How to remove most ads on all devices in your home
DNS-based ad-blocking and network securing
Ads can be a pain, especially on mobile devices (who can tolerate these 30-second videos on free apps!?). There is a way: You can block most ads at the router level by preventing all content from ad domains. This is fairly easy to do and will apply to all devices on your network.
Advantages: block ads and malware, get some stats at network level, no need for extra hardware or complex software
Cons: no detailed stats (e.g. per device) or log, can break some apps or websites if you’re unlucky or not careful (but can be fixed easily).
Multiple layers are possible/needed:
- Create a free account with Cisco’s OpenDNS (or any alternative which offers custom filtering), which can block malware automatically, and you can add easily up to 25 domains to blacklist or whitelist: https://dashboard.opendns.com/
What’s great is that it acts as wildcards, so blocking taboola.com will block *.taboola.com.
It will also give you good stats as to which domains are requested, so you can add or remove some later. You can also block entire categories, and it also features a malware/botnet/phishing protection, meaning that it should block dangerous domains. You could also blocklist e.g. facebook.com if you are on a digital detox period :). Note that changes might take some time (several hours), as apps/devices might have a DNS cache. - Then, you need to change the DNS in your Wifi router to OpenDNS. On my Verizon router, I go to
My Network > Network Connections > Broadband Connection (Ethernet/Coax) Properties > Settings
and set the DNS to OpenDNS nameservers (208.67.222.222 and 208.67.220.220)
3. Also, (or alternatively), you may be able to block domains at the router level (in mine it’s in Advanced > DNS Server). Here, you need to specify all domains and subdomains, as it’s not a wildcard like OpenDNS. Therefore, it’s better to block domains with lots of subdomains at OpenDNS level rather than here. Simply make them point to 1.0.0.0 or any other IP address:
4. You could also do this in your “hosts” file, but then it’s for one computer only. It would allow you to temporarily (or not) allow or block a domain for this computer only.
5. The last level would be the Parental Controls on the router, which allows to block some domains for specific network devices only, and/or block internet altogether at specific times. Note that it has caused some issues on our network in the past (some sites such as google.com couldn’t be accessed anymore…).
To temporarily go around it, set another DNS server on a specific device, e.g. google’s DNS, 8.8.8.8 and 8.8.4.4. There are some unintended consequences… for example, I realized that my Android amazon app didn’t work anymore because I had blocked amazon-adsystem.com.
Here are the domains I block on OpenDNS, along with a few categories, such as Adware, Drugs and Web Spam:
adnxs.com
adsrvr.org
adsymptotic.com
advertising.com
bounceexchange.com
criteo.com
criteo.net
deployads.com
doubleclick.net
googlesyndication.com
iasds01.com
innovid.com
liadm.com
mfadsrvr.com
moatads.com
mopub.com
outbrain.com
outbrain.org
pubmatic.com
servebom.com
taboola.com
tapad.com
Troubleshooting: some apps may crash or malfunction because they can’t load the ads, or website think you have an ad blocker since ads don’t load. For that, you’ll need to either find out which ad domain they want and allow them, or simply use another DNS on that device while using that app.
Alternatives
- An easier one is to use AlternateDNS, as explained on instructables. You won’t be able to block or whitelist custom domains though.
- A much more difficult one: if you have always-on devices such as a Raspberry Pi, you can install pi-hole, which would give you much more control. It also works on a Mac with Docker by following these instructions, but it’s much more involved than the method described above, for only marginal benefits. It would also require your Mac to run 24/7.
What are your ad-fighting strategies, and what do you think of this one? Please use the comments below to let me know!
