PfBlockerng googleadservices
-
First step is to make sure that your LAN device has its DNS settings only pointing to pfSense… This way all DNS requests are filtered. If you add a domain to the whitelist from the Alerts Tab, it takes effect immediately. Adding a domain manually to the whitelist, requires a "Force Reload - DNSBL"...
Once you have whitelisted a Domain, your browser/os might still be caching the domain address... So you should clear the browser/os cache...
There are others lists that can be added to DNSBL... More posted in the same thread...
If you see an AD that gets thru, right-click on it, then select "inspect" and if its a domain as the src of the AD, then that can be added to a DNSBL Customlist to block it...
-
How do you add a domain with a wildcard though? Say I want to add *.doubleclick.net and *.doubleclick.com
-
How do you add a domain with a wildcard though? Say I want to add *.doubleclick.net and *.doubleclick.com
If you are talking about Whitelisting, then you can prefix a "dot" in front of any domain, and that will whitelist the whole domain/sub-domains.
For blocking a domain:
With TLD:
once you add "example.com", the domain example.com is blocked plus any sub-domains.
Without TLD:
Only the domains listed are blocked… So you would have to add each sub-domain independently...
Wildcards (*) are not usable in the Resolver…
-
How do you add a domain with a wildcard though? Say I want to add *.doubleclick.net and *.doubleclick.com
If you are talking about Whitelisting, then you can prefix a "dot" in front of any domain, and that will whitelist the whole domain/sub-domains.
For blocking a domain:
With TLD:
once you add "example.com", the domain example.com is blocked plus any sub-domains.
Without TLD:
Only the domains listed are blocked… So you would have to add each sub-domain independently...
Wildcards (*) are not usable in the Resolver…
Think I got it working like I expected it to. At first ads were still getting through then I noticed the Enable TLD checkbox. Enabled that and it's blocking ads.
I'm used to the way that pi-hole blocks DNS, working to get pfBlockerNG set up to be similar before I make the switch so I can keep the wife happy.
I'm on 2.3.3, self-built system is a Celeron dual core 2.8GHz with 8G of memory dual Gigabit NICs. Seems like that should be enough horsepower to keep things running smoothly but if I'm missing something let me know please.
-
You can always run dual systems and define which LAN devices use which DNS Server… then after getting everything working as expected, move devices to point to pfSense and DNSBL...
-
First step is to make sure that your LAN device has its DNS settings only pointing to pfSense… This way all DNS requests are filtered. If you add a domain to the whitelist from the Alerts Tab, it takes effect immediately. Adding a domain manually to the whitelist, requires a "Force Reload - DNSBL"...
Once you have whitelisted a Domain, your browser/os might still be caching the domain address... So you should clear the browser/os cache...
There are others lists that can be added to DNSBL... More posted in the same thread...
If you see an AD that gets thru, right-click on it, then select "inspect" and if its a domain as the src of the AD, then that can be added to a DNSBL Customlist to block it...
Hello BBCan,
Thanks for your reply.
googleadservices.com is blocked by the hpHost_ads DNSBL Feed, however the advertising links are still appearing when I search something in google. If I click on inspect element, I see http://www.googleadservices.com/pagead/…..
Any ideas? I don't have TLD enabled.
Thanks in advance.
edit: enabled TLD, still the same result, advertising elements appearing in google. Any help on this? When I click on the elements then it's a blank screen, so it's blocked, but the elements itself are still appearing.
Also my DNS is pointing to pfsense + i've reloaded the DNS Feeds and forced the update + Cleared cache + I've also even rebooted pfsense. -
example.com (domain)
www.example.com (Sub-domain)…So without TLD, you have to block all variations..
With TLD, if example.com is blocked, then all Sub-domains are also blocked…Did you run a Force Reload - DNSBL for the TLD change to take effect?
-
example.com (domain)
www.example.com (Sub-domain)…So without TLD, you have to block all variations..
With TLD, if example.com is blocked, then all Sub-domains are also blocked…Did you run a Force Reload - DNSBL for the TLD change to take effect?
Force reload - DNSBL where can I find that? I can only find the restart service button in the services menu.
edit: nevermind found the option. I'm curious if it works now =) -
Update Tab… Then select "Reload", then select "DNSBL"
-
Update Tab… Then select "Reload", then select "DNSBL"
I've done this, I notice:
Assembling database… completed
Executing TLD
TLD analysis. completed
Finalizing TLD... completedOriginal Matches Removed Final
70323 13753 38234 32089
Validating database... Skipped [ 02/22/17 17:28:31 ]
Reloading Unbound…. completed
DNSBL update [ 32089 | PASSED ]… completedHowever the ads of googleadservices.com (google shopping) are still appearing when I search in google :(. I don't understand. Browser cache cleared.
edit: added googleadservices to TLD blacklist:
Executing TLD
Blocking full TLD/Sub-Domain(s)... |googleadservices|steepto| completed
TLD analysis. completedAfter that I still notice the google shopping ads. However the steepto ads are not appearing, so that is working!
-
Run these commands to see whats listed in DNSBL:
grep "googleadservices.com" /var/db/pfblockerng/dnsbl/* grep "googleadservices.com" /var/unbound/pfb_dnsbl.confSo with TLD enabled, and any list posting "googleadservices.com", it should be blocking all sub-domains…
Try to ping those domains:
ping googleadservices.com ping www.googleadservices.comIf they are listed above, then they should reply back with the DNSBL VIP address…
Check you settings to make sure your LAN device browser/OS is not caching the domain, and that you don't have another DNS server listed and causing the DNS request to be bypassed...
-
edit: added googleadservices to TLD blacklist:
Executing TLD
Blocking full TLD/Sub-Domain(s)… |googleadservices|steepto| completed
TLD analysis. completedYou don't want to add domains to the TLD Blacklist… The TLD Blacklist is used to block a TLD... like "ru" or "cn" or "top" or "pw" etc...
If you want to add Domains to be blocked... you can add them to a DNSBL Group - Customlist at the bottom of any DNSBL Group page...
-
edit: added googleadservices to TLD blacklist:
Executing TLD
Blocking full TLD/Sub-Domain(s)… |googleadservices|steepto| completed
TLD analysis. completedYou don't want to add domains to the TLD Blacklist… The TLD Blacklist is used to block a TLD... like "ru" or "cn" or "top" or "pw" etc...
If you want to add Domains to be blocked... you can add them to a DNSBL Group - Customlist at the bottom of any DNSBL Group page...
Ok, I'll do that. Thanks. Ok, so steepto is working, If I ping to googleadservices.com I get the DNSBL VIP address. So that's working. I'll grep the output later, because I don't have that mucht time at the moment.
Now I noticed the elements in google are from www.google.be itself, so probably that's why it isn't blocked I guess? However when I click on the link it redirects to googleadservices.com which results in a blank screen. So I guess there is no possible way to remove those ads in google search? If I use the ublock origin plugin in google chrome, it is blocking the advertising links, so I thought it would also work with pfBlockerNG.
-
Run these commands to see whats listed in DNSBL:
grep "googleadservices.com" /var/db/pfblockerng/dnsbl/* grep "googleadservices.com" /var/unbound/pfb_dnsbl.confSo with TLD enabled, and any list posting "googleadservices.com", it should be blocking all sub-domains…
Try to ping those domains:
ping googleadservices.com ping www.googleadservices.comIf they are listed above, then they should reply back with the DNSBL VIP address…
Check you settings to make sure your LAN device browser/OS is not caching the domain, and that you don't have another DNS server listed and causing the DNS request to be bypassed...
This is the output for the 1st command:
/var/db/pfblockerng/dnsbl/yoyo.txt:local-data: "googleadservices.com 60 IN A 10.10.10.1"The second command:
local-zone: "googleadservices.com" redirect local-data: "googleadservices.com 60 IN A 10.10.10.1"I think everyting is ok, If I ping I get a reply of the 10.10.10.1 interface (DNSBL VIP address), but I guess it's because the elements are from google itself. I also have it with adaway on my mobile phone, only with adblock plugins the advertising links are not appearing. How can the adblock plugins determine that, don't they work the same way?
Thanks for your help BB.
-
So I guess there is no possible way to remove those ads in google search?
DNSBL can't manipulate the Web page like a browser extension. So when you see (AD) in Google search, clicking on those may result in a blank page since DNSBL may be blocking those domains.
