> Only a few years ago, even people who hated ads saw ad-blocking software as akin to stealing.
I've been using ad blockers and NoScript plugins for longer than I can remember. Before that I was using /etc/hosts file based blocking. I've never felt like I was stealing nor do I know anyone that feels that way.
On the contrary, I've always felt that content to display, and in particular code to execute, on my device is my decision and mine alone.
Even worse, associating blocking ads as something akin to stealing is morally bankrupt.
It's an incredibly slippery slope that leads to complete loss of autonomy for individuals.
If I refuse to read roadside billboards, am I now stealing?
If I tear up newspaper ads and throw them away, am I now stealing?
If I turn off my tv during ads on a cable show, am I now stealing?
I think any sane person would definitively say "NO!", I think it's an incredibly dangerous line of thought that associates loss of attention as theft.
Fundamentally, we have the right to choose what we pay attention to. Some sites block me when I have adblockers enabled, I think that's fine. But don't serve up your content and then complain that I choose to ignore parts of it. I have free will and autonomy.
> On the contrary, I've always felt that content to display, and in particular code to execute, on my device is my decision and mine alone.
Absolutely. I reserve the right to decide what gets displayed on my computer, and what code runs. Websites can try to serve me stuff I don't want to see, but if they do, I am well within my rights to remove it.
That doesn't stop at ads, either. I often use my ad blocker's element hider to remove all the superfluous cruft that adorns so many websites. I don't want to see your social media sharing buttons, your half-page auto-playing videos, your cluttered sidebars, or enormous footers. And I definitely don't want to see your "Open in App" buttons that occlude the lower portion of your content.
If you want to ruin your site with user-hostile design, then fine, but that won't stop me from making it usable again on my device.
I feel compelled to write a reply just so there's a record on the internet in an archive somewhere of how history actually was.
Its like industry is trying to actively change history.
Practically no one saw or has seen ad-blocking as akin to stealing. This is a line completely made up by the advertising industry to try to co-opt a publicly available communication and content publishing system that existed and was being heavily used BEFORE advertising was prevalent.
Advertisers came along and polluted the internet after the internet was being used and free content was already being posted.
Ad-blocking arose as an organic and natural reaction to advertisers beginning to appear and moving onto the free internet, not internet denizens thinking/conspiring to get their hands on the sweet juicy content of advertisers and trying to fight their way into the advertisers domain.
> Only a few years ago, even people who hated ads saw ad-blocking software as akin to stealing.
> I've never felt like I was stealing nor do I know anyone that feels that way.
Never understood that concept either. It probably originated with people who were making a quick buck with ads on their sites defending their turf when the winds changed.
For a while advertising was like free money, so that's understandable.
The problem with content providers (news, quality blogs and such) is that they didn't look for a better model earlier. Therefore many were left trapped with this dreadful advertising revenue model.
I used to make exception for web comics I subscribed to and other websites I visited regularly, using adblocker only for browsing the random internet at large.
Until looking for group served a malware.
So now everything gets blocked.
So I would probably put myself into the “understands ads are your revenue and once upon a time was permissive” category.
Yeah, I found his statement very strange, too. The right not to read/watch what some corporation is pushing down my throat is quite fundamental and I'm not gonna give it up. Why on Earth should I feel guilty about it? It must be some projection by Bloomberg.
You're of course correct, but right now on a great many sites that non-adblock users are subsidizing the content for adblock users. If everyone (or even just a critical mass) of people run adblockers then many sites will either need to put up paywalls or go out of business.
Do you not believe that content creators have the right to set the terms upon which their content may be consumed? In other words, if you write an article, you don't believe that you have the right to say "you may read this article, provided that you also display this ad"? If you don't want to see the ad, simply don't read the article. What makes you think you have the right to the content, without abiding its terms?
I say this as someone who uses an AdBlocker daily. Of course it's stealing. You're violating the contract you implicitly agree to when you visit the site. This may or may not have legal force, but it's clearly stealing. If you don't want to see ads, don't visit sites that have them. THAT is how you retain the sanctity of your experience and avoid stealing.
The only reason we have free online content to consume is because content creators expect to be reimbursed through ads. When I block ads I am free-riding off of people that don't. Whether this is stealing or not is semantics, and I don't care to get into that discussion. But I do see a moral problem here.
I personally do block most ads, which is kind of justifiable to me because of malware concerns, but I'm not going to pretend I'm doing nothing wrong. I try to pay for content when possible. I support non-advertising business models.
Is it me, or is pi hole way more popular than it should be? Compared to the alternatives, it's worse in almost every way. It only works on your local network, so good luck blocking ads while you're at work, using mobile data, or at a cafe. Browser based adblockers (which is available on most desktop browsers, mobile safari, and firefox for android) can block elements and url patterns, pi hole can't. Even if you're on a browser that can't use adblock (mostly android), you can still use VPN based adblockers (the ones that reroute your traffic through a local VPN), which work regardless of what network you're on. And worst of all, all of the alternatives are free, which can't be said for pi hole[1].
[1] I know you can run pi hole on your desktop OS, which is technically free, but you need to leave your computer on 24/7 which undoubtedly raises your electricity bill.
I run pi-hole in conjunction with browser blockers and still find it a net benefit overall. Anyone who uses my wifi gets an adblocker, any device, for any browser, and any configuration gets the benefit of having it. It's not just myself, a technically literate person, but my mother, sister, girlfriend and friends... Ideally if it stops just one malicious ad from landing itself upon my home's network then I say the benefit is there.
If you have an excuse to run a Raspberry Pi at home for any other purpose then use Pi-hole to piggy back off it and the cost you cite becomes a writeoff. I had a Rpi running OpenVPN for myself, throwing PiHole on it was a no brainer.
> Browser based adblockers (which is available on most desktop browsers, mobile safari, and firefox for androd
Answered your own question. That list does not include chrome, smart TVs, fire TV, Roku, Kindle, game consiles, iot devices of all types. Nor all guests.
You need both. Security / defence needs to be deep and layared and mukti-vendor to be effective.
Pi Hole is free, unless you're counting the system you have to run it off of (like a raspberry pi) but you can run it off any device you want like a virtual machine at home for instance, so you only need to buy a Raspberry Pi if that's how you intend to operate it. The benefit of it, is it blocks a lot more than just ads. For instance, it blocks any attempts to "phone home" by my smart TV or by applications I use such as Nvidia Geforce Experience. It's more extensive than browser based ad blockers because it works for your entire network, not just web browsing (for example, blocks all youtube ads on my un-rooted mobile device). It also has a huge set of customizable community maintained block lists that block everything from simple ads all the way to pornography (if that's what you want).
All you need is a VPN (such as OpenVPN) or SNT (such as ZeroTier) to your home router with your Pi-Hole. Which is conceivable on mobile, though it does cost some power (but you also don't see/load the ads saving bandwidth and CPU cycles). A Pi-Hole on a Raspberry Pi doesn't cost much electricity-wise; it does cost something for the hardware but you can use the RPi for more that just Pi-Hole. An alternative is Ublock Origin which works in Firefox and Chrome (even Firefox Mobile) but it isn't OS-wide.
With always connected VPN on my mobile to my home, blocking ads on mobile works well. Also when connected to hotspots on my portable devices. Great point about work though.
The difference with pi-hole is that since it blocks it at the DNS level the network traffic doesn't even reach you, saving on bandwidth.
It will also be faster than most browser based ad blockers since the browser has to analyze every webpage whereas pi-hole blocks by simply not making a request.
Also if you want a DNS that works outside your local network it would be trivial to get a cloud server for $5 a month put pi hole on it and route DNS through that. Then you could get free https certs and have a pretty sweet private DNS just for you!
And if you're someone trying to setup their own local DNS it's likely you have a spare pi or computer laying around somewhere to use.
And finally it offers pretty great convience. Instead of having to setup blockers on every device it just needs to be set on the pi.
I do what pi-hole does using pfBlockerNG, a package available for pfSense, which my home router runs.
But I still combine it with a browser-based ad blocker. It's worth doing both, because the network-based blocker will also block other LAN devices connecting to tracking servers, increasingly important in this IoT age.
According to my router's stats, the most blocked sites are:
I run a similar setup that downloads the blacklist from some guy named Steven Black who wants to make the internet better and then I pipe it through sed to include them on my unbound resolver. The file is configured as an include on unbound.conf.
The next step would be to do render the whole page including ads directly into a canvas/opengl element using some heavily obfuscated wasm binary in order to circumvent the DOM and any DOM/JS-based ad blocker.
Would be great if this would be an option, especially with the GDPR coming. But for small to medium sized publishers there are no ads you could host your own.
I've been running a Pi-Hole instance for about a year now, it's excellent. I could never get it to work with my router, but manually configuring the DNS on my devices to point to it works just as well.
One thing that became immediately apparent was how much faster browsing the web got after I turned it on.
I wonder if the backlash against advertising and social and the web more generally will lead to more people buying these sorts of devices to try and own their own networks and information again. Surely the cloud providers and the platforms will suffer in this shift.
I think we are slowly gaining consciousness about the danger of ads. It's really pernicious but I think has overall terrible effects on people (self estime, food / alcohol consumption...). And not just ads, but also product placement in movies / TV shows.
I think it's terrible for our health and our minds.
> Publishers will target Salmela’s software if it becomes anywhere near as popular as AdBlock Plus, says Nicole Perrin, an analyst at researcher EMarketer.
I'd caution about that claim. Google pulled AdNauseam[0], a uBlock Origin extension, from the Chrome Web Store since it was fundamentally disrupting Google's business model via click fraud. (It automates clicking ads in order to create noise in user tracking.) This was far, far before it became as popular as AdBlock Plus.
PiHole takes an even more aggressive stance against ads, blackholing entire networks. It poses as much as a threat to the ad industry as AdNauseam. So I'd wager that PiHole will get shut down long before it reaches the popularity of AdBlock Plus.
installing arbitrary software off the internet by piping curl output to bash is a terrible idea. At the very least, I would have expected them to sign this script... considering this software has unlimited access to your internal network, and the ability to influence ALL network traffic into/out of your internal network.
None. None at all that anyone's noticed in our home, and I imagine the speed associated with the fewer server requests and their payload offsets any negligible performance degradation that would have been there.
Would it not be possible to code either an add on or even a proxy server that "accepts" the ads, but sends them to /dev/null while serving up a "clean" rendering of a page? I'm sure this can be done.
Personally I have no problems with ads per se, it's the tracking, privacy, and security aspect I'm concerned about (and also the unbelievable bloatedness of ad-financed sites lately as ad prices race to the bottom). Personally I'd be fine with ads if we could go back to a content-oriented model where first-party static assets are served as ads rather than the targeted advertising we have now. I know others here who have zero tolerance for any kind of ads, though. Trying to grasp what a feasible business model for content creation could be, including paywalled content/micropayments as almost anything seems better than the clickbait and brainwash crap we have now.
it's the tracking, privacy, and security aspect I'm concerned about
And that's what ads are, per se, in the 21st century. "Ads", as the current implementation defines it from my perspective, are no longer general-purpose and static. No, they chase you around the web and then for weeks will try to sell you the thing you just purchased. They'll load random executable code onto your machine. I, too, have no problem with a static JPG at the top of the screen, but that hasn't been what ads are in over a decade.
Now the counter-argument would be, "but TV and print ads are not like that, so not all ads." Okay, fair argument though that might be, it's only because TV and print can't, and it's not for lack of trying. Print had the CueCat[0], TV has tried (and mostly failed), but those Samsung TVs are looking pretty creepy from what I'm reading.
So to me, it's like saying, "I don't have a problem with authoritarian governments per se, it's all of the spying, control of the citizenry, and propaganda I have a problem with." Well, that kind of defines an authoritarian government, ergo...
Anyway, I'm just being pedantic. Load up those ad blockers, and get Pi-hole running.
Ads, per se, are harmful and dangerous, individually and collectively.
There's an ample literature, in media studies and elsewheere, to this effect.
Mentioned in TFA:
Among other things, the online advertising business model has incentivized clickbait—and worse—at enormous scale. Facebook Inc. and YouTube LLC figure out how to make people spend more time on their sites to maximize ad inventory. This has abetted the spread of fake news, violent children’s content, and Logan Paul.
You don't have to use the hosts file (or addn-hosts ), but performance starts to suffer once the list of domains gets past 120,000.
jacobsalmela says:
June 24, 2015 at 06:53
It's partially due to the amount of domains on the lists controlled by the other sites. ~120,000 seemed to be the sweet spot. Once it got higher than that, the hosts format performed better. But a faster SD card can make a difference..."
The "list of domains" here is a list of domains to which the user does not want her computer to connect.
The author is suggesting list sizes over 120,000 begin to trigger performance issues, using this dnsmasq-based approach.
What about another "list of domains" that comprises all the ones to which the user does want to connect.
Would it be more or less than 120,000?
For over 15 years I have been running authoritative nameservers on the local network, using tinydns and later nsd, including a custom root.
cdb, the key-value store used in tinydns, on its own is useful for storing domain->ipaddr mappings. I can store lists up to 4GB.
If I understand correctly, the rough equivalent in Pi-Hole is perhaps serving /etc/hosts or some other list of hosts via dnsmasq. (I believe pdns_recursor can also serve /etc/hosts if I recall correctly.)
IME, controlling both /etc/hosts and authoritative DNS has made it very easy to block ads since they almost always rely on DNS.
However I use authoritative DNS as a substitute for recursive DNS.
/etc/resolv.conf lists authoritative nameservers, not resolvers.
As such, DNS is primarily used not to block but to selectively permit. (To build the zonefiles, I use a separate method for "prefetching" needed IP address in bulk that does not use recursive DNS. It has worked beautifully for over 15 years. On the local network I have encrypted DNS lookups via authoritative queries to CurveDNS-proxied authoritative nameservers; no recursive resolvers are needed.)
Foregoing recursive DNS, the approach is similar to a firewall ruleset where the default is to block everything. The user then adds specific rules to allow desired traffic (or in this case domain resolutions).
In other words, the approach I chose was to determine what domains I wanted to access instead of trying to identify every possible domain that needed to be blocked. Every domain is blocked by default until I allow it.
Although I have no need for Pi-Hole personally I would like to see it succeed. I am glad to see that other users taking an interest in DNS.
The reason I ask the question about the size of the "allow" domain list is that over 15 years I am not even close to reaching 120,000 domains. I wonder how many domains other users visit.
To rephrase the question again: If there are two lists of domains: 1. all the domains to which the user wants to allow and 2. all the domains she wants to block, then which is the larger list?
[+] [-] koolba|7 years ago|reply
I've been using ad blockers and NoScript plugins for longer than I can remember. Before that I was using /etc/hosts file based blocking. I've never felt like I was stealing nor do I know anyone that feels that way.
On the contrary, I've always felt that content to display, and in particular code to execute, on my device is my decision and mine alone.
[+] [-] horsawlarway|7 years ago|reply
It's an incredibly slippery slope that leads to complete loss of autonomy for individuals.
If I refuse to read roadside billboards, am I now stealing?
If I tear up newspaper ads and throw them away, am I now stealing?
If I turn off my tv during ads on a cable show, am I now stealing?
I think any sane person would definitively say "NO!", I think it's an incredibly dangerous line of thought that associates loss of attention as theft.
Fundamentally, we have the right to choose what we pay attention to. Some sites block me when I have adblockers enabled, I think that's fine. But don't serve up your content and then complain that I choose to ignore parts of it. I have free will and autonomy.
[+] [-] BonesJustice|7 years ago|reply
Absolutely. I reserve the right to decide what gets displayed on my computer, and what code runs. Websites can try to serve me stuff I don't want to see, but if they do, I am well within my rights to remove it.
That doesn't stop at ads, either. I often use my ad blocker's element hider to remove all the superfluous cruft that adorns so many websites. I don't want to see your social media sharing buttons, your half-page auto-playing videos, your cluttered sidebars, or enormous footers. And I definitely don't want to see your "Open in App" buttons that occlude the lower portion of your content.
If you want to ruin your site with user-hostile design, then fine, but that won't stop me from making it usable again on my device.
[+] [-] ACow_Adonis|7 years ago|reply
Its like industry is trying to actively change history.
Practically no one saw or has seen ad-blocking as akin to stealing. This is a line completely made up by the advertising industry to try to co-opt a publicly available communication and content publishing system that existed and was being heavily used BEFORE advertising was prevalent.
Advertisers came along and polluted the internet after the internet was being used and free content was already being posted.
Ad-blocking arose as an organic and natural reaction to advertisers beginning to appear and moving onto the free internet, not internet denizens thinking/conspiring to get their hands on the sweet juicy content of advertisers and trying to fight their way into the advertisers domain.
[+] [-] Hoasi|7 years ago|reply
> I've never felt like I was stealing nor do I know anyone that feels that way.
Never understood that concept either. It probably originated with people who were making a quick buck with ads on their sites defending their turf when the winds changed.
For a while advertising was like free money, so that's understandable.
The problem with content providers (news, quality blogs and such) is that they didn't look for a better model earlier. Therefore many were left trapped with this dreadful advertising revenue model.
[+] [-] LoSboccacc|7 years ago|reply
That’d be me (kinda):
I used to make exception for web comics I subscribed to and other websites I visited regularly, using adblocker only for browsing the random internet at large.
Until looking for group served a malware.
So now everything gets blocked.
So I would probably put myself into the “understands ads are your revenue and once upon a time was permissive” category.
[+] [-] ngold|7 years ago|reply
[+] [-] dvfjsdhgfv|7 years ago|reply
[+] [-] drdeadringer|7 years ago|reply
[+] [-] eli|7 years ago|reply
[+] [-] darawk|7 years ago|reply
I say this as someone who uses an AdBlocker daily. Of course it's stealing. You're violating the contract you implicitly agree to when you visit the site. This may or may not have legal force, but it's clearly stealing. If you don't want to see ads, don't visit sites that have them. THAT is how you retain the sanctity of your experience and avoid stealing.
[+] [-] bllguo|7 years ago|reply
I personally do block most ads, which is kind of justifiable to me because of malware concerns, but I'm not going to pretend I'm doing nothing wrong. I try to pay for content when possible. I support non-advertising business models.
[+] [-] gruez|7 years ago|reply
[1] I know you can run pi hole on your desktop OS, which is technically free, but you need to leave your computer on 24/7 which undoubtedly raises your electricity bill.
[+] [-] TheCapn|7 years ago|reply
If you have an excuse to run a Raspberry Pi at home for any other purpose then use Pi-hole to piggy back off it and the cost you cite becomes a writeoff. I had a Rpi running OpenVPN for myself, throwing PiHole on it was a no brainer.
[+] [-] njharman|7 years ago|reply
Answered your own question. That list does not include chrome, smart TVs, fire TV, Roku, Kindle, game consiles, iot devices of all types. Nor all guests.
You need both. Security / defence needs to be deep and layared and mukti-vendor to be effective.
[+] [-] FreeKill|7 years ago|reply
[+] [-] Fnoord|7 years ago|reply
[+] [-] parasanti|7 years ago|reply
[+] [-] trip1|7 years ago|reply
It will also be faster than most browser based ad blockers since the browser has to analyze every webpage whereas pi-hole blocks by simply not making a request.
Also if you want a DNS that works outside your local network it would be trivial to get a cloud server for $5 a month put pi hole on it and route DNS through that. Then you could get free https certs and have a pretty sweet private DNS just for you!
And if you're someone trying to setup their own local DNS it's likely you have a spare pi or computer laying around somewhere to use.
And finally it offers pretty great convience. Instead of having to setup blockers on every device it just needs to be set on the pi.
[+] [-] johnvanommen|7 years ago|reply
In my household we have four people with smartphones and another four laptops. That's a lot of ads to block.
Blocking ads on my laptop made a more noticeable improvement to web browsing than increasing my network bandwidth.
[+] [-] LeoPanthera|7 years ago|reply
But I still combine it with a browser-based ad blocker. It's worth doing both, because the network-based blocker will also block other LAN devices connecting to tracking servers, increasingly important in this IoT age.
According to my router's stats, the most blocked sites are:
device-metrics-us.amazon.com e.crashlytics.com ssl.google-analytics.com www.googletagservices.com www.google-analytics.com nexus.officeapps.live.com api.stathat.com www.googleadservices.com
[+] [-] ulzeraj|7 years ago|reply
#!/bin/sh
PATH="/bin:/usr/bin:/sbin:/usr/sbin"
rm -f /tmp/badsites
wget https://raw.githubusercontent.com/StevenBlack/hosts/master/h... -O /tmp/badsites
if [ -f /tmp/badsites ]; then
firc-service unbound reload
[+] [-] rb808|7 years ago|reply
[+] [-] AdmiralAsshat|7 years ago|reply
[+] [-] yoodenvranx|7 years ago|reply
[+] [-] tobltobs|7 years ago|reply
[+] [-] eli|7 years ago|reply
[+] [-] djhworld|7 years ago|reply
One thing that became immediately apparent was how much faster browsing the web got after I turned it on.
[+] [-] crunchlibrarian|7 years ago|reply
[+] [-] bxio|7 years ago|reply
I installed a Pi-hole last week, totally worth. Best amount of time and money I've spent so far this year.
[+] [-] thejrk|7 years ago|reply
[+] [-] cdancette|7 years ago|reply
I think it's terrible for our health and our minds.
[+] [-] darkkindness|7 years ago|reply
I'd caution about that claim. Google pulled AdNauseam[0], a uBlock Origin extension, from the Chrome Web Store since it was fundamentally disrupting Google's business model via click fraud. (It automates clicking ads in order to create noise in user tracking.) This was far, far before it became as popular as AdBlock Plus.
PiHole takes an even more aggressive stance against ads, blackholing entire networks. It poses as much as a threat to the ad industry as AdNauseam. So I'd wager that PiHole will get shut down long before it reaches the popularity of AdBlock Plus.
[0]: https://adnauseam.io/
[+] [-] jordigh|7 years ago|reply
Yes, citizens, watch your daily dose of ads or else the economy crumbles! For the good of capitalism, watch ads, citizens, watch ads!
[+] [-] cfadvan|7 years ago|reply
Gotta earn those 15 million credits!
[+] [-] ch4s3|7 years ago|reply
Also, a link[1] to the Pi-Hole page.
[1]https://pi-hole.net/
[+] [-] craftyguy|7 years ago|reply
> Install by running one command:
> curl -sSL https://install.pi-hole.net | bash
installing arbitrary software off the internet by piping curl output to bash is a terrible idea. At the very least, I would have expected them to sign this script... considering this software has unlimited access to your internal network, and the ability to influence ALL network traffic into/out of your internal network.
[+] [-] vanadium|7 years ago|reply
[+] [-] NegativeLatency|7 years ago|reply
You're probably getting a net performance win without all that add data being loaded.
[+] [-] nasredin|7 years ago|reply
[+] [-] snake_plissken|7 years ago|reply
[+] [-] yuhong|7 years ago|reply
[+] [-] blueseaadmin|7 years ago|reply
[+] [-] verdverm|7 years ago|reply
The setup needs upgrading for DNS over https and maybe run it in Kubernetes?
[+] [-] tannhaeuser|7 years ago|reply
[+] [-] mikestew|7 years ago|reply
And that's what ads are, per se, in the 21st century. "Ads", as the current implementation defines it from my perspective, are no longer general-purpose and static. No, they chase you around the web and then for weeks will try to sell you the thing you just purchased. They'll load random executable code onto your machine. I, too, have no problem with a static JPG at the top of the screen, but that hasn't been what ads are in over a decade.
Now the counter-argument would be, "but TV and print ads are not like that, so not all ads." Okay, fair argument though that might be, it's only because TV and print can't, and it's not for lack of trying. Print had the CueCat[0], TV has tried (and mostly failed), but those Samsung TVs are looking pretty creepy from what I'm reading.
So to me, it's like saying, "I don't have a problem with authoritarian governments per se, it's all of the spying, control of the citizenry, and propaganda I have a problem with." Well, that kind of defines an authoritarian government, ergo...
Anyway, I'm just being pedantic. Load up those ad blockers, and get Pi-hole running.
[0] https://en.wikipedia.org/wiki/CueCat
[+] [-] dredmorbius|7 years ago|reply
There's an ample literature, in media studies and elsewheere, to this effect.
Mentioned in TFA:
Among other things, the online advertising business model has incentivized clickbait—and worse—at enormous scale. Facebook Inc. and YouTube LLC figure out how to make people spend more time on their sites to maximize ad inventory. This has abetted the spread of fake news, violent children’s content, and Logan Paul.
[+] [-] vsviridov|7 years ago|reply
[+] [-] textmode|7 years ago|reply
You don't have to use the hosts file (or addn-hosts ), but performance starts to suffer once the list of domains gets past 120,000.
jacobsalmela says: June 24, 2015 at 06:53
It's partially due to the amount of domains on the lists controlled by the other sites. ~120,000 seemed to be the sweet spot. Once it got higher than that, the hosts format performed better. But a faster SD card can make a difference..."
https://jacobsalmela.com/2015/06/16/block-millions-ads-netwo...
The "list of domains" here is a list of domains to which the user does not want her computer to connect.
The author is suggesting list sizes over 120,000 begin to trigger performance issues, using this dnsmasq-based approach.
What about another "list of domains" that comprises all the ones to which the user does want to connect.
Would it be more or less than 120,000?
For over 15 years I have been running authoritative nameservers on the local network, using tinydns and later nsd, including a custom root.
cdb, the key-value store used in tinydns, on its own is useful for storing domain->ipaddr mappings. I can store lists up to 4GB.
If I understand correctly, the rough equivalent in Pi-Hole is perhaps serving /etc/hosts or some other list of hosts via dnsmasq. (I believe pdns_recursor can also serve /etc/hosts if I recall correctly.)
IME, controlling both /etc/hosts and authoritative DNS has made it very easy to block ads since they almost always rely on DNS.
However I use authoritative DNS as a substitute for recursive DNS.
/etc/resolv.conf lists authoritative nameservers, not resolvers.
As such, DNS is primarily used not to block but to selectively permit. (To build the zonefiles, I use a separate method for "prefetching" needed IP address in bulk that does not use recursive DNS. It has worked beautifully for over 15 years. On the local network I have encrypted DNS lookups via authoritative queries to CurveDNS-proxied authoritative nameservers; no recursive resolvers are needed.)
Foregoing recursive DNS, the approach is similar to a firewall ruleset where the default is to block everything. The user then adds specific rules to allow desired traffic (or in this case domain resolutions).
In other words, the approach I chose was to determine what domains I wanted to access instead of trying to identify every possible domain that needed to be blocked. Every domain is blocked by default until I allow it.
Although I have no need for Pi-Hole personally I would like to see it succeed. I am glad to see that other users taking an interest in DNS.
The reason I ask the question about the size of the "allow" domain list is that over 15 years I am not even close to reaching 120,000 domains. I wonder how many domains other users visit.
To rephrase the question again: If there are two lists of domains: 1. all the domains to which the user wants to allow and 2. all the domains she wants to block, then which is the larger list?
The answer will vary from one user to another.
[+] [-] dbuder|7 years ago|reply
[deleted]