unbound-adblock

The ultimate network adblocker!

About

Unbound-adblock is an easy to use network adblocker. It allows you to block online advertisements network wide and thus block ads on devices that otherwise don't support traditional browser-based adblockers such as uBlock Origin, Adblock Plus etc. I have found unbound-adblock to boost web browsing speed and increase battery life on mobile devices.

A nice side effect of the network adblocking is that there is no added CPU utilization on the client-side device for filtering out the ads, as all the heavy lifting is done by the DNS server. For devices with low resources, unbound-adblock can be a breath of fresh air.

Additionally, unbound-adblock blocks a large amount of online trackers, malware, fake sites, pop ups and other annoying garbage.

unbound-adblock works best when used in conjunction with pf-badhost

Download: link

Version 0.2 Released!

Update November 2019:

To update unbound-adblock to the latest version:
click here for upgrade instructions

unbound-adblock version 0.2 has been released! It has a number of important improvements.

Changelog:

• Domains are now blocked by returning "NXDOMAIN" instead of redirecting to "0.0.0.0" -- This fixes timeout issues with certain devices/systems and improves general browsing speed.

• unbound-adblock now uses 90% less memory

• Script execution time has been cut in half.

• unbound-adblock now requires less than 30MB of memory allowing it to run on smaller embeded devices such as the Edgerouter Lite.

• Security improvements (safe file handling to eliminate race conditions)

• Error checking (script now safely aborts if unbound-checkconf fails)

Upgrade Quick Start:

Download the updated script, and replace the old one in /usr/local/bin/

NOTE: The file permissions and doas.conf settings have changed.

doas.conf must now contain this line:


# cat /etc/doas.conf
permit nopass _adblock cmd rcctl args reload unbound
        

/var/unbound/etc/adblock.conf must also be owned by user "_adblock" and have chmod 644 permissions

Install Prerequisites:

This isn’t your first rodeo and you’re somewhat comfortable navigating your way around a Unix system. This guide is basically copy and paste. I will assume the reader knows how to set up an unbound(8) DNS server.
This OpenBSD FAQ page gives a list of easy instructions for doing just that.


Install Guide:

• Create a new user (we’ll call ours “_adblock”)

 # useradd -s /sbin/nologin _adblock 
• The user should be created with default shell of "nologin" and an empty password (disables password logins).

• Create blocklist file
 
# touch /var/unbound/etc/adblock.conf
# chown _adblock /var/unbound/etc/adblock.conf
# chmod 644 /var/unbound/etc/adblock.conf
	
• Download and put unbound-adblock.sh into /usr/local/bin/


$ ftp https://www.geoghegan.ca/scripts/unbound-adblock.sh
# mv unbound-adblock.sh /usr/local/bin/ 
# chown root:bin /usr/local/bin/unbound-adblock.sh
	
• Add line to /var/unbound/etc/unbound.conf at the end of the “server:” config options

include: /var/unbound/etc/adblock.conf 

• Give _adblock strict doas permissions for the exact command it needs to run as superuser

# vi /etc/doas.conf
permit nopass _adblock cmd rcctl args reload unbound
	
• Edit _adblock’s crontab to run unbound-adblock.sh every night at midnight

 # crontab -u _adblock -e
      @midnight 		/bin/sh /usr/local/bin/unbound-adblock.sh
	


• Run script manually to parse and load the adblock ruleset
 
$ doas -u _adblock sh /usr/local/bin/unbound-adblock.sh 
unbound(ok)
	
• Restart unbound(8) for good measure
 # rcctl restart unbound 

• Additionally, adding a rule such as below to your router's pf.conf will help to block ads on Google devices such as Chromecasts and Youtube apps that are often hardcoded to use Google DNS

 # vi /etc/pf.conf
   pass in quick to {8.8.8.8, 8.8.4.4} rdr-to $adblock_server
	


unbound-adblock should now be installed and blocking ads!