Skip to main content

Custom AdBlock

This is not something new I am writing today. AdBlocker Plus plugin for chrome, and other browsers blocks ad requests based on the request's domain name or url pattern or some css pattern. The problem with this method is Chrome has no idea of including plugin support for android and therefore ABP as it is wont work. They support a proxy method where all HTTP Requests from browser will alone be routed via the proxy. All ads will be scrubbed by the proxy before sending response to the browser. But ads that are HTTPS and ads on other apps will not be blocked.
So I made a domainlist from https://easylist-downloads.adblockplus.org/easylist.txt. The domainlist is available at https://github.com/kalyanceg/adblock/blob/master/domains.
Note: This might have duplicates and false positives.
Now my thought was to return a servfail while the browser/app tries to resolve these domains. As I said a bunch of people has wrote blogs about it, But they were using named as their dns server. In named each domain has to have a separate zone entry as most of the domains are completely distinct. Powerdns helps us to programatically return dns responses using pipe-backend. This is what we are expecting for. The script https://github.com/kalyanceg/adblock/blob/master/db_backend I wrote returns servfail if the domain is one in our list or else it queries 8.8.8.8 and returns a response.
Note: dnspython should be installed for the script to work
To make it work on a linux system
1)install pdns-server
2)copy this script and domainlist to /etc/powerdns
3)install pdns-backend-pipe
4)Copy this pipe-backend conf to /etc/powerdns/pdns.d/pdns.local
5)Restart pdns
Now edit your dns resolver to point to this server you have just set up(by editing resolv.conf in linux ). Android supports editing resolver using static ip settings while you are using wifi. 

Comments

Post a Comment

Popular posts from this blog

The FB outage

 This outage has caused considerable noise everywhere. It was quite discomforting for me because during the whole conversation nobody bothered to understand the gravity of the issue. I don't expect end users to understand the issue. But this is going to be a blogpost for all of those in the tech field, Such an event can happen how much ever chaos engineering, best of the tech jargon we implement in the stack To all my Site Reliability Engineer friends, Site Up is our first priority. I myself said many a times outage is news and SREs should prevent outage. But I'm afraid this is leading to a cult in the industry who despises outages and takes no learnings from it. I don't know what has happened in Facebook. I can explain a scenario which may or may not be right but that can definitely show the gravity of the issue. Let's draw a probable Facebook architecture Disclaimer I don't work at Facebook. So this might not be how facebook routes traffic. This is based on my exp
2 comments
Read more

The server, me and the conversation

We were moving a project from AWS to our co-located DC. We have setup KVMs scheduled by Cloudstack for each of the component in the architecture. The KVMs used local storage. The VMs are provisioned with more than required resources because we have the opinion that in our DC scaling during peak load and then downscaling doesn't offer much benefits financially as we are anyways paying for the hardware in advance and its also powered on. Its going to be idle if not used. Now we found something interesting our latency in co-located DC was 2 times more than in AWS. The time for first byte at our load balancer in aws was 60ms average and at our DC was 112ms. We started our debugging mission, Mission Conquer-AWS. All the servers are newer Dell hardwares. So the initially intuition was virtualisation is causing the issue. Conversation with the Hypervisor We started with CPU optimisation, we started using the host-passthrough mode of CPU in libvirt so VMs dont see QEMU emulated CPUs,
Post a Comment
Read more

How we have systematically improved the roads our packets travel to help data imports and exports flourish

This blog post is an account of how we have toiled over the years to improve the throughput of our interDC tunnels. I joined this company around 2012. We were scaling aggressively then. We quickly expanded to 4 DCs with a mixture of AWS and colocation. Our primary DC is connected to all these new DCs via IPSEC tunnels established from SRX. The SRX model we had, had an IPSEC throughput of 350Mbps. Around December 2015 we saturated the SRX. Buying SRX was an option on the table. Buying one with 2Gbps throughput would have cut the story short. The tech team didn't see it happening. I don't have an answer to the question, "Is it worth spending time in solving a problem if a solution is already available out of box?" This project helped us in improving our critical thinking and in experiencing the theoretical network fundamentals on live traffic, but also caused us quite a bit of fatigue due to management overhead. Cutting short the philosophy, lets jump to the story.
15 comments
Read more