Adblocking with DNS


Ads on websites can be both annoying and resource intensive for older PowerPC systems. Waiting for the browser to load all the ads just so you can use the site can be trying on your patience. This is where adblocking becomes a great help.

Dan has a really good post comparing different types of adblocking tools for TenFourFox. I would like to suggest another method you can use that will take the work of adblocking off of your browser and machine by using DNS. If you have a spare machine (I will be using my Mac mini G4 running Jessie) then setting this up will be pretty simple.

First we will install bind9 then setup DNS caching and forwarding. Then we will setup the adblock portion. Finally we will set up a simple webserver to present a transparent pixel instead of the ads.


Setting up DNS caching

First we will need to install bind9 if you have not already. This is as simple as running the command as root, apt-get install bind9. Next you will want to edit the file /etc/bind/named.conf.options. Below is my file.

acl goodclients {
    192.168.0.0/24;
    localhost;
    localnets;
};

options {
    directory "/var/cache/bind";

        recursion yes;
        allow-query { goodclients; };

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders. 
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

     forwarders {
         208.67.222.222;
        208.67.220.220;
     };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};


The acl section defines who is allowed to ask queries to the DNS server. This stops unwanted people from trying to use your server. It is better suited if this was server was accessible from the internet, but it is good practice to do.

Next we want to turn on recursion and define who is allowed to query. DNS recursion is when the DNS server queries other servers on behalf of the client and sends the reply back.

Then we will define the forwarders to use. Some people refer google DNS, but I like using OpenDNS. This should be all you need to set up caching. A great tutorial on DNS caching the can be found at Digitial Ocean.


Adblocking

Now you need to get a blacklist file, which can be found here. Select the bind8 option and download the file. The open it and edit the zone lines to look as follows.

zone “101com.com” IN { type master; notify no; file “/etc/bind/null.zone.file”; };

If you are handy with vim then doing this should be really quick and easy.

The next thing is to copy the file to the /etc/bind directory and add this line to the /etc/bind/named.conf.local file.

include “/etc/bind/blacklist”;

Now it is time to create the /etc/bind/null.zone.file. This will redirect the ad urls to the simple webserver we will setup shortly. You want to set the A records to point the web server. In my case the mini serves as both. Here is my file.

$TTL 86400 ; one day

@ IN SOA ads.attlocal.net. hostmaster.attlocal.net. (
2002061000 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS debian-minippc.attlocal.net

A web server

@ IN A web server
* IN A web server


Now you want to restart bind so that it takes all these changes you made. The first command to run is named-confcheck. This does a sanity check on the configs. If all is good then you should return to the prompt. Then to restart the command is systemctl bind9 restart and to check status of the service systemctl status bind9.

This finishes all that you need to set up the DNS server.


Pixelserver

Like I said in the beginning we want to set up a simple server to present a transparent image to replace the ads. If not then you page will full of page not found errors.

Pixelserver is a simple pearl script that can be found here. Download the file and edit it so that the listening ip address is your server. Then you change the permissions and run the server.
chmod u+x pixelserver.pl
./pixelserver.pl

Now point your machine to get DNS requests to your  server and test. Here is an example of a successful query.
herminio-hernandezs-power-mac-g4:~ herminio$ nslookup foo.doubleclick.com
Server: dns server
Address: dns server#53

Name: foo.doubleclick.com
Address: pixelserver

You should see the domain name point to your web server. Now browse the web ad free!

UPDATE I:

If you want to start the pixelserver.pl script on boot. Then you going to have it managed by systemd. This is not too hard to do.

First I put a copy of the script in the /usr/bin directory. Then entered the /etc/systemd/system directory and create a service file ( I called mine pixelserv.service). Here is what it looks like.

[Unit]
Description=pixelsirv.pl

[Service]
ExecStart=/usr/bin/pixelserver.pl

[Install]
WantedBy=multi-user.target

Then run systemctl enable pixelserv.service after run systemctl restart pixelserv.service. Now check to see if systemd is running the service.
root@debian-minippc:/etc/systemd/system# systemctl status pixelserv.service
● pixelserv.service - pixelsirv.pl
Loaded: loaded (/etc/systemd/system/pixelserv.service; enabled)
Active: active (running) since Thu 2015-11-19 00:37:26 CST; 7s ago
Main PID: 5345 (pixelserver.pl)
CGroup: /system.slice/pixelserv.service
└─5345 /usr/bin/perl -Tw /usr/bin/pixelserver.pl

UPDATE II:

If you do not turn off dnssec-validation in the /etc/bind/named.conf.options file then forwarding will break. Change the setting to what you see below then restart bind.

dnssec-validation no;

UPDATE III:

If anyone is stuck with provider wifi router that will not let you modify the DNS option in DHCP then you can add this line to the /etc/dhcp/dhclient.conf file.
prepend domain-name-servers server ip address
Then run the command dhclent <interface> to restart dhcp and you should be good.

PowerPC parts exchange?


I have had this idea for a while, but it somehow always went to the back of my mind.  What would you guys think of me adding a parts exchange area to this blog?  I'm asking my fellow authors as well as all the readers.

It would simply be an area on this blog where fellow PowerPC users can give and receive any spare parts they have, especially if they don't really have a use for it themselves.  If we do this, I would like to start it as a pure parts exchange, where the only real money involved is for shipping.  If it goes well then we could even add the ability for people to use it as a sort of PowerPC-specific Craigslist of sorts, but parts are MUCH cheaper to ship compared to systems.

I'm not talking about you all sending spare parts to one place, then making them available to others, as that would be horribly inefficient, but rather a page here to put people that have and/or need parts in touch with each other.  You would then work out your details with each other in private, in your preferred method of communication.  A central parts portal, if you will, for our always shrinking little PowerPC community.

So tell me what you guys think.  I don't want to add this here if no one will really use it.

Since none of the Apple PowerPC parts can be bought new any longer, I think an exchange could really fill a parts void for many.