How I removed ads and trackers for all devices on my home network.
Website advertising is a way of generating revenue by displaying ads on web pages. There are different types of website advertising, such as banner ads, pop-ups, video ads, sponsored links, etc. DNS or Domain Name System is a protocol that translates domain names (like www.bing.com) into IP addresses (like 204.79.197.200) that computers can understand and communicate with. Some website advertisers use DNS to redirect users to different web pages based on their location, device, or other factors. This is called DNS-based redirection or geotargeting . This can help advertisers deliver more relevant and personalized ads to their audience.
A DNS sinkhole is a technique that involves redirecting DNS requests for malicious or unwanted domains to a controlled IP address, usually a server that blocks or monitors the traffic. This can help prevent users from accessing harmful websites or being infected by malware that relies on DNS for communication or coordination. A DNS sinkhole can be implemented by modifying the local hosts file on a computer, by configuring a custom DNS server on a network, or by using a public DNS service that offers sinkhole functionality. Some examples of public DNS services that provide DNS sinkholing are AdGuard DNS, Quad9, and OpenDNS.
DNS sinkholing can be used for various purposes, such as:
AdGuard Home is a software that runs on your own device and acts as a DNS server that blocks ads and trackers for your entire network. It can protect all the devices connected to your network, such as computers, phones, smart TVs, etc. without installing any apps on them. It also has a web interface that lets you customize the filtering rules and monitor the network activity.
I used the Community Applications plugin on UNRAID to download the docker image and then set up the port mappings. Then I accessed the Web GUI for AdGuard and set up the upstream DNS settings since AdGuard does not resolove queries itself, it acts as a sinkhole. which is a secure DNS. Secure DNS is a way of encrypting the data that is exchanged between a web browser and a DNS server, using a protocol called DNS over HTTPS (DoH). This can help protect the privacy and security of the users, as well as prevent DNS attacks such as spoofing, hijacking, or poisoning. To enable secure DNS, you need to use a DNS server that supports DoH, such as Cloudflare, Google, or Quad9. I used 'https://dns.cloudflare.com/dns-query'.
I also enabled DNSSEC which is is a way of making the DNS more secure and reliable. DNSSEC adds extra information to DNS records, using a special type of math called cryptography. This information can be checked by DNS resolvers, which are the servers that look up website addresses, to make sure that the DNS records are real and have not been changed or faked by hackers. DNSSEC needs different groups in the DNS to work together, such as website owners, domain sellers, domain managers, and root servers. Each group has to create and update their own information and signatures, and share them in their DNS zones. The signatures are kept in RRSIG records, and the information is kept in DNSKEY records. There is also a link between the information of each zone and its parent zone, using DS records. DNSSEC can help stop various kinds of DNS attacks, such as redirecting users to wrong or harmful websites, or blocking access to certain websites. By using DNSSEC, users can be more sure that they are reaching the right websites and not being tricked by hackers.
I then setup some of the basic filter lists to block the common AD service providers and known malicious websites. All I needed to do is set AdGuards DNS IP address as the default DNS server for my home network which I did using my routers config. I also set a backup DNS server to cloudflares 1.1.1.1 just in case the docker application or homelab server runs into an issue. This allows the network to have a working DNS system at all times.
Below is an update after a few months of using AdGuard Home