How to: Adblocking DNS server on Entware-ng

Marvell Kirkwood based
Post Reply
Mijzelf
Posts: 6198
Joined: Mon Jun 16, 2008 10:45 am

How to: Adblocking DNS server on Entware-ng

Post by Mijzelf » Sat Feb 25, 2017 12:45 pm

On request I looked at the possibility to adapt pi-hole to run on the NAS. It turned out to be necessary to almost rewrite the whole stuff, because it's intended to run on Debian or Fedora, and has a lot of paths hardcoded. Further I got strange errors from the install script. It seems that either Entware-ng bash is not fully compatible with Debian bash, or dialog is not fully compatible with whiptail. So I skipped the port.

But to add the basic functionality (an addblocking dns) is relatively simple. You only need dnsmasq (a lightweight dns and dhcp server), and a small script.

Pi-hole basically offers dnsmasq a huge list of adservers, which it fetches from several public lists. The download urls of this lists can be found in adlists.default

Unfortunately these lists have different layouts, so they need to be adapted a bit.

You can download the adlists file

Code: Select all

curl https://raw.githubusercontent.com/pi-hole/pi-hole/master/adlists.default >adlists.default
and edit it to your needs. (You need to have RandomTools installed, or some other ca-certificates. Else it will fail)
Then create a script adlists.default2dnsmasq.sh:

Code: Select all

#!/bin/sh

REPLACEMENTIP=127.0.0.1

egrep -v '(^#|^$)' |	# filter comments and empty lines
    while read url ; do
	echo fetching $url >&2
	curl $url --progress-bar | # fetch adlist
	    egrep -v '(^#|^$)' | # filter comments and empty lines
	    awk '{ print $1 " " $2 }' | # strip unwanted tabs and spaces
	    cut -d ' ' -f 2 | # get 2nd argument (or first if there's only one)
		    while read adserver ; do 
		        echo $REPLACEMENTIP $adserver # output an dnsmasq readable line
		    done
    done
You can execute this script:

Code: Select all

sh adlists.default2dnsmasg.sh <adlists.default >/opt/etc/pi-hole.list
If you didn't edit adlists.default, you now have a list containing about 125000 adservers, from which about 83000 unique. If you want to see the numbers, execute

Code: Select all

wc -l /opt/etc/pi-hole.list
sort </opt/etc/pi-hole.list | uniq | wc -l
Now install dnsmasq-full on Entware-ng:

Code: Select all

opkg update
opkg install dnsmasq-full
Edit the configuration file /opt/etc/dnsmasq.conf. It basically needs to contain

Code: Select all

no-dhcp-interface=all
addn-hosts=/opt/etc/pi-hole.list
If your NAS doesn't have a static DNS server, and you want to configure your dhcp server to push your nas as server, you also need to add

Code: Select all

no-resolv
server=<a static dnsserver ip>
And start dnsmasq:

Code: Select all

/opt/etc/init.d/S56dnsmasq start
That's it. Now configure your PC to use your NAS as dns server, and you shouldn't see any ads anymore. More scientifically, you can test it by executing

Code: Select all

nslookup doubleclick.net <ip-of-nas>
This resolves the ip address of doubleclick.net, using the dns server running on <ip-of-nas>. It should resolve to 127.0.0.1, while

Code: Select all

nslookup doubleclick.net 8.8.8.8
should resolve to something else. If

Code: Select all

nslookup google.com <ip-of-nas>
doesn't resolve, you configured a wrong dns server for dnsmasq.

Remarks:
  • I tested the filter script only with the default enabled lists in adlists.default. Maybe some of the others have another layout.
  • If you want to automatically update the pi-hole.list, you can call a script from crond (Tweaks can offer you an entry to crond):

    Code: Select all

    #!/bin/sh
    
    sh /path/to/adlists.default2dnsmasq.sh </path/to/adlists.default >/opt/etc/pi-hole.list.new
    
    lines=$( wc -l /opt/etc/pi-hole.list.new )
    [ $lines -lt 10000 ] && exit 1  # 10000 is a bit few. Something went wrong
    
    mv /opt/etc/pi-hole.list.new /opt/etc/pi-hole.list
    /opt/etc/init.d/S56dnsmasq reconfigure
  • If your router doesn't offer the possibility to push the NAS' ip as DNS server, but you can disable the DHCP server completely, you can also use the DHCP server functionality of dnsmasq to do the job.

Post Reply