The Best Ad Blocking Method in a Package

Now that I’ve configured DNSmasq in my newly installed Linux, it’s natural to revisit The Best Ad Blocking Method again. The reason it took me so long to do so is because I’m doing it in an entirely new approach this time.

This time I’m armed with a lethal weapon, and the damage is fatal — the time it takes for someone to setup the best ad blocking method has been hatched down from the previously over an hour to just a few minutes this time — because I’ve now packed the whole solution into a Debian package. I’ve requested for sponsor for it already, so hopefully it will come down from the pipe soon.

Here is the preview of how to use the package. It’s called dbab, which stands for Dnsmasq-Based Ad-Blocking.

  • If you don’t have a local web server on your local DNS server, then install dbab and you are done. Everything should work out of the box for such situation.
  • If you do have a local web server on your local DNS server, then after installing dbab, you need to add a second IP address to your eth0 using a virtual interface. See below.


First of all, let’s recap why this is the best method for ad blocking. Over the years, I’ve been using privoxy (which needs to overcome some hurdles every time I install it to work along with my squid local http caching server), and Adblock Plus (which is an-easy-to-install browser plugin). However, they all work more-or-less the same way, a pattern matching of all known ad urls is required. This will be CPU intensive because of the large quantity of them, and the use of regular expressions matching. Adblock Plus, the easiest choice, is actually the worst choice because it is JavaScript based, and is the slowest. Furthermore, all these method will more or less alter the rendered web page, to remove the ads. This will be even slower, and might cause side effects as well.

The dbab is however, using an entirely different approach for ad blocking. It’s advantages are:

  • Work at the DNS level. Leave the web pages intact, without any pattern matching, string substitution, and/or html elements replacing.
  • Serve instantly. All ads will be replaced by a 1x1 pixel gif image served locally by the Pixelserv server.
  • Maintenance free. You don’t need to maintain the list of ad sites yourself. The block list can be downloaded from periodically. If you don’t like some of the entries there, you can define your local tweaking that filters them out.
  • Easily customized. It’s trivial to add your own entries to the ad blocking list if the existing ones are not enough for you.


Once dbab is in the Debian repo, the installation will be so easy that what’s important is not the installation but the verification. So,

  1. Go into your local DNS server.
  2. Remove all existing ad blocking tools if you have any.
  3. Stop your local web server temporarily if you have any.
  4. Before installation dbab, go and visit some websites which have ads in their pages such as yahoo or anything, then
  5. Install the dbab Debian package
  6. Now, visit those pages again in different tabs to see if the ads are removed :-)

That shall be it if you don’t have any local web server. Mission accomplished.

Configure dbab for local web server

If you do have a local web server, you need to add a second IP address to your eth0 using a virtual interface. Else, You need to setup a dedicated local server for the Pixel server. I.e., there has to be a real IP for it, not a faked one. Otherwise, you’ll get the following when starting Pixel server dbab-pixelserv:

error : cannot bind : Cannot assign requested address

You can add a second IP address to your DNSmasq server using a virtual interface, then have the dbab-pixelserv service listen on that IP address. There are several ways to do it, the simplest way is to add the following lines to you eth0 interface:

post-up ip addr add dev eth0
pre-down ip addr del dev eth0

Adjust according to your situation. FYI, here is the full list of my eth0 interface static IP setup for my DNSmasq server:

File /etc/network/interfaces:

# Use static IP instead of dhcp
iface eth0 inet static
        # add a 2nd ip address
        post-up ip addr add dev eth0
        pre-down ip addr del dev eth0

Once done, do the following as root

ifdown eth0
ifup eth0

Then you should have your second IP address now. NB, you can’t verify it with ifconfig:

$ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:e0:xx:xx:xx:ef
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::xxx:xxx:xxx:98ef/64 Scope:Link
          RX packets:734377 errors:0 dropped:36 overruns:0 frame:0
          TX packets:659705 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:505414634 (505.4 MB)  TX bytes:178175449 (178.1 MB)

lo        Link encap:Local Loopback
          . . .

But you can verify it with ip:

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:e0:xx:xx:xx:ef brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet scope global secondary eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::xxx:xxx:xxx:98ef/64 scope link
       valid_lft forever preferred_lft forever

Once we have our second IP address, the reset is simple:

  1. stop dbab-pixelserv server
  2. change the IP address that dbab uses to the second IP address
  3. start dbab-pixelserv server
  4. start your local web server again if you have any

Do the following as root

# stop dbab-pixelserv server
/etc/init.d/dbab-service stop

# change the IP address that dbab-pixelserv listens on
echo > /etc/dbab.addr

# update ad blocking list with the second IP address
/etc/init.d/dnsmasq restart

# start dbab-pixelserv server
/etc/init.d/dbab-service start

That’s it. We’re done.

Bonus, rubbish sites blocking

One thing that I am very annoyed is that the top of google hits are often crammed with rubbish sites. I.e., those sites that contains nothing but key words merely so as to be shown on top of google hits.

These sites are called content-farming sites, and goolge has been fighting with them all the time. E.g., Google’s Farmer Update at the end of February, 2011:

“So-called content farms such as Demand Media and Associated Content, both routinely vilified for churning out shabbily produced, keyword-loaded content that often secured top listings at Google, were penalized severely.” [1]


But still, there are still content-farming sites that fall through the crack or revamp again. So instead of waiting for google to deal with them again, here is how to take the matter within our own hand.

First, gather a list of those rubish sites, and list them in /etc/dbab.list+. The result will look something like this:

$ cat /etc/dbab.list+

Then, convert the list so as to be used by DNSmasq:


The result will look something like this:

$ cat /etc/dnsmasq.d/dnsmasq.trashsites.conf

Now, block them using DNSmasq:

/etc/init.d/dnsmasq restart

That’s it. Next time if you accidentally click into those sites, You will see a blank page, which loads instantly, with the following as the page title:

(GIF Image, 1x1 pixels)

Then you know you’ve stumbled into sites that you should have avoided.

4 thoughts on “The Best Ad Blocking Method in a Package

  1. I am new to Debian and can’t figure out where to get this package? This solution is exactly what I am looking for?

  2. If you are new to Debian, and have no reason to object Ubuntu, then better start with Ubuntu first, which is much more newbie friendly. I’m using Ubuntu now. As for the location of the package, I was hoping it can be accepted into the main Debian repo not too long after I posted my blog, but no luck yet. Meanwhile, if you are using Ubuntu, you can get it from my ppa: ppa:suntong001/ppa — HTH

  3. Pingback: Use dbab under Ubuntu 14.04 Trusty | SF-Xpt's Blog

  4. Pingback: Use new dbab to set proxy automatically | SF-Xpt's Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s