1 min read

dnsmasq for ad blocking

dnsmasq for ad blocking

I have a WireGuard peer running in EC2 that I would like to enable domain-based ad blocking on.

# apt install dnsmasq
# echo interface=wg0 >> /etc/dnsmasq.conf
# curl https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt \
    | grep -Po '(?<=\|\|).*?(?=\^)' \
    | sort -u \
    | sed 's|.*|address=/\0/#|g' \
    > /etc/dnsmasq.d/blocked-domains.conf
# systemctl start dnsmasq
# systemctl enable dnsmasq

Next configure your WireGuard peer to use the "server" peer's IP as the DNS.

[Interface]
DNS=<peer-ip>

From your "client" peer, you can test that DNS returns NXDOMAIN.

$ dig doubleclick.net

; <<>> DiG 9.10.6 <<>> doubleclick.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57684
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;doubleclick.net.		IN	A

;; Query time: 46 msec
;; SERVER: 172.16.8.1#53(172.16.8.1)
;; WHEN: Wed Jan 11 22:23:40 AEDT 2023
;; MSG SIZE  rcvd: 44