adblock - Help me - How to [something like pi-hole]

Questions and mods regarding system management may go here
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Mon Aug 28, 2017 12:50 pm

@Icsoft
Thanks for the cleaning. I am not a big expert of linux scripting. I'll implement some of your mods in the new version, if I may.
BTW: I've read "Updated to work with DSM 6.x." in your comments. The script, also the latest V1 published on the forum, is running at least up to DSM 6.1-15047 Update 2 which I am currently using.
This script (V2) is no more a standalone script but is part of the DSNSrvExt (Ext=Extensions) package which also integrates dynamic dhcp updates from the builtin dhcp server using dns server keys authentication.


PS1:
Take care on your line 98. It is wrong to add the include to the zone.load.conf for 2 reasons:
1) this file is updated by any change made with the GUI
2) it prevents the use of the views
As opposite the include at the end of the null.zone.file:
1) do not suffer from DNS GUI updates unless made to the null.zone.file zone
2) it allows the use of views and thus selecting which clients (LAN IPs) will have the ad-blocker active or not

PS2:
It is mandatory to create the null.zone.file by hand through the GUI. Otherwise the script must also adjust the zone.conf file in the dnsserver/etc. If not done again every access to the GUI will damage the ad-blocker function. This said the rewrite of the null.zone.file in the zone data dir becomes unnecessary if the zone is added by hand through the GUI.
I think that first reason one installs the DNS server is because he needs it for its reasons (serving public domain zones and/or intranet/local ones, deciding which external dns servers will each client use, use the dns server caching, ...). Adding the ad-blocker functionality should not make the original dns functions unusable it must complement them.


@everyone
I've seen SmiGueL's mod that adds full timestamp as the zone serial number "to prevent log errors when updating more than once a day".
This is not an antivirus, it is an ad-blocker. Thus it is not necessary to update the records more than once a week. If every device (in the world) will start to query the list-servers every minute the volunteers that are running them will cease to maintain them because of the big unsolicited traffic that translates to energy, resources and bandwidth costs.
Last edited by dMajo on Thu Oct 12, 2017 9:57 am, edited 2 times in total.
  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

BobW
Trainee
Trainee
Posts: 14
Joined: Wed Sep 18, 2013 3:32 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by BobW » Thu Aug 31, 2017 3:34 pm

dMajo wrote:@Icsoft
Thanks for the cleaning. I am not a big expert of linux scripting. I'll implement some of your mods in the new version, if I may.
BTW: I've read "Updated to work with DSM 6.x." in your comments. The script, also the latest published on the forum, is running at least up to DSM 6.1-15047 Update 2 which I am currently using.
This script is no more a standalone script but is part of the DSNSrvExt (Ext=Extensions) package which also integrates dynamic dhcp updates from the builtin dhcp server using dns server keys authentication.
Where can I find this package you are revering to?

BobW
Trainee
Trainee
Posts: 14
Joined: Wed Sep 18, 2013 3:32 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by BobW » Thu Aug 31, 2017 3:39 pm

Is it possible to use this script to "parent guide" the domains of
- snapchat
-facebook
-twitter
-instagram and all the other social media apps

So yes, What are the domains to block. Can anyone please provide me with the info?

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Sat Sep 02, 2017 1:34 am

BobW wrote:
dMajo wrote:@Icsoft
Thanks for the cleaning. I am not a big expert of linux scripting. I'll implement some of your mods in the new version, if I may.
BTW: I've read "Updated to work with DSM 6.x." in your comments. The script, also the latest V1 published on the forum, is running at least up to DSM 6.1-15047 Update 2 which I am currently using.
This script (V2) is no more a standalone script but is part of the DSNSrvExt (Ext=Extensions) package which also integrates dynamic dhcp updates from the builtin dhcp server using dns server keys authentication.
Where can I find this package you are revering to?
The package is currently published on a private spk server because it is part, together with others, of a bigger project. I cant give you the package at this time.
But I have updated the script's post here if you are interested.
  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Thu Dec 14, 2017 2:58 am

  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Mon Dec 25, 2017 1:50 am

New version posted: V2.03.0101

This solves lattest DNSServer compatibility and implements logging to DNS log DB as recently modified by Synology.
There is a known issue, please read the end of the post for a workaround.


I would like to know how many users are using my script, and which version (1 or 2) to understand if I need to keep it updated here or not.
Regards
  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

M4RC
I'm New!
I'm New!
Posts: 1
Joined: Sat Feb 25, 2017 6:34 pm

Re: HOWTO Enable DNS based ad-blocking using DNS Server pack

Unread post by M4RC » Sat Jan 06, 2018 3:58 pm

Hi,

I have some feedback due to the following error:

The hosts blacklist at "https://raw.githubusercontent.com/Steve ... ster/hosts" contains the following entry:
"0.0.0.0 ms127.0.0.101341.club"

Your sed command in line 162 of the script however reads:
sed -r -e 's/(127\.0\.0\.1|0\.0\.0\.0)[[:space:]]*/zone "/g' adbListType$BL_Index.p01 >> adbListAll.raw # Add line head

which leads to entry above being replaced to
"0.0.0.0 mszone "01341.club",
which leads to an error.

I slightly changed the RegExp to:
sed -r -e 's/^(127\.0\.0\.1|0\.0\.0\.0)[[:space:]]*/zone "/g' adbListType$BL_Index.p01 >> adbListAll.raw # Add line head

Thanks for the great script!
Marc

Briolet
Student
Student
Posts: 65
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by Briolet » Mon Jan 22, 2018 10:53 am

KNOWN ISSUESS: Due to a bug in Synology's DNSServer GUI if the null.file.zone is enabled or disabled an additional closing bracket is improperly added to the null.zone.file data file after the include statement. The DNSServer's GUI displays a message to restart DSM
Workaround: Just relunch the script by going to the control panel scheduler, right-click the task and choose execute. The script will adjust the file and reload the DNS zones.
I use a modification of your V1 script. Just for testing purposes of this issue I disabled the null.zone.file.

However, just running the script did not work to activate the zone again. I kept getting the message that the server could not reload. After completely removing the null.zone.file and re-creating, the server could restart without errors, but did not work.

I do notice that the new V2 script also writes data to the "ZoneDataDir". Apparently that is needed and that data probably existed on my nas because a DNS server update created that at the time of the change.

At the end I got it working by restoring the DNS server from a backup to a version before I switched the null.zone.file off.

For me it looks that the current version V1 is no longer working with the current version of DNS server. At least not for the first-time users.

I do use the V1 version of the script already since end 2015 without problems and is still works for me.

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Mon Jan 22, 2018 11:49 am

@Briolet
The V1 script only append an include line to the blacklist database (ad-blocker.db) at the end of the null.zone.file definition in the data folder.

Apparently in a few lattest DNSServer versions synology has changed something and now they touch the file definitions even if you only enable/disable the zone (without changing anything inside the zone). They do this improperly. Of course they do not expect someone else to add includes in it. But they do not rewrite the file, they only force the file to end with a closing bracket (without removing my include line). This exceeding closing bracket after the include line is incorrect.

So In the V2 script I do not append the include line anymore but instead, at least till synology fixes its bug, I am now rewriting the whole definition with the include. By rewriting the definition of course I remove the exceeding bracket.
So if you rerun the script it fixes the syno bug. Of course in the V2 version. The V1 is dead for me and I do not work anymore on it.
If you wan't to continue to use the V1 just copy the lines around 230 from the V2. The V2 still have the commented line which previously appended the include line so you should have no troubles in finding the correct place and how to patch the V1 by yourself.

I think the V1 should still work, even for first time users, unless they do not touch the null.zone.file zone after the first creation. Any change to the DNSServer that will touch in some way the null.zone.file will add the exceeding bracket corrupting so the configuration. IIRC adding/removing the zone from a view doesn't add the bracket. Only changes to the zone and/or its disabling/enabling do.
Last edited by dMajo on Tue Jan 23, 2018 10:52 am, edited 1 time in total.
  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

Briolet
Student
Student
Posts: 65
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by Briolet » Tue Jan 23, 2018 12:46 am

You are right that the V1 script still should work.

I forgot that I also created several views in the DNS server. By deleting the null.zone.file, it was also deleted from the different views that used it.

So when I started a new null.zone.file from scratch, I should also have added it again to the views were the adblocker should be active.

I once created the views to exclude one phone from the adblocker. More for testing how views work than that I really needed it.

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Tue Jan 23, 2018 10:59 am

Briolet wrote:I once created the views to exclude one phone from the adblocker. More for testing how views work than that I really needed it.
I use views to:
- enable some zones to the various local lan I have.ù
- to define what forwarders the lan client uses
- to define which clients use the adblocker

on the router the only internal node enabled to query for DNS resolution through the wan is the internal dns server
the dns queries are then routed through the wan of vpn based on the target server/resolver.
  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Sat Jan 27, 2018 11:51 pm

New version posted: V2.03.0111

In the meantime the new null.zone.file handling from the V2 has been ported also to V1 to help with the known Synology's GUI bug. V1 is not maintained anymore.
  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 364
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Sun Feb 04, 2018 5:00 am

  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

SynRouter
I'm New!
I'm New!
Posts: 7
Joined: Wed Nov 29, 2017 3:20 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by SynRouter » Tue Apr 24, 2018 11:07 am

Icsoft wrote:Hi,
I like the uncomplicated script by dMajo so i adjusted it and cleaned it up to work with DSM6.x.
I also added some noob instructions.
Hope someone finds it useful :)
Icsoft
Thank you for this solution!
After a lot of trial and error with all the other scripts in this thread your script worked 100% with a Synology ROUTER RT2600ac!

Really nice with error checking from the log.

I have tried to load the latest db from dMajo (replacing the auto created one in the script for more blocking) with 99600+ blocked sites and it worked :D
Although with 40mg of RAM left in the router and its not ultra stable reloading the db and it takes som time so its a bit too much for the router.

The "small" list with 2700+ entries goes instantly.

A combination of SmiGueL script (page 4) and yours would be the dream to be able to tune how many blocklists would be included.

But anyhow, thank you Icsoft, dMajo, SmiGueL and other for contributing, this is awesome.

Cant believe that this is not a standard APP of a Synology router, nas etc, that would be fantastic.

Post Reply

Return to “System Managment Mods”