They call it “dark traffic” - ads that are not seen by tech-savvy users who have excellent ad blockers.
Not surprised that its growing. The web is unusable without an ad blocker and its only getting worse, and will continue to get worse every month.
They call it “dark traffic” - ads that are not seen by tech-savvy users who have excellent ad blockers.
Not surprised that its growing. The web is unusable without an ad blocker and its only getting worse, and will continue to get worse every month.
I have my entire network running with a DNS that blocks all advertising by default. And then, just to make absolutely certain, I run browsers with UBlock Origin on them.
Any good guides you know of to set that up?
https://pi-hole.net/
Pi-hole. You’ll want to run two, because machines will use both a primary and a secondary server for their DNS requests. If you don’t want to buy a pair of raspberry pi’s, you can run it in Docker, which basically keeps it isolated to its own tiny virtual machine. So you’d just need to spin up a pair of docker containers to run the pair of pi-holes. If you’re using Docker, they’ll need a pair of volumes too, or else they’ll lose all of their data every time they reboot.
You’ll want this to be on a machine that is running 24/7, because any time it shuts down, your internet will essentially stop working. That’s why lots of people end up just throwing a few raspberry pis in a closet and forgetting about them.
Once it’s installed, you’ll need to load it with block lists. The default ones are pretty basic. I’d just google something like “pihole blocklists” and figure it out from there. Each list will be a URL, which allows the pihole to pull updates, (which you can tell it to do via the built-in web UI).
Machines will be fine with just one primary DNS server. The main reason for running two is so that you still have one working DNS server if either machine goes down, for example during maintenance.
Its actually not easy to run two of them since they are not designed for using a shared disk (you can get corrupted data). Its also not necessary, you can just leave the secondary dns server blank.
But if you want two because you want high availability in case one of your piholes goes down, you can rsync the settings between the two machines every 5 minutes or so. Its important to keep them in sync that way.
The secondary DNS isn’t for redundancy; machines will split requests across the two for load balancing. If you only have one running, you’ll end up with ads slipping through as the device still uses the default secondary DNS.
No point if you have a network in the 10.0.0.0/8 IP range. There is a bug where they will randomly stop serving DNS to IPs outside of their subnet
Unless I’m misunderstanding, that doesn’t sound like a bug at all. Outside of a few specific circumstances, devices shouldn’t communicate with anything outside of the given subnet mask. Rejecting traffic outside of that subnet mask is exactly what it should do. And why wouldn’t your pihole be in the same subnet (or at least be included in the subnet mask) for the LAN? You can have the pihole’s IP address be whatever you want, so give it an IP in the same subnet.
I use VLANs and different subnets for security. Having PiHole break randomly every few weeks and seeing the config is different when I didn’t change it was beyond frustrating, so I just gave up
Then change it?
My DNS is from controld.com.
What you do is you log into your router and on the local area network page there’s generally a section to change the DNS settings of your router and you just put in the IP addresses that control D gives you.
You can also set it up on iOS and Android so that you are also protected when you leave your home network and are on the go on your cellular network.
As I said, along with Control-D, I also use U-Block Origin to catch anything that it might miss.
The other thing to do is use as many open source applications as you can possibly get away with.
Fair warning, using third-party DNS is a massive security issue; It basically allows that DNS provider to see all of the sites you’re visiting. Whenever possible, you should use a self-hosted DNS server like pi-hole.
Pi hole and Ad guard are DNS filters/adblockers not resolvers. You still have to define a resolver’s IP which is a third party (clouflare, quadns, etc)
Depends. Using some no-name dns server in Uzbekistan is likely not going to be easily reachable for your queries by your local government, if at all.
Then again, most of you don’t have queries over encrypted protocols anyway, so it’s an open book regardless of who your third-party is.
Best case if you’re a luddite, run a very highly recommended(by the fediverse) VPN, like windscribe or mullvad, and use their dns servers. Wireguard will encrypt the queries, and the vpn being supposedly trustworthy would put any cork in it otherwise.
Thats true, i just didnt want to setup the reverse proxying for that. Also, its DoH ao my isp doesnt get my dns.
Besides Pi-hole, there’s Adguard. The “home” version works just like Pi-hole on a device on your network (but is a little slicker in my opinion), and a DNS service where you just set your router’s or devices DNS to their service (less private, but no dedicated device required). That’s an option that is not ideal, but far better than not blocking at the DNS level for anyone uncomfortable configuring a device on their network.