Skip to main content.

Adblocking with DNSMasq & Pixelserv

2014-10-08

Live demo in BSD Now Episode 058. Originally written by CJ, with edits and additions by TJ, for bsdnow.tv | Last updated: 2014/10/08

NOTE: the author/maintainer of the tutorial(s) is no longer with the show, so the information below may be outdated or incorrect.

Web advertising can be a nuisance. At best, they clutter up pages and slow browsing down. At worst, they can be scams or malware vectors, or engage in widespread tracking of the end user. Most users are now familiar with ad blocking on their web browsers, but for some devices that isn't practical. What about the ads on games consoles or other devices? What if we want to block advertising on any device connected to the network? To do so, there are two things we need to set up. The first is DNSMasq, a combined DHCP and caching DNS server. The second is pixelserv, a perl script that serves a transparent GIF file, to avoid 404 errors on domains that get blocked by DNSMasq. The ideal place to set this up would be on a gateway, but in reality it could be set up anywhere. For the tutorial, I'm assuming that we're using FreeBSD, and that 192.168.1.1 is our gateway. We'll need the following:

  • DNSMasq (dns/dnsmasq)
  • perl (lang/perl)

Install them via ports or packages and we'll get started.


DNSMasq

DNSMasq is configured through /usr/local/etc/dnsmasq.conf. Thankfully, it's quite easy to follow. There are too many usage cases to go through the configuration file line by line, unfortunately. For the most part, in order to get started, you need to make sure that DNSMasq is listening on the required interfaces:

interface= em0
listen-address=192.168.1.1

Adjust depending on your NIC driver and IP address. One line we do wish to uncommment is right at the end of the file:

conf-dir=/usr/local/etc/dnsmasq.d

This will allow us to add our ad blocking list to a separate file. This directory will be missing, so it's necessary to create it:

# mkdir /usr/local/etc/dnsmasq.d

Add the address DNSMasq is listening on as the first server in /etc/resolv.conf:

nameserver 192.168.1.1

Finally, enable it in rc.conf:

# echo 'dnsmasq_enable="YES"' >> /etc/rc.conf

And start it:

# service dnsmasq start

Next we need some lists.


Downloading the list

To do this, we need to copy and paste a small script that'll download a recent list of domains to redirect using your favorite editor:

# vi /usr/local/bin/dnsmasq_ad_list.sh

And paste the following into it:

#!/bin/sh

adlisturl="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext"

# Don't forget to change the following 
# Including the IP address
ad_file="/usr/local/etc/dnsmasq.d/dnsmasq.adlist.conf"
temp_ad_file="/usr/local/etc/dnsmasq.d/dnsmasq.adlist.conf.tmp"

fetch -qo - $adlisturl | sed 's/127\.0\.0\.1/192\.168\.1\.1/' > $temp_ad_file
 
if [ -f "$temp_ad_file" ]
    then
    #sed -i -e '/www\.favoritesite\.com/d' $temp_ad_file
    mv $temp_ad_file $ad_file
    else
    echo "Error building the ad list, please try again."
    exit
fi

  Restart the service for it to take effect.

# service dnsmasq restart

If there's a site you'd like omitted from the list, use the commented-out line, for example:

# sed -i -e '/www\.favoritesite\.com/d' $temp_ad_file

Next, make it executable:

# chmod +x /usr/local/bin/dnsmasq_ad_list.sh

And run it as root:

# dnsmasq_ad_list.sh

You'll need working DNS for that script to run. If you look at /usr/local/etc/dnsmasq.d/dns.adlist.conf, you'll see entries like the following:

address=/annoyingads.tld/192.168.1.1

To test this, try the following:

$ ping doubleclick.net

If the reply is coming from the pixelserv IP you set before, the domain is being redirected.


Pixelserv

We're nearly finished. Now we need to download the Pixelserv script to serve the GIF placeholder images for our redirected domains. Do so thusly, while also changing the permissions:

# fetch -o /usr/local/bin/pixelserv http://proxytunnel.sourceforge.net/files/pixelserv.pl.txt
# chmod 755 /usr/local/bin/pixelserv

Then edit it:

# vi /usr/local/bin/pixelserv

To make pixelserv serve the entire network, we need to change the LocalHost line. A diff to show the changes:

--- pixelserv.pl.txt    2014-08-30 03:01:15.000000000 -0400
+++ pixelserv.pl.txt    2014-08-30 03:01:17.000000000 -0400
@@ -1,11 +1,11 @@
-#! /usr/bin/perl -Tw
+#!/usr/bin/env perl -Tw

 use IO::Socket::INET;

 $crlf="\015\012";
 $pixel=pack("C*",qw(71 73 70 56 57 97 1 0 1 0 128 0 0 255 255 255 0 0 0 33 249 4 1 0 0 0 0 44 0 0 0 0 1 0 1 0 0 2 2 68 1 0 59));

-$sock = new IO::Socket::INET (  LocalHost => '0.0.0.0',
+$sock = new IO::Socket::INET (  LocalHost => '192.168.1.1',
                                 LocalPort => '80',
                                 Proto => 'tcp',
                                 Listen => 30,

There's one last thing to do, and that's to add a rc script to start and stop pixelserv.

# vi /usr/local/etc/rc.d/pixelserv

And paste the following:

### BEGIN INIT INFO
# Provides:          pixelserv
# Required-Start:    $network
# Required-Stop:     $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: pixelserv server for ad blocking
# Description:       Server for serving 1x1 pixels
### END INIT INFO
 
case '$1' in
   start)
     echo 'pixelserv: starting'
     /usr/local/bin/pixelserv &
     ;;
   stop)
     echo 'pixelserv: stopping'
     killall pixelserv
     ;;
   *)
     echo 'Usage: service $0 {start|stop}'
     exit 1
     ;;
esac

Save it, change the permissions:

# chmod 555 /usr/local/etc/rc.d/pixelserv

Then go into /etc/rc.conf and add pixelserv to your daemon list:

# echo 'pixelserv_enable="YES"' >> /etc/rc.conf

Start it up:

# service pixelserv start

To test this, go to doubleclick.net in your browser. If a 1x1 GIF image shows instead of the site or a 404 error, you've been successful.

Notes:

  • Much to my disappointment, it doesn't block Google text ads, as appear in the email web client. It's recommended to also install Adblock Plus on all your systems with a web browser.
  • A useful file to set up in addition to dnsmasq-adblock.conf is a custom list that won't be overwritten when the ad list is updated. I use /usr/local/etc/dnsmasq.d/custom-adblock.conf, with a selection of additional addresses in.
  • To keep the ad list updated, it might be worthwhile to set up a cron job to run the ad list download script every now and again.
  • An alternative to pixelserv is to run a real web server and host a 1x1 GIF there instead.
  • It's possible to run most of the commands as a normal user, you just need to change the permissions on the directories we created.

Latest News

New announcement

2017-05-25

We understand that Michael Dexter, Brad Davis, and George Rosamond think there should be more real news....

Two Year Anniversary

2015-08-08

We're quickly approaching our two-year anniversary, which will be on episode 105. To celebrate, we've created a unique t-shirt design, available for purchase until the end of August. Shirts will be shipped out around September 1st. Most of the proceeds will support the show, and specifically allow us to buy...

New discussion segment

2015-01-17

We're thinking about adding a new segment to the show where we discuss a topic that the listeners suggest. It's meant to be informative like a tutorial, but more of a "free discussion" format. If you have any subjects you want us to explore, or even just a good name...

How did you get into BSD?

2014-11-26

We've got a fun idea for the holidays this year: just like we ask during the interviews, we want to hear how all the viewers and listeners first got into BSD. Email us your story, either written or a video version, and we'll read and play some of them for...


Episode 259: Long Live Unix

2018-08-15

Direct Download:MP3 AudioVideo This episode was brought to you by Picking the contest winner 1) Vincent 2) Bostjan 3) Andrew 4) Klaus-Hendrik 5) Will 6) Toby 7) Johnny 8) David 9) manfrom 10) Niclas 11) Gary 12) Eddy 13) Bruce 14) Lizz 15) Jim Random number generator Headlines The Strange Birth and Long Life of Unix They say that when one door closes on you, another opens. People generally...

Episode 258: OS Foundations

2018-08-08

Direct Download:MP3 AudioVideo This episode was brought to you by Headlines FreeBSD Foundation Update, July 2018 MESSAGE FROM THE EXECUTIVE DIRECTOR We’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10...

Episode 257: Great NetBSD 8

2018-08-01

Direct Download:MP3 AudioVideo This episode was brought to you by Headlines NetBSD v8.0 Released The NetBSD Project is pleased to announce NetBSD 8.0, the sixteenth major release of the NetBSD operating system. This release brings stability improvements, hundreds of bug fixes, and many new features. Some highlights of the...

Episode 2^8: Because Computers

2018-07-25

Direct Download:MP3 AudioVideo This episode was brought to you by Win Celebrate our 256th episode with us. You can win a Mogics Power Bagel (not sponsored). To enter, go find the 4 episodes we did in December of 2017. In the opening, find the 4 letters in the bookshelf behind me. They...