Why Pi-hole when you can RouterOS adlist?
Vložit
- čas přidán 2. 07. 2024
- RouterOS DNS server now has a new feature - adlist. Introduced in version 7.15 it takes URL lists and blocks unwanted web content.
help.mikrotik.com/docs/displa... - Věda a technologie
Amazing! Mikrotik is is the go to technology because they LISTEN to the people.
but they don't.. they add features nobody in the real world wants/needs instead of fixing their bugs and testing new releases before they come out instead of letting the community do their bug testing...
@@ON3RVH Aren't you a little negative person? For instance I'm happy with mikrotik products since early 2000s.
@@jan.kowalski negative? not really..
I've used tik since a very long time and although I like using tik, ROSv7 has been an absolute nightmare..
With every release they break new things, things that were working before are all of the sudden completely broken and new things that no one needs or wants are being added..
DLNA, adlists, .. all useless for a router.
DLNA for example has been obsolete for almost a decade but still the mikrotik team insists on putting money and effort into developing the standard all over a gain instead of fixing what is broken and new releases don't even get tested if you look at the forum.. all the bugs that folks find that are pretty easy to spot if they had done any decent testing of the release before putting it out there..
@ON3RVH how many times have you copy+pasted that on this video now
@@user-lg4le8xr4s 0 as I don’t copy/paste..
Thanks for adding more useful features to routeros. You people are awesome.
Another use for this is as a content filter for public wifi, schools or libraries. They can import a list of NSFW websites to block and restrict access to, it doesn't have to be just for blocking ads specifically
That’s true. You can make your own list with anything inside
Just add a whitelist option and it will be perfect for regular home use!
Nice feature ! As others have said, it's not really on par with Pi-hole's features but it's a start !
I personally don't need all the features Pi-hole offers, so just being able to whitelist URLs and check requested URLs per device would be enough for me.
Superb @mikrotik! Great job. Will this be going into the next release of winbox?
Just tried it out , works perfectly , Mikrotik for the win
Excellent, just excellent 😁
If a domain is listed in more than one host list, when it's matched, does the match count increment for both lists or just the first one?
on hAP ac^2 with RO 7.15.2
Locally hosted adlist - worked correctly, name-count=163299
URL based adlist - same list, name-count=0
Something prevented the download from URL. It could be incorrect SSL configuration, a firewall rule, DNS resolution problem or maybe just a typo in the URL.
@@mikrotik I downloaded the file on the device itself without any problems with fetch, I will do more testing, thank you!
@@mikrotik I'm having exactly the same problem. SSL verification is disabled, no firewall rule preventing it, dns resolution and typo can be ruled out since the same url worked when fetching the file on the router.
Same problem here. Also nothing in the logs. Please let me know if you find a solution ;-)
same issue for me ( 7.15.2, hAP ac lite, local file OK, url NOK)
It would be good for it to download directly to RAM and bypass the flash, so CRS326 with 16MB of flash but enough RAM could use the feature.
The list itself is already stored in RAM.
We indeed do not need pi-hole, but we still need the underdog blocky. Why, because of its incredibly powerful and flexible confiootions.
In RouterOS You can already redirect DNS queries to an external Adblock dns server, like AdGuard or Cloudflare. Same as blocky
@mikrotik I personally use Pihole for local domain resolution along with Nginx, does Mikrotik allow that as well?
My Pihole currently uses a number of lists and merges them (allowing me to keep a list on a server of my own as well as using external list). Is this something that Mikrotik can add?
You can use multiple lists as well
@@mikrotikdo we use the same method to add multiple lists ?
@@mikrotik Yes, but does it merge them, avoiding duplication?
That's fantastic! Thank you for adding this feature.
Super work ... thank.
Thats pretty awesome, though barebones. It would definitely benefit from the ability to comment each entry, and disable/enable them on-the-fly, just like usual adblock DNS'
also, some times it's useful to pause ad blocking. can this feature be paused without disabling every single list?
EDIT: nevermind, I see there's a pause feature in Winbox. could have mentioned that in the video.
This is coming in one of the next updates
Does it have the same clients grouping and white\blackilst functionalities pi-hole has?
of course not.. It can't beat Pi-Hole as Pi-hole does so much more and is easier to maintain and troubleshoot
The adlist on tik does not even have any features, just add the list and be done with it, while in the real world we need to do so much more and be able to whitelist too
@@ON3RVH ok, thanks for the confirmation. I suspected it was a truncated function that this way is practically useless
@@4L3xN3ti think it might be better for low ram devices, my ac2 seems to run out of ram from time to time when a container is running, i might just switch to an adlist since i just want to block ad websites
Wow, perfect!
Thanks Mikrotik
After adding, it will not download the file. Tried a few different things and ended up manually making the file myself after copying the links to a txt file. That does work but wont auto update. Hopefully that download issue could be fixed or has a fix to get it to work later on.
Probably you forgot to set ssl verify to off
@@mikrotik Made that was off actually, also tried via winbox widget instead of cli. Looked over my firewall rules and cant see it getting blocked either.
How long until mikrotik starts recursively resolving DNS?
You can run a lightweight container with unbound/bind9 if you want a recursive DNS server.
@@user-eh8oo4uh8h I did it! I asked if mikrotik could integrate recursive DNS resolution, that would be great!
Hi :)
Really nice video!
Could you give several examples of other reliable lists?
Thank you in advance!
Best regards,
Plamen
Here is one source you can try firebog.net/
is it possible to do DNS server randomization like in blocky? (golang) That also is quite nice for privacy
You can add as many dns servers as you want
@@mikrotik I've successfully implemented DoH using your guide, and it's working great for my home network. However, I'm encountering an issue with the new DNS adlist feature. Despite setting up 6 ad-blocking lists, none of them seem to be matching when I use various DNS testers. Is it possible that the adlist feature is incompatible with DoH? Or am I missing a step in the configuration process?
@@RadHard They said that you cant have this 2 features enable. Unfortunely, or you use DoH or use Adlist.
Can be used to have a kind of "whitelist? so block everything except the urls of a specified list?
Download the list to your computer and edit out the urls you don’t want blocked.
Whitelist as a feature is coming soon
@@mikrotik Thanks for reply! I'll have to wait the whitelist feature, since I have to block everything (especially unknown sites) allowing just the one needed for a specif software to run. There is an ETA or target build for this feature to come?
This functionality does not work if the router has the Use DoH Server configured :sed-pepe:
You can’t “want to use other dns server” and “don’t want to use other dns server” at the same time.
Can i use RouterOS on my Raspbery or Orange PI?
No, bare metal install is only possible for x86 and AMPERE CPUs.
@@mikrotik that's why we continue to use pi hole. If it works on my rasp i would buy a level 4 license for routerOS.
But don't get me wrong, i'll buy a Mikrotik hap ax model, they're amazing! But i can't decide. Hap AX lite AX2 or AX3.
Please Mikrotik make it possible to run RouterOS on my PI devices!
how hard is that feature on internal flash memory? just in case i use this feature by downloading lists to connected usb memory and then refreshing adlist, but maybe it would be nice in the future to add option to select temp location for downloaded lists?
As it uses dns server ram cache, lists being downloaded are only being stored in ram I assume
Nice feature.
Fantastic! Will check it out!
Do not forget to add NAT rule, to avoid addlist bypassing :)
/ip firewall nat add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address=! to-addresses=
DNS-over-HTTPS will still bypass it. Any advice to mitigate that?
@@RmFrZQ this task is for NGFW with DPI
@@livankiv I've thought the same...
Is Mikrotik going to offer deep packet inspection in the future?
Whitelisting please!
That’s so cool! Can’t wait to replace pihole with this 😂
pihole is more reliable as of now
sadly it wont block youtube ads, pihole same wont
It will. Just use a better list
Let me answer that question: Because Pi-Hole and AdGuard can do so much more than ROS
yet another feature we don't need on a router instead of fixing bugs and testing releases before they come out
Not everyone has a server to run pihole 24/7
@@mikrotik sure they do. A rPi is cheap.
@@ON3RVH I may have it, but this is more convenient.
@@Rewarpsudomakeinstall how so? No way to add whitelists, whitelist a single domain, add device groups, identify devices on your network, ..
@@Rewarpsudomakeinstall convenient my backside
no need for this feature
Why? Please elaborate
But @MikroTik what is the update interval ?
Currently 1h