Skip to main content

Custom AdBlock

This is not something new I am writing today. AdBlocker Plus plugin for chrome, and other browsers blocks ad requests based on the request's domain name or url pattern or some css pattern. The problem with this method is Chrome has no idea of including plugin support for android and therefore ABP as it is wont work. They support a proxy method where all HTTP Requests from browser will alone be routed via the proxy. All ads will be scrubbed by the proxy before sending response to the browser. But ads that are HTTPS and ads on other apps will not be blocked.
So I made a domainlist from https://easylist-downloads.adblockplus.org/easylist.txt. The domainlist is available at https://github.com/kalyanceg/adblock/blob/master/domains.
Note: This might have duplicates and false positives.
Now my thought was to return a servfail while the browser/app tries to resolve these domains. As I said a bunch of people has wrote blogs about it, But they were using named as their dns server. In named each domain has to have a separate zone entry as most of the domains are completely distinct. Powerdns helps us to programatically return dns responses using pipe-backend. This is what we are expecting for. The script https://github.com/kalyanceg/adblock/blob/master/db_backend I wrote returns servfail if the domain is one in our list or else it queries 8.8.8.8 and returns a response.
Note: dnspython should be installed for the script to work
To make it work on a linux system
1)install pdns-server
2)copy this script and domainlist to /etc/powerdns
3)install pdns-backend-pipe
4)Copy this pipe-backend conf to /etc/powerdns/pdns.d/pdns.local
5)Restart pdns
Now edit your dns resolver to point to this server you have just set up(by editing resolv.conf in linux ). Android supports editing resolver using static ip settings while you are using wifi. 

Comments

Popular posts from this blog

Lessons from Memory

Started debugging an issue where Linux started calling OOM reaper despite tons of memory is used as Linux cached pages. My assumption was if there is a memory pressure, cache should shrink and leave way for the application to use. This is the documented and expected behavior. OOM reaper is called when few number of times page allocation has failed consequently. If for example mysql wants to grow its buffer and it asks for a page allocation and if the page allocation fails repeatedly, kernel invokes oom reaper. OOM reaper won't move out pages, it sleeps for some time and sees if kswapd or a program has freed up caches/application pages. If not it will start doing the dirty job of killing applications and freeing up memory. In our mysql setup, mysql is the application using most of the Used Memory, so no other application can free up memory for mysql to use. Cached pages are stored as 2 lists in Linux kernel viz active and inactive.
More details here
https://www.kernel.org/doc/gorman…

Walking down the Memory Lane!!!

This post is going to be an account of  few trouble-shootings I did recently to combat various I/O sluggishness.
Slow system during problems with backup
We have a NFS mount where we push backups of our database daily. Due to some update to the NFS infra, we started seeing throughput of NFS server drastically affected. During this time we saw general sluggishness in the system during backups. Even ssh logins appeared slower. Some boxes had to be rebooted due to this sluggishness as they were too slow to operate on them. First question we wanted to answer, does NFS keep writing if the server is slow? The slow server applied back pressure by sending small advertised window(TCP) to clients. So clients can't push huge writes if server is affected. Client writes to its page cache. The data from page cache is pushed to server when there is a memory pressure or file close is called. If server is slow, client can easily reach upto dirty_background_ratio set for page cache in sysctl. This di…

How we have systematically improved the roads our packets travel to help data imports and exports flourish

This blog post is an account of how we have toiled over the years to improve the throughput of our interDC tunnels. I joined this company around 2012. We were scaling aggressively then. We quickly expanded to 4 DCs with a mixture of AWS and colocation. Our primary DC is connected to all these new DCs via IPSEC tunnels established from SRX. The SRX model we had, had an IPSEC throughput of 350Mbps. Around December 2015 we saturated the SRX. Buying SRX was an option on the table. Buying one with 2Gbps throughput would have cut the story short. The tech team didn't see it happening.

I don't have an answer to the question, "Is it worth spending time in solving a problem if a solution is already available out of box?" This project helped us in improving our critical thinking and in experiencing the theoretical network fundamentals on live traffic, but also caused us quite a bit of fatigue due to management overhead. Cutting short the philosophy, lets jump to the story.

De…