unbound-adblock

The ultimate network adblocker!

About

Unbound-adblock is an easy to use network adblocker. It allows you to block online advertisements network wide and thus block ads on devices that otherwise don't support traditional browser-based adblockers such as uBlock Origin, Adblock Plus etc. I have found unbound-adblock to boost web browsing speed and increase battery life on mobile devices.

A nice side effect of the network adblocking is that there is no added CPU utilization on the client-side device for filtering out the ads, as all the heavy lifting is done by the DNS server. For devices with low resources, unbound-adblock has been a breath of fresh air.

Additionally, unbound-adblock blocks a large amount of online trackers, malware, fake sites, pop ups and other annoying garbage.

unbound-adblock works best when used in conjunction with pf-badhost

Prerequisites:

This isn’t your first rodeo and you’re somewhat comfortable navigating your way around a Unix system. This guide is basically copy and paste. I will assume the reader knows how to set up an unbound(8) DNS server.
This OpenBSD FAQ page gives a list of easy instructions for doing just that.

How To

• Create a new user (we’ll call ours “_adblock”) 

 # adduser _adblock


• Download and put unbound-adblock.sh into /usr/local/bin/ 


	$ ftp https://www.geoghegan.ca/scripts/unbound-adblock.sh
 	# mv unbound-adblock.sh /usr/local/bin/ 
	# chown root:bin /usr/local/bin/unbound-adblock.sh


• Add line to /var/unbound/etc/unbound.conf at the end of the “server:” config options 

include: /var/unbound/etc/adblock.conf


• Give _adblock strict doas permissions for the exact commands it needs to run as superuser 

# vi /etc/doas.conf
      permit nopass _adblock cmd rcctl args reload unbound
      permit nopass _adblock cmd mv args /tmp/adblock.conf /var/unbound/etc/


• Edit _adblock’s crontab to run unbound-adblock.sh every night at midnight 

 # crontab -u _adblock -e
      @midnight 		/bin/sh /usr/local/bin/unbound-adblock.sh


• Login as user _adblock and run script manually to parse and load the adblock ruleset 

 # su _adblock 
 $ sh /usr/local/bin/unbound-adblock.sh 
   unbound(ok)
• Restart unbound(8) for good measure 
 # rcctl restart unbound

• Additionally, adding a rule such as below to your router's pf.conf will help to block ads on Google devices such as Chromecasts and Youtube apps that are often hardcoded to use Google DNS 

 # vi /etc/pf.conf
   pass out quick on egress from any to { 8.8.8.8 8.8.4.4 } rdr-to $adblock-server


unbound-adblock should now be installed and blocking ads!


In case you need to just copy and paste the code for some reason, here is the contents of unbound-adblock.sh 



# Copyright 2018 Jordan Geoghegan

# Permission to use, copy, modify, and/or distribute this software for any 
# purpose with or without fee is hereby granted, provided that the above 
# copyright notice and this permission notice appear in all copies.

# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH 
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 
# PERFORMANCE OF THIS SOFTWARE.

# Download and parse StevenBlack hosts file into unbound compatible format

mkdir /tmp/unbound-adblock
cd /tmp/unbound-adblock
ftp https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts && \
awk 'BEGIN { OFS = "" } NF == 2 && $1 == "0.0.0.0" { print "local-zone: \"", $2, "\" redirect"; print "local-data: \"", $2, " A 0.0.0.0\"" }' hosts > adblock.conf
mv /tmp/unbound-adblock/adblock.conf /tmp/adblock.conf
doas mv /tmp/adblock.conf /var/unbound/etc/
doas rcctl reload unbound

# Clean up after ourselves
rm -r /tmp/unbound-adblock