I currently update my local hosts file with advertising server domain names and direct them to nowhere.
Well, almost nowhere. I point them to 127.0.0.1 and I don't have a web service running so it is effectively nowhere.
Anyway, it blocks a lot of ads and whatever else I discover undesirable in web pages as I surf the www. It doesn't force you to use a specific browser or OS. (A requirement because there is a different flavor combination of OS's and browsers and such changing here all the time)
I have a NAS drive on my local network so I copy my hosts file there every once in a while. Then when I use another computer on my local network, I have to go to the NAS drive and copy the updated hosts file to the local computer if I want to block my ads there too.
What I'd like to see is my little wi-fi router performing this task and letting me add my host file list to it. It has a local DNS service to mirror outgoing DNS queries or something like that.
Must I set up an independent DNS server on my network and make sure all my local computers use it? Do I have to have yet another computer on all the time, using electricity and helping heat the room and adding fan noise? I got the NAS drive to eliminate one more computer on my network for those reasons already.
Then if I use another box for DNS, just to keep my ad blocking, I need a DHCP service because the one built in the router won't let me tell it what DNS server to use. It uses itself by an unchangeable default. So I'd have to turn off the DHCP on my wi-fi router and purposely not use the DNS it provides either so I can have one more box running to maintain my shared hosts file.
On my network here I have a couple xp boxes that are not running 24/7, a vista that goes away to college but is here some weekends, a Debian linux and boot-able live-cd to be able to have a web-server or whatever on the fly, a Linksys wi-fi router and a DSL modem the phone company owns with no features to it other than 'firewall' or 'straight through', a cell phone surfs through it too, when it's here. But when someone else stops by with a laptop, I give them my wi-fi code and then they are temporarily on my network, hopefully not being advertised to and counted and tracked.
Is there another way to achieve this without spending increases? I know my NAS drive is really just a headless LINUX box that runs on a small 12-volt charger sized power supply. I ssh'd in to it and looked around but recommendations are that I don't mess with it's internal operations. Besides, I think it's kinda slow so does it really need to perform DHCP and DNS on top of being a file server?
Do I really need to replace my wi-fi router with some expensive industrial overkill router to accomplish this task?
Best Answer
The DNS is the wrong tool for this job.
Let's deal with some silliness first:
No. This isn't the 1950s. Computers can run more than one server at once. Many Unices have been happily doing that, including running their own fully fledged resolving proxy DNS servers, as standard — out of the box — since the 1980s. Use the always-on computer that you say that you already have.Setting up a DNS server is the next step when one wants to distribute a
is "Yes.". That's what one does to scale up serving such data to an entire LAN.hosts
file to multiple machines. That is, after all, pretty much the reason that the DNS came about in the first place. So a blinkered answer to your questionHowever, the DNS is the wrong tool for the job that you want to do. I know that it may have seemed like a whizz-o idea to set up a
hosts
file with lots of names in it and block advertisements that way, but it's not scalable — as you've already discovered and as others discovered back in the 1980s — and (even if modified to use a content DNS server) it's not appropriate. It's not granular enough, and it's a layering violation.www.google.com
. Block that using your sledgehammer-to-walnut approach, and you've blocked yourself off from pretty much the whole of Google. There are many other instances of the same thing, where the pop-up/pop-under scripts, first-party cookie injectors, web bugs, and other nasties are served up from the same domains as desirable content. I suggest a trawl through the database employed by adzapper — many of whose entries use regular expressions to match only some URLs of a domain — to see how widely this happens nowadays.The right tool for this job is a proxy HTTP server, a PAC script, or an in-browser tool.
There are two choices of right approach, both of which operate at the HTTP layer and both of which have a finer granularity than entire domains:
A plug-in that blocks advertising by redirecting/handling the HTTP transactions is effectively the same approach. The WWW browser process itself does the work, and nothing outwith it is affected.
For nearly a decade, I used the first approach myself. Its disadvantage is that WWW browser handling of PAC scripts is fairly dodgy, even today. It's easy to make a script that won't work on all WWW browsers, the failure modes are atrocious (RealPlayer's in-built WWW browser hangs/crashes if presented with an incorrect PAC script, for example.) and the interactions between PAC scripts and the WWW browsing protection mechanisms employed by some anti-malware tools are often less than stellar. Nonetheless, it's an approach that I can vouch from experience will work, as long as one is very careful, across a wide range of WWW browsers running on various platforms.
For plug-ins, the disadvantages are similar. One has to ensure that every WWW browser has the plug-in, and it is rarely the case that one plug-in is available for all kinds of WWW browsers on all platforms.
I now use the second approach. It has the advantages, compared to PAC scripts and plug-ins, of being entirely browser-neutral, and only requiring debugging in one place (rather than in multiple WWW browsers of different types, including all of the built-in WWW browsers in tools like media players, hypertext help systems, desktop gadgets, automatic software update tools, and so forth).
Use the right tool for the job. The DNS is not that tool here.