This is just DNS-level blocking; I'm pretty sure you can do this already if you have a Linux-based router that has a DNS server+resolver built in (i.e. most of them), but if you have an RPi lying around doing nothing, might as well put it to use.

Note that this doesn't block ads which are inlined and/or otherwise combined with content; for that, you can use a MITM proxy like Privoxy.

I set this up earlier this month after seeing someone recommend it here on HN in a comment, and after a very good start I decided to stop using it.

The performance was very good, and switching default DNS from Google to OpenNIC was easy enough, but the default blocklists included too many domains I needed to use (e.g. mailchimp.com) which were not explicitly ad domains. Whitelisting domains is possible but you have to drop what you are doing and SSH into the Pi, whitelist it and reload the config, then resume what you were doing.

But the real dealbreaker for me was that this is largely incompatible with NoScript and its 'Application Boundaries Enforcer' which gave me constant warnings due to some content being served from my LAN. The way pi-hole works is to intercept your DNS query for 'bad' domains, re-route it to its own server, and return an empty page. It is the return of an empty page over the LAN that was problematic.

Maybe someone more savvy could have made it all work together but at some point you have to evaluate the usability of this versus just toggling an ad-blocker with your browser. The browser ad blocker is just faster and easier when you need to override anything.

I tried this some time ago, but it ended up far inferior to Adblock, both in the amount of extra stuff it let thru, and the amount of actually useful domains which end up on the blacklist. For example, the HiFi system I use to watch Netflix requires some Sony domain which is on most DNS blocklists. I ended up going back to Adblock.

Actually you can both systems at the same time. DNS blocking is one efficient solution for devices which doesn't have access to Adblock, but it doesn't block you from using Adblock on your computers and your compatible phones / tablets.

I have been thinking a bit about home router/squid solutions - with three kids now, I want to allow the free exploration of the sum of all human knowledge, but boy there is a lot of crap out there.

So, DNS based blocking is both slow to react and needs constant vigilance. I think there are some open sourced DNS blacklists

Secondly, I'm confused by YouTube - I value the idea of interview with rosa parks, but it's then three clicks to any amount of violent over-sexualised rubbish.

I am interested in Adblock on a router - but mostly I am trying to prevent the "rubbish" getting through.

So I think there are few solutions beyond "turn off internet access unless I am sitting with you"

I have been working on a solution for this over a year and will release a beta product around March 2016.

Sign me up/ send me details !

I prefer to have a completely untouched internet connection and have a control of what to block on the end device. For example, it would drive me mad if the ISP/VPN decided to be so nice that they would block "malware", "rubbish" etc for me.

What do you use for email?

I use something similar.

1. get hosts file from http://winhelp2002.mvps.org/hosts.htm

2. install pdnsd (by default it reads and uses the hosts file)

Can you elaborate on what pdnsd does? I understand how editing the hosts file work, but this pdnsd thing is new to me. Thank you!

It's a simple DNS proxy server.

This seems kinda half-assed.

If he's setting up dnsmasq to serve as a caching local DNS, why not configure it to serve as DHCP server as well (after disabling DHCP on the router) and avoid the manual setting of the DNS server on clients?

For the record this works perfectly on an ubuntu 14.04 instance I tried it out on.

I had previously been playing around with bind configs to achieve the same thing but this is a much better solution.

I had a poke around on the website though and how to you get updates for the list?

This is worthless for hardware such as Google's Chromecast and Android TV, because the DNS is hardcoded to 8.8.8.8 and 8.8.4.4.

You can redirect all dns requests to your dns server form your router.

Why not just use a hosts file?

1) This is centralized so you wouldn't have to edit on every PC/device 2) It's a bit tricky to edit the hosts file on an iPhone..

You can put a hosts file on your router. That way it is automatic to ALL devices, no need for DNS tinkering.

Only if your router supports it. Many ISPs provide locked down routers with no access to hosts, no ability to change DNS servers, etc.

I'd just get a new router or DD-WRT. If you are spending all of the money on a Raspberry Pi and all equipment you should probably get a router that is free*.

Hell, add a wifi dongle, and now you have a kindof-good router.

re #2: it's only two steps to install a proxy-based adblocker and then set a proxy for your internet connection. Same goes on Android.

A hosts file on a router would be much faster than anything else. Nullrouting packets before they even enter your LAN is possible the best thing you can do.

A filtering proxy takes many more CPU cycles than this solution.

This is a lot more efficient.