Block Ads and malware with dnsmasq on Asuswrt-Merlin

Easy way to set up ad blocking on an Asus router running Asuswrt-Merlin. It adds the lists found in this GitHub repository to dnsmasq so that domains known to deliver ads (or malware, phishing, spam, etc.) resolve to 0.0.0.0.

It assumes that the router is also the DNS server for the LAN, which is done by setting ‘Advertise router’s IP in addition to user-specified DNS’ under LAN -> DHCP Settings to ‘Yes’. Leaving DNS Server 1 and 2 empty will broadcast only the router’s IP for name resolution.

SSH access can be enabled under Administration -> System. Should be set to LAN only. If it really has to be exposed to WAN, at least change the port.

Also, JFFS must be enabled. Still under Administration -> System, set Enable JFFS custom scripts and configs to ‘Yes’.

Set dnsmasq lists

With JFFS enabled, create /jffs/scripts/block-ads.sh, which will add a few custom lines to the dnsmasq config.

#!/bin/sh
# Careful, this will overwrite any existing custom dnsmasq config
echo 'conf-file=/jffs/configs/dnsmasq-domains' > /jffs/configs/dnsmasq.conf.add
echo 'addn-hosts=/jffs/configs/dnsmasq-hostnames' >> /jffs/configs/dnsmasq.conf.add

wget -q -O /jffs/configs/dnsmasq-domains  https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt
wget -q -O /jffs/configs/dnsmasq-hostnames https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt

service reload_dnsmasq

Make it executable: chmod +x /jffs/scripts/block-ads.sh. Run it. It takes a few seconds. Dnsmasq might take a couple minutes to restart for some reason. Reload seems to be faster.

Refresh lists periodically

JFFS is flash memory, frequent writes might wear it out. This will set up a cron entry to update the lists on the first of every month. Should be conservative enough.

Create /jffs/scripts/services-start:

#!/bin/sh
# This script gets called after all other system services
# have been started at boot time

# Install cron job to update ad block in dnsmasq monthly
cru a adblock_update "1 1 1 * * /jffs/scripts/block-ads.sh"

Make it executable: chmod +x /jffs/scripts/services-start. The script is executed on boot. Reboot the router, or just run the script.

Youtube ads

I had to set this up because Youtube was getting obnoxious. I really doubt that serving ads to one year olds sells a lot of products. It did tend to upset mine though, when I needed her to be distracted for a while.

Unfortunately it seems like (some?) Youtube ads are served from the same servers as the actual videos, so this method won’t work all the time. Doesn’t seem like all the ads are served this way though, so at least it helps a bit. For now.