Getting older, not necessarily wiser!
Today I am going to talk about Ad Blocking and Reverse DNS Servers. However this is going to be a little different for me, as I will be venturing into the world of Raspberry Pi.
Quite a few years ago my youngest son gave me a Raspberry Pi 3B (birthday present I believe). As with any new piece of tech, I booted it up, installed an Operating System (OS) and played around with it a bit. Then it sat on the shelf for a quite a while.
Recently a few posts caught my eye about Reverse DNS. A little research yielded a substantial amount of information about Reverse DNS, and a couple of programs used in conjunction; unbound and pi-hole. So I decided to give it a go and took the Raspberry Pi 3B off the shelf.
I am going to skip anything about setup of any kind and instead focus on how ad blocking and reverse DNS work.
One of the first things we need to understand is that our networks physical layout is not equivalent to its functional layout at different levels (see this post on OSI model). The private (home) LAN is generally setup in what’s known as star topology (also referred to as spoke and hub). However with routing, what happens at other levels will be different than the actual physical layout.
For this post I will be using the below example. A local DNS server is shown as part of the LAN. This server is running two programs that are linked together inside the server, pi-hole, and unbound.
The most common ad blocking programs you would install on a local DNS (Domain Name System) server are referred to as DNS sinkholes (pi-hole and adguard are two examples). The ad blocking program connects internally inside the server to a reverse DNS server (unbound or bind9 are examples of this type of program).
To illustrate functionality, lets run through some examples.
You need information on Left Handed Widgets. So you connect to a search engine (we will use google.com as an example here). You cannot go directly to google.com, you need to first find its IP address. Lets run through what happens.
This is your transaction from a high level. There are a few other things going on behind the scene.
Behind the Scenes: Advertising companies will approach Google and your ISP and offer to pay them money for copies of their search lists. These in turn are loaded into advertising sites.
Advertising sites (ad sites) in turn pay money to content providers to place links to the ad sites on there web pages.
When you load a page (say form google), these links come along with it, and your web browser dutifully resolves these links in the above fashion.
The ad site sees a page being loaded by our IP address, searches its database, and find you recently searched for left handed widgets. So they forward ads for widgets to you.
Some people will talk about invasion of privacy concerns, while others do not really care. From my point of view, this would not be a bad thing if there was not an entire economy on web based on ads. It is a huge revenue generator, which of course encourages unscrupulous websites to spam the process to your detriment, sending you mostly ads and very little actual information.
If you notice in the above illustration I have a local DNS server with an IP address. This server contains an ad blocking program and a reverse DNS program. What follows is a high level look at how it works.
Instead of letting your device just send out an information request, you can go into your settings and pick a DNS service to use. This can be done on a per device basis, or in your home router (assuming you have access). In this case we use our local DNS server. When we send our request, it goes though our ad blocking program, then our reverse DNS program. Internally, this is how it works.
Once we send a query to the site IP address, the ad blocker will kick in. On your ad blocker you load lists prepared by courageous patriotic individuals of various greedy money grubbing ad company servers. This is the workflow of the ad blocker.
The need result of this process, any known ad server is dropped into the recursive sink hole and never gets loaded by your browser. Also, like most big recursive DNS servers, ad servers also record your information, which they can not do if the ad link never connects.
I have finally gotten an ad blocking reverse DNS server setup on my network. Initially my page lookup was slow on new pages. But on return visits, it is lightning fast (a benefit of my local DNS not handling everyone else’s query at the same time as mine). On some sites I see lots of blank spaces where ads would have gone. This also makes for much faster page loading (not having to load the ad). Overall I am pleased with the performance.
Looking at the statistics (pi-hole generates a local web page for this), my local DNS server is blocking around 30% of requests (these are embedded page requests for ads). It does not block all ads. After all that is a revenue stream for the money hungry ad companies, and they will keep changing things around to get around stuff like ad blockers.
Incidentally, pi-hole comes with a default ad block list. But you can add more lists form sites like firebog.net.
On a side note, when I recently reinstalled MS Windows, blocked sites jumped to around 50%. Take that for what it is worth, and beware!