It’s really easy to create a DNS server that filters out malicious ads and links. The most popular option is to turn to Pi-Hole, but you will see for yourself that it is far from necessary. This tool requires some maintenance effort and increases the chances of being compromised by having a web environment open to the outside world.
With just a server, VPS or Raspberry Pi, and 10 commands we will have our own DNS filter running with fantastic performance.
Shall we start?
1 Download Maza Ad Blocking.
curl -o maza https://raw.githubusercontent.com/tanrax/maza-ad-blocking/master/maza
2 Grants Maza enforcement permissions.
chmod +x maza
3 Move Maza to the
sudo mv maza /usr/local/bin
4 Starts Maza
sudo maza start
5 Open the file to configure the Cron tasks.
And add the following line so that the list of addresses to block is updated daily.
@daily maza update
6 Update your package manager.
Example with Debian/Ubuntu.
sudo apt update
7 Install a DNS server.
sudo apt install dnsmasq
8 Open the DNS server configuration.
sudo nano /etc/dnsmasq.conf
And add the following content at the end.
no-resolv bind-interfaces listen-address=0.0.0.0 cache-size=1000 conf-file=/home/your-user/.config/maza/dnsmasq.conf server=22.214.171.124 server=126.96.36.199 server=188.8.131.52 server=184.108.40.206 server=220.127.116.11
user to the name of the user where you started Maza.
In the example I use Cloudflare’s DNS. Feel free to change them to the ones you like.
9 Raise the DNS server.
sudo systemctl start dnsmasq
10 Configure to raise the DNS server at startup.
sudo systemctl enable dnsmasq
And that’s it!
If you are behind a firewall, you will not need to open port 53 on both TCP and UDP.
iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT
And, of course, don’t forget to tell your operating system to use the IP of the server, or VPS, to resolve the DNS.
If you want more information I recommend you to check my Maza Ad blocking repository.