←back to thread

Block Ads in Apps on Android

(unlikekinds.com)
182 points whalabi | 2 comments | 20 Feb 19 14:27 UTC | HN request time: 0s | source
Show context
Fnoord ◴[20 Feb 19 15:35 UTC] No.19208623[source]
I'm using Pi-Hole on an Ubiquiti router together with WireGuard and DNSSEC. My Synology NAS is backup (with regards to the DNS-based Pi-Hole blocking) taking the adblocking load off the router (there's no redundancy for WireGuard endpoint though). I don't (need) to use a RPi anymore. It works extremely well for me, and all my clients also get to connect to Nextcloud running on the Synology.

My setup does far more than just blocking ads, and works transparent as long as the client is connected through WireGuard (which works seamlessly over LTE and public WiFi).

That being said, I really like how Blokada and DNS66 are available in F-Droid [1] [2], and require minimal technical knowledge to set up. The more [ad blocking], the merrier.

As a backup measure I use Firefox with uBlock. The only machine I don't use uBlock is on Kali because I want to see the website exactly as it is being served.

[1] https://f-droid.org/packages/org.blokada.alarm/

[2] https://f-droid.org/en/packages/org.jak_linux.dns66/

replies(5): >>19208826 #>>19209399 #>>19209864 #>>19210109 #>>19214442 #
1. lostlogin ◴[20 Feb 19 16:50 UTC] No.19209399[source]
> My Synology NAS is backup (with regards to the DNS-based Pi-Hole blocking)

Could you explain this a little further - is the Pihole also running on the Synology? Or is secondary DNS the Synology?

replies(1): >>19209665 #
2. Fnoord ◴[20 Feb 19 17:17 UTC] No.19209665[source]
> Could you explain this a little further - is the Pihole also running on the Synology?

Yes

> Or is secondary DNS the Synology?

To be precise,

In LAN, the Synology NAS is the primary DNS (running PiHole on Docker), and the router the secondary. This is to reduce the load on the router. They're both using Quad9's servers on port 853 and using DNSSEC.

In WAN, which is only possible via WireGuard, the router is also the primary and only DNS. This is because I don't think it makes sense to add redundancy and additional latency here. If I'd need additional redundancy here, I'd also need an additional endpoint.

All outgoing DNS traffic going to port 53 (such as Google's) gets not coming from the Synology NAS gets forwarded to the router. Which is very little in my use case.