DNS Ad-Blocking
Updated . Posted
When you request a website, your domain name server (DNS) translates a domain name into an IP address, like this:
duckduckgo.com -> 40.89.244.232
Every network has a default DNS, but you should use one that improves your privacy and blocks ads. There are many choices, some available by changing your settings, and some that require an app.
I used Adguard's free DNS for about 2.5 years, and it's the easiest way to block ads without using any software. In your system settings, replace the wifi's default DNS with these Adguard servers (either or both will suffice):
- 176.103.130.130
- 176.103.130.131
These following options list other methods, to better control your device, as well as filter your cellular data, by using an app.
Some Androids won't let you change your DNS settings, and you need an app. I'd go with NextDNS, or look for other dns changer apps, such as dnspipe,
or Hosts Go. You could try a 7 day trial for Adguard's Android app, and then pay if you like it. There are good reasons to run their software on your phone, compared to relying on an external DNS like NextDNS, but you'll have to decide for yourself.
If you're manually editing a wifi network, to copy/paste those Adguard servers (or any other server), here's the process:
Settings > Wifi > (Network Name) > Configure DNS > Manual > Add Server > (paste Servers above)
This can be tedious if you use many different networks, because you'll have to change each one. However, apps like NextDNS, or Adguard Pro give you far more control over your phone, which is better for privacy, and they work for all networks, If you want a free option with a local filter/firewall, DNSCloak has more features than Adguard but is much harder to use. I haven't tried Shadowrocket, but it seems like the most powerful option and also easier to use than DNSCloak. It's $3, and if knowing what I know today, I would probably buy Shadowrocket for filtering directly on my phone, and then use NextDNS as a secondary filter. I already paid $2 for Adguard Pro, so I'm not going to buy a similar app.
Determine if you want to use Adguard DNS or NextDNS. Both provide free options. I'd go with NextDNS if you want to customize anything, and Adguard if you want something simple.
For Android
For iOS
Other platforms
In April 2020 I switched from Adguard to NextDNS, because their service offers more features and works more easily on other devices. It's free for normal usage, up to 300,000 queries/month, and then only $2/month for unlimited service if you need it. NextDNS has a great website for creating filters and visualizing your traffic. It sorts by common domains and shows you what has been blocked. It's like the Pi-Hole project, but significantly easier to use.
Stan Lange wrote a very detailed review of NextDNS, which inspired my switch. I'll update my post if I have anything useful to share, since I'm relatively new to their service, but his article is excellent and covers everything already.
However, I still recommend Adguard for the quickest solution, provided you don't need to install apps that change your DNS. For a convenient and powerful tool, NextDNS absolutely is the way to go. Adguard's iOS app still provides value as a Safari a content-blocker, or a local DNS firewall. This lets you block traffic before it leaves your phone, which reduces wifi congestion.
If you want to block ads on your cellular network, you'll need an app, which creates a VPN to answer DNS queries. Whether you buy an app or find a free one, the value is amazing, even for $2/month. Your cellular service and wifi probably cost over $100/month anyway.
How DNS Blocking Works
A domain name server converts a domain name into an IP address, like this:
news.ycombinator.com
–> 209.216.230.240
Your phone connects to the given IP address, and the DNS can block sites by refusing connections, and giving your phone the address 0.0.0.0
instead. As an example, Snapchat sends messages with app.snapchat.com
, but they download ads from snap-ads.snapchat.com
. Block that one, and you won't get ads between your friends' stories.
Some apps, like YouTube, use one domain for everything, so you can't block ads with a DNS. It would block the ads and videos together, preventing you from seeing anything. In those instances, just visit the website through a browser, and block ads with a browser extension or content blocker. Mobile apps reduce or eliminate your control, so I recommend using websites whenever possible. This is the only way to watch YouTube videos in the background on a smartphone.
My blacklist is only about 20 rules, which block commonly used patterns, and then I improve my list based on usage. Another approach is to block all traffic with this rule:
*.*
Then, you whitelist only allowed sites. This is the most difficult but also most powerful way to improve your privacy. It breaks everything, and it may take a couple hours to whitelist what you need. If you take this approach, you can look at my whitelist below, selecting entries for any apps or websites you want to visit.
Blacklist
graph.*
personalization.*
location.*
typography.*
typeface.*
tracking.*
metrics.*
stats.*
ads.*
pixel.*
geo.*
geoip.*
tag.*
tags.*
beacon.*
track.*
tracker.*
event.*
events.*
lytics.*
collector.*
I whitelist important websites and apps, and I can always add new rules or disable the blocking. My whitelist is only about 200 entries.
While using apps or visiting common sites, check your network logs, and see what slips past Adguard's filter. Their DNS isn't perfect, and companies are always using new sites to deliver ads. It's a massive arms-race, so I decided to block everything by default and not worry about anything slipping through.
After blocking everything, look at my whitelist to see if you need any particular entries. It should save you some time, since I've already tested them. If there are any errors, please contact me. Once your custom blacklist is good enough, you can switch to a different DNS, like 1.1.1.1, since it's the world's fastest server. Or go with NextDNS, a very excellent DNS.
Whitelist for Categories or Sites
Snapchat
- auth.snapchat.com
- app.snapchat.com
- chat-gateway-prod.chat.snapchat.com
- mvm.snapchat.com
- snap.api.mapbox.com
Core Internet Infrastructure
- oscp.*
- squarespace.com
- l.google.com
- cloudflare.com
- cloudflare.net
- cloudfront.net
- azureedge.net
- polyfill.io
- fastly.net
- fastlylb.net
- bootstrapcdn.com
- squarecdn.com
- blogspot.com
- format.com
- netlify.com
- letsencrypt.org
- digicert.com
- github.com
- github.io
- githubusercontent.com
- herokuapp.com
- mapbox.com
- onfido.com
Popular Sites
- wikimedia.org
- wikipedia.org
- flickr.com
- vimeo.com
- twimg.com
- twitter.com
- reddit.com
- redditstatic.com
- tumblr.com
- wolfram.com
- wolframalpha.com
- wolframcdn.com
- yelp.com
- yelpcdn.com
Firefox and Mozilla
- mozilla.com
- mozilla.net
- mozilla.org
- firefox.com
- firefoxusercontent.com
Google Alternatives
- duckduckgo.com
- startpage.com
- qwant.com
- searx.me
- protonmail.com
- protonmail.ch
- protonvpn.com
- protonvpn.ch
- openstreetmap.org
- joinpeertube.org
Shopping
- paypal.com
- ebay.com
- ebaycdn.net
- ebayimg.com
- ebaystatic.com
- ebayrtm.com
- offerup.com
- craigslist.org
- stripe.com
News
- theatlantic.com
- theguardian.com
- theintercept.com
- washingtonpost.com
- cnn.com
- latimes.com
- wired.com
- reuters.com
- reutersmedia.net
- economist.com
- bloomberg.com
- nyt.com
- nytimes.com
- news.ycombinator.com
- propublica.org
- buzzfeednews.com
Adguard
- filters.adtidy.org
- adguard.com
Facebook and Instagram
- fbcdn.net
- facebook.com
- instagram.com
- cdninstagram.com
- accountkit.com
Apple and iCloud
- api.weather.com
- me.com
- akadns.net
- akamai.net
- akamaiedge.net
- apple-dns.net
- apple.com
- cdn-apple.com
- icloud-content.com
- icloud.com
- mzstatic.com
- apple-mapkit.com
YouTube
- youtu.be
- youtube.com
- googleusercontent.com
- ytimg.com
- googlevideo.com
Miscellaneous
- digicert.com
- identrust.com
- githubusercontent.com