 12C22 17.5228 17.5228 22 12 22ZM12 20C16.4183 20 20 16.4183 20 12C20 7.58172 16.4183 4 12 4C7.58172 4 4 7.58172 4 12C4 16.4183 7.58172 20 12 20ZM11 7H13V9H11V7ZM11 11H13V17H11V11Z" fill="currentColor"></path></svg> + </div> + <div class="content"> + + <p><strong>Custom DNS mapping</strong></p> + + <p>You can use blocky to map a domain of your choice to an IP of your choice - refer to the <a rel="nofollow noreferrer" href="https://0xerr0r.github.io/blocky/latest/configuration/">documentation</a> for more information.</p> + + </div> +</blockquote> +<p>Here, I've used two upstream nameservers for blocky to forward valid DNS requests to (since blocky doesn't do any DNS resolution itself - except for custom mapping, detailed later). One is <a rel="nofollow noreferrer" href="https://one.one.one.one">Cloudflare's DNS</a> (<code>1.1.1.1</code>) and the other is <a rel="nofollow noreferrer" href="https://quad9.net">Quad9</a> (<code>9.9.9.9</code>).</p> +<p>As indicated by lines 6 through 11, you need to add lists containing URLs you want to be filtered from your DNS requests.</p> +<h2 id="making-it-work-everywhere">Making it work everywhere<a class="zola-anchor" href="#making-it-work-everywhere" aria-label="Anchor link for: making-it-work-everywhere">#</a></h2> +<p>The thing is, you'll need to set the IP address of the machine running blocky as a nameserver for all of your workstations - it just won't recieve any requests otherwise, so it won't be <em>doing</em> any adblocking if you don't do this.</p> +<p>Of course, if you've got a router worth keeping around, you should be able to set a network-wide DNS resolver, and you can point this to your blocky-running machine in your router's settings.</p> +<p>However, what if you wanted to have this work everywhere you go, perhaps on a portable laptop? Well, if you're using <a rel="nofollow noreferrer" href="https://tailscale.com">Tailscale</a> or <a rel="nofollow noreferrer" href="https://headscale.net">Headscale</a> you can just can edit the nameservers you use in your VPN's settings and set it to the <em>IP address</em> of the device running blocky. This way, any device on your VPN can utilise blocky and have a functioning DNS-level adblocker no matter where you are.</p> +<p>If you're looking to setup headscale, I've made <a href="../selfhost-tailscale">a blog post about it</a>.</p> +<h1 id="finishing-thoughts">Finishing thoughts<a class="zola-anchor" href="#finishing-thoughts" aria-label="Anchor link for: finishing-thoughts">#</a></h1> +<p>With the existence of browser extensions doing the same thing adblockers like blocky and Pi-hole can, not everyone is going to need something this sophisticated. I think something like this is better suited to those looking for better coverage in their adblocking, or something that gives more control over DNS requests - for example, to easily setup custom DNS mappings or to restrict access to certain websites.</p> + + Home server security 2024-03-28T00:00:00+00:00 diff --git a/public/blog/index.html b/public/blog/index.html index cfb279e..fdff946 100644 --- a/public/blog/index.html +++ b/public/blog/index.html @@ -1 +1 @@ -Blog Posts
Self-hosting
Home server security 2024-03-28 Selecting hardware for a (home) server 2024-01-31 Take control of tailscale with headscale 2024-01-10 Host your own private search engine with SearXNG 2023-12-31
Cybersecurity
Misconceptions about NFC 2024-01-19 An overview on hoaxes 2024-01-04
Misc.
Setting up Zola on NixOS 2023-12-29
powered by zola and serene
\ No newline at end of file +Blog Posts
Self-hosting
DNS-level adblock on the go with blocky 2024-05-31 Home server security 2024-03-28 Selecting hardware for a (home) server 2024-01-31 Take control of tailscale with headscale 2024-01-10 Host your own private search engine with SearXNG 2023-12-31
Cybersecurity
Misconceptions about NFC 2024-01-19 An overview on hoaxes 2024-01-04
Misc.
Setting up Zola on NixOS 2023-12-29
powered by zola and serene
\ No newline at end of file diff --git a/public/sitemap.xml b/public/sitemap.xml index 1d455b1..919416b 100644 --- a/public/sitemap.xml +++ b/public/sitemap.xml @@ -6,6 +6,10 @@ https://devraza.giize.com/blog/ + + https://devraza.giize.com/blog/adblock-blocky/ + 2024-05-31 + https://devraza.giize.com/blog/hoaxes-overview/ 2024-01-04 @@ -52,6 +56,12 @@ https://devraza.giize.com/tags/ + + https://devraza.giize.com/tags/adblock/ + + + https://devraza.giize.com/tags/blocky/ + https://devraza.giize.com/tags/hacking/ diff --git a/public/tags/adblock/index.html b/public/tags/adblock/index.html new file mode 100644 index 0000000..8abeb53 --- /dev/null +++ b/public/tags/adblock/index.html @@ -0,0 +1,3 @@ +Blog Posts
# adblockAll Tags
DNS-level adblock on the go with blocky 2024-05-31
powered by zola and serene
\ No newline at end of file diff --git a/public/tags/blocky/index.html b/public/tags/blocky/index.html new file mode 100644 index 0000000..684f24b --- /dev/null +++ b/public/tags/blocky/index.html @@ -0,0 +1,3 @@ +Blog Posts
# blockyAll Tags
DNS-level adblock on the go with blocky 2024-05-31
powered by zola and serene
\ No newline at end of file diff --git a/public/tags/headscale/index.html b/public/tags/headscale/index.html index 37bb056..4793692 100644 --- a/public/tags/headscale/index.html +++ b/public/tags/headscale/index.html @@ -1,3 +1,3 @@ Blog Posts
# headscaleAll Tags
Take control of tailscale with headscale 2024-01-10
powered by zola and serene
\ No newline at end of file +en">Blog Posts
\ No newline at end of file diff --git a/public/tags/index.html b/public/tags/index.html index ba77625..c92c679 100644 --- a/public/tags/index.html +++ b/public/tags/index.html @@ -1,3 +1,3 @@ Tags
\ No newline at end of file +en">Tags
\ No newline at end of file diff --git a/public/tags/tailscale/index.html b/public/tags/tailscale/index.html index 0a1e0dd..38e8290 100644 --- a/public/tags/tailscale/index.html +++ b/public/tags/tailscale/index.html @@ -1,3 +1,3 @@ Blog Posts
# tailscaleAll Tags
Take control of tailscale with headscale 2024-01-10
powered by zola and serene
\ No newline at end of file +en">Blog Posts
\ No newline at end of file