Ad-Blocking and Family Filter by DNS Filtering

Advertisements

This page is about 2 different problems that I had that I solved with the one solution.

It seems to me that about a third of everything I see on the internet is ads. I understand that people who make content to put on the internet would like to earn some money. I even have ads on this website even though I don’t think I will ever make any money off them. The problem is when the ads get in the way of the content. If I need to scroll past a full screens worth or ads to search for what I want to read then I will just go elsewhere. So to save the frustration I wanted to remove the ads.

The other problem I want to solve is to prevent my kids from seeing non-family friendly content. It is fairly easy to surf the internet and stumble across something NSFW by accident. I would really like to spare my kids from as much of this content as possible. And considering that quite a lot of ads that I see on the internet also fall into the non-family friendly category it makes sense to block the kids from seeing ads too.

The solution is to use a DNS filter. DNS is short for Domain Name System and is basically a phone book for the internet. When you navigate to a website using a URL like www.hellfirelabs.com.au your browser needs to know where the server is that hosts the website. The browser will look up the IP address of the server by sending a DNS lookup query to a DNS server who will provide an up-to-date IP address for the server. The DNS server is usually provided by your ISP but there are several free DNS servers available on the internet. When you connect to a network and receive an IP address from the router via DHCP you are also given 1 or 2 DNS servers to use (a primary and a backup). You can always ignore the provided DNS servers and use your own. Examples of DNS servers are Google DNS (8.8.8.8 and 8.8.4.4), Quad9 (9.9.9.9 and 149.112.112.112), Cloud Flare (1.1.1.1 and 1.0.0.1) and OpenDNS (208.67.222.222 and 208.67.220.220).

To block unwanted content the DNS server will simply check if the requested website is on a list of blocked sites and then not provide a response. Often web pages will have frames that include smaller websites, like an ad. The frames will have their own URL so a single web page may make several DNS queries. This way a website does not need to host its own ads and also ads can be changed per viewer. This also means that DNS queries for ads can be blocked without affecting the rest of the page. There are several public DNS servers that include block lists for various purposes. These include Malware blockers which Quad9 block by default or Cloud Flare offers separate with 1.1.1.2 and 1.0.0.2. For a simple family filter Cloud Flare have 1.1.1.3 and 1.0.0.3 which also has Malware filtering or you can use OpenDNS Family Shield with 208.67.222.123 and 208.67.220.123.

An issue with the above mentioned DNS servers is that they don’t provide ad-blocking. Because ad-blocking is effectively denying content providers from making money it can be a contentious topic for the larger IT companies. For an ad-blocking DNS provider you would need to use a provider who is focused on ad-blocking such as AdGuard. Many of these servers also offer family friendly options.

Changing the DNS server on each device connected to your network can be done easily by changing the settings in your router and DHCP provide the DNS serers to each client. By default the router will be set to use the ISPs DNS but you can add any that you want. How you do it will depend on what router you have but you can search the routers manual for DNS or Nameserver settings. All of the DNS providers provide instructions on their websites to help with setup.

But there is a catch with using these DNS providers. Privacy. Nothing really comes for free. Whenever you make a request to a DNS server the query is logged. This means that the DNS server can track every website you visit and how often you visit them. They don’t do this for nefarious reasons but to use the data to sell to advertisers. If you don’t like this idea then the next option is to host your own DNS server.

The easiest way to host your own DNS server is to setup a Pi-Hole. Pi-Hole is software that is designed to run on a Raspberry Pi that is primarily a DNS server but also includes other features such as a DHCP server. When it is installed you have the option to select from several block lists or you can download your own. All DNS queries are kept within your own network and all the logs are yours. I have been running Pi-Hole on a Raspberry Pi Zero W for a couple of years now without any issues.

Of course DNS filtering is not the most perfect method for family filtering. Any one with a basic understanding of networking will be able to change their DNS server. Fortunately my kids aren’t that smart yet. When they do work that out I will just have to set up a firewall rule on my router to block DNS traffic to the WAN. That way all DNS traffic is kept local. But I am sure a determined kid will still find a work-around. I would.