AD Blocking on EdgeRouter

It is possible to configure the Ubiquiti EdgeRouter to block ads for your local network using the DNS Zone Blacklist.

SSH into the router, switch user to root using sudo su, then download the dns-blacklist script:

curl -o /config/scripts/dns-blacklist \
  https://raw.githubusercontent.com/wiki/oznu/dns-zone-blacklist/scripts/dns-blacklist

Verify that the file you downloaded contains this:

#!/bin/sh

BLACKLIST_URL=https://raw.githubusercontent.com/oznu/dns-zone-blacklist/master/dnsmasq/dnsmasq-server.blacklist
BLACKLIST_PATH=/etc/dnsmasq.d/blacklist.conf

# Download the checksum on the remote release
CHECKSUM=$(curl -sk "$BLACKLIST_URL.checksum")

# Compare the remote checksum to the existing local file
echo "${CHECKSUM}  $BLACKLIST_PATH" | sha256sum -c -

if [[ $? != 0 ]] ; then
  echo "Blacklist is missing or out of date, downloading update..."
  # Get the blacklist of domains and fix the zone file path.
  curl -sko /tmp/dnsmasq.blacklist "$BLACKLIST_URL"

  # Test the blacklist is valid
  dnsmasq --test --conf-file=/tmp/dnsmasq.blacklist

  if [[ $? == 0 ]]; then
    # Downloaded blacklist is valid
    mv /tmp/dnsmasq.blacklist $BLACKLIST_PATH

    # Restart dnsmasq
    /etc/init.d/dnsmasq restart
  else
    # Downloaded blacklist is not valid
    rm -rf /tmp/dnsmasq.blacklist
    echo >&2 "ERROR: Upstream blacklist did not pass dnsmasq config test."
  fi

fi

Make the file executable:

chmod +x /config/scripts/dns-blacklist

Execute the script the first time to make sure it works:

/config/scripts/dns-blacklist

Link the file to the crontab:

ln -s /config/scripts/dns-blacklist /etc/cron.hourly/dns-blacklist

Verify the dns-blacklist script is listed when running this command:

run-parts --test /etc/cron.hourly

The script will only download the blacklist and restart the dnsmasq service if you don't have the latest updates. This will happen at most once per day when the DNS Zone Blacklist project is updated with the latest data.