Facebook and youtube ads probably cannot be blocked with DNS without completely breaking their respective websites.
Do you use a DNS, does it have any benefits ?
- Thread starter 2013
- Start date
I thought it would work since they get blocked with adblocking extensions like ad guard
DNS can only block at the domain level. For example, you can block
tracker.com while ignoring domain.com. Unfortunately (for us), YouTube and Facebook supply their ads from their own domain - so you have things like (made up to illustrate) gstatic.com/code/1927271 serving a video and at the same time gstatic.com/code/283743 is serving ads. With DNS, you can either block gstatic.com, or not. If you do, the ad is gone but so is your YouTube video. Same thing for Facebook.A browser based content blocker like uBlock Origin or AdGuard acts as a proxy for the actual webpage. It scans all content for you and acts as a gatekeeper - only allowing through the parts you want to see. Unlike DNS, it can scan the whole code, and granularly block or allow only certain parameters. For example, letting through that YouTube video while blocking the ads.
As for Hagezi's lists, they had a big restructure. If Pro is working OK for you still, stick with it. If you get any false positives or issues, the Light has been significantly reworked and blocks 99% of the stuff Pro does, only missing non-essential stuff like tag managers and comments/widgets/etc that might be a bit annoying but don't actually track you. It's orders of magnitudes lighter on resources, and still catches all trackers and ads etc. Discussion with numbers and comparative block testing is here on GitHub if you're interested.
Last edited:
If your TV is Android TV based, for YouTube there's SmartTubeNext: https://github.com/yuliskov/SmartTubeNext
I use pihole (caching from cloudflare) on docker running on unraid. Does most ad blocking on a static website level/in phone apps but as above you can't really block certian types like tv youtube/in video player ads with it. If you have a spare system, unraid and its docker system are super easy to get into. You could run it on an old small system like a dell optiplex and it'll not use that much power (less than 10w)
Last edited:
Thanks.
The DNS works for me, blocking most ads and popups inc on mobiles but the only few issues I'm having is ads on sites like YouTube and Facebook.
Soldato
- Joined
- 24 Mar 2018
- Posts
- 2,822
- Location
- Brighton
DNS can only block at the domain level. For example, you can blocktracker.comwhile ignoringdomain.com. Unfortunately (for us), YouTube and Facebook supply their ads from their own domain - so you have things like (made up to illustrate)gstatic.com/code/1927271serving a video and at the same timegstatic.com/code/283743is serving ads. With DNS, you can either blockgstatic.com, or not. If you do, the ad is gone but so is your YouTube video. Same thing for Facebook.
A browser based content blocker like uBlock Origin or AdGuard acts as a proxy for the actual webpage. It scans all content for you and acts as a gatekeeper - only allowing through the parts you want to see. Unlike DNS, it can scan the whole code, and granularly block or allow only certain parameters. For example, letting through that YouTube video while blocking the ads.
As for Hagezi's lists, they had a big restructure. If Pro is working OK for you still, stick with it. If you get any false positives or issues, the Light has been significantly reworked and blocks 99% of the stuff Pro does, only missing non-essential stuff like tag managers and comments/widgets/etc that might be a bit annoying but don't actually track you. It's orders of magnitudes lighter on resources, and still catches all trackers and ads etc. Discussion with numbers and comparative block testing is here on GitHub if you're interested.
As explained in detail already why it won't work via DNS alone.
Last edited:
Thank you, I did read that, What I was trying to says is that was the only issue I was having, since pihole and other have the same issue they are similar.
Post #31 explains the basics of DNS very well.
There's usually a compromise between privacy and speed. Your ISP's DNS or google's DNS (both unencrypted) are likely to be the fastest but also the least private. DNS servers in Nordic countries (they tend to have stronger laws regarding export of personal data and data privacy in general) that do no logging are slightly more private. Encrypted no-log servers (DNS-over-HTTPS or DNS-over-TLS) are the most private but also probably the slowest.
DNS servers can additionally block addresses known to serve ads or malware (or porn or gambling or social media etc), that functionality is separate from what I described above.
Personally I have the default settings on the router at home but then override that with DNS-over-HTTPS just on the devices I use frequently, i.e. my phone and my desktop PC.
In the good old days you could even run your own DNS server but that doesn't really work these days, see below.
I know you are joking but just incase anyone reading is genuinely confused and doesn't get the joke: A significant number (probably the majority) of popular websites (especially those streaming video) use a mixture of cloud services (AWS, MS Azure etc) and content delivery networks (CDNs) meaning this simply won't work.
There's usually a compromise between privacy and speed. Your ISP's DNS or google's DNS (both unencrypted) are likely to be the fastest but also the least private. DNS servers in Nordic countries (they tend to have stronger laws regarding export of personal data and data privacy in general) that do no logging are slightly more private. Encrypted no-log servers (DNS-over-HTTPS or DNS-over-TLS) are the most private but also probably the slowest.
DNS servers can additionally block addresses known to serve ads or malware (or porn or gambling or social media etc), that functionality is separate from what I described above.
Personally I have the default settings on the router at home but then override that with DNS-over-HTTPS just on the devices I use frequently, i.e. my phone and my desktop PC.
In the good old days you could even run your own DNS server but that doesn't really work these days, see below.
I know you are joking but just incase anyone reading is genuinely confused and doesn't get the joke: A significant number (probably the majority) of popular websites (especially those streaming video) use a mixture of cloud services (AWS, MS Azure etc) and content delivery networks (CDNs) meaning this simply won't work.
My good man, I introduced you to Oracle Cloud and I feel I've done you a disservice by not spending an extra few mins pointing out the bonus features. Self-documentation is *always* good, but there's no need to spend 30 mins, or even 30 seconds, if
Main hamburger menu (top left) > Storage > Block Storage > Block Volumes.
You'll arrive at an empty list. Click on Boot Volumes under the Block Storage menu list on the left to see a list of your instance boot drives/volumes.
Click your DNS server's volume (or whatever you like).
Under Resources on the left, select Boot Volume Backups and click 'Create Boot Volume Backup'. You'll want a full backup.
Repeat for your other instances so you have a snapshot of each. Next time something borks, you can terminate and delete the instance, and its boot volume. Create a new instance, select Image and Shape, switch from the OS tab (Oracle Linux, Ubuntu etc) to My images. Your boot volume snapshot is in there. Click it, set up the instance as usual, and you'll be running a known good snapshot of your instance in seconds. Just be aware that, unless you reserved the old one (which is paid) you'll end up with a new IP. You get 10GB storage for these for free, so unless your instance is huge or you take many backups, you'll be fine. I tend to keep a single snapshot of each of the four instances on a known-good config, just to be safe.
Oracle like to hide things behind sub-sub-sub-sub menus, but once you know, you know. It saved me once, so I'm passing it on to you.
Docs: Overview of Boot Volume Backups
Sites using a CDN doesn't in any way render DNS servers moot; that's what SNI is for. I must have misunderstood you. I've been running my own DNS server since the World Wide Web became a thing and it's still working (but it does have a few cobwebs). As you said, these days its just been extended to run in a memory safe language and to be capable of DoQ/DoT/DoH3.
Cheers, I run 3x VMs in OCI, all 3 have backup policies applied to the boot volumes. I said 30 minutes as a finger in the air guess, to include troubleshooting, firewall rules etc. I've had to restore at least once due to my own fat fingers so the process is well tested.My good man, I introduced you to Oracle Cloud and I feel I've done you a disservice by not spending an extra few mins pointing out the bonus features. Self-documentation is *always* good, but there's no need to spend 30 mins, or even 30 seconds, ifyou break somethingyour instance breaks.
Main hamburger menu (top left) > Storage > Block Storage > Block Volumes.
You'll arrive at an empty list. Click on Boot Volumes under the Block Storage menu list on the left to see a list of your instance boot drives/volumes.
Click your DNS server's volume (or whatever you like).
Under Resources on the left, select Boot Volume Backups and click 'Create Boot Volume Backup'. You'll want a full backup.
Repeat for your other instances so you have a snapshot of each. Next time something borks, you can terminate and delete the instance, and its boot volume. Create a new instance, select Image and Shape, switch from the OS tab (Oracle Linux, Ubuntu etc) to My images. Your boot volume snapshot is in there. Click it, set up the instance as usual, and you'll be running a known good snapshot of your instance in seconds. Just be aware that, unless you reserved the old one (which is paid) you'll end up with a new IP. You get 10GB storage for these for free, so unless your instance is huge or you take many backups, you'll be fine. I tend to keep a single snapshot of each of the four instances on a known-good config, just to be safe.
Oracle like to hide things behind sub-sub-sub-sub menus, but once you know, you know. It saved me once, so I'm passing it on to you.
Haha I should have known you'd be across it! If it's any consolation, ICheers, I run 3x VMs in OCI, all 3 have backup policies applied to the boot volumes. I said 30 minutes as a finger in the air guess, to include troubleshooting, firewall rules etc. I've had to restore at least once due to my own fat fingers so the process is well tested.
Thanks for the correction.