Ad blocking with DNS on Linux |


Last edited

Ad blocking with DNS filtering

Ad blocking with DNS filtering is removing advertisement content from webpages. This is done with the help of a blacklist. The blacklist contains a list of domain names that are known to be used for web advertisements.

For this the configuration of the local DNS is extended. When a browser does a lookup of a blacklisted domain name, the DNS returns the ip-number of local webserver. This local webserver sends a transparant pixel to the webbrowser. The webbrowser expends this single transparant pixel to the given size of the original advertisement. The layout of the webpage is therefor not altered.

When the DNS configuration is changed, this immediately effects all system on the local network.

Pros and cons of ad blocking with DNS filtering

Pros of ad blocking with DNS filtering

The main advantage is that all systems on the local network benefit from this. So no per-device setup is necessairy.

Other advantages of ad bloking with DNS filtering:

  • lower bandwith consumption
  • less invasion of your privacy by reducing tracking and profiing possibilities
  • faster loading of webpages

Cons of ad blocking with DNS filtering

There are hardly any cons of ad blocking with DNS filtering. The main disadvantage is that it not only effect advertisements, but anything that the browser requests from the blacklisted domains. However, most of the time this is only just great :)

Using ad blocking with DNS filtering requires a DNS under your own control.

Ad blocking with the Bind nameserver

On Linux "bind" is the nameserver daemon. This can be installed with apt-get.

I have set up bind ad blocking on my Debian system. This is how I did this.

Set up pixelserver

To prevent the browser complaining that no connection could be made, we don't simply send the browser to some non-existing webserver. A minimal webserver is set up, that only can send a transparant pixel to the browser. This pixelserver can be downloaded from Look for the file

Download and rename it to Put it on (virtual) machine you want to run it on and change the listen address by editting and replace to the ip address of your server. Change the persmissions of this file and start the server with:

chmod u+x
./ &

Get blacklist

Get the blacklist from

Choose for the bind 8 config format.

I had to change the file so that the records read like this:

zone "" IN { type master; notify no; file "/etc/bind/"; };

by adding the "IN" between the domain name and the "{ type master ...." part. Use your vi-skills for this.

Give this file a easy name, like 'blacklist'. Now create a line in /etc/bind/named.conf.local:

include "/etc/bind/blacklist";

Create the null zone file

Create a file /etc/bin/ with the following contents:

$TTL    86400   ; one day

@       IN      SOA (
            2002061000       ; serial number YYMMDDNN
            28800   ; refresh  8 hours
            7200    ; retry    2 hours
            864000  ; expire  10 days
            86400 ) ; min ttl  1 day


@               IN      A
*               IN      A

and replace by your internal domain name and replace by the name of your pixel server. The above format allow for the use of wildcards. This means that you do not have to care about the subdomains.

Restart bind and test

/etc/init.d/named restart

Now, on your local Linux computer, test with:


This should resolve the ip number of your local pixelserver (in the above example Because of the wildcard option, you should get simular responses on, et cetera.

Now open a webbrowser and go to some advertisement loaded website, like and enjoy an better web experience.