Is OpenDNS deliberately not blocking add services?

Comments

24 comments

  • Avatar
    rotblitz

    "I know that OpenDNS had an add blocking category once and that this category has been taken away."

    No, and no.  This category exists.  You can submit domains into it, but you cannot select the Advertisement category for blocking yet.  This is how it always was.

    "Does that mean that OpenDNS is deliberately allowing ad services to pass through the users blacklist?"

    No, in no way.  I have also some of the listed domains in my "always block" list, and they are always blocked without problems. see attached.

    "i cannot see them being blocked by openDNS. To be  use i am using the right domains i added them to my hosts file and pointed them to 127.0.0.1. Then they get blocked."

    These symptoms indicate a totally different problem than you think.  You most likely have a broken configuration. 
    Post the complete plain text output of the following diagnostic commands, so that I may see what's wrong: 

       nslookup -type=txt debug.opendns.com.

       nslookup ads.yahoo.com.

       nslookup doubleclick.com.

    Btw, you don't need to block googleadservices.com and pagead2.googlesyndication.com if you have doubleclick.net blocked, because these are automatically included then, see below.  This safes some "always block" entries.

    nslookup www.googleadservices.com.
    Server: dns1.local.prv
    Address: 10.165.161.12

    Non-authoritative answer:
    Name: pagead.l.doubleclick.net
    Addresses: 74.125.230.153
                          74.125.230.154
                         74.125.230.141
    Aliases: www.googleadservices.com


    nslookup pagead2.googlesyndication.com.
    Server: dns1.local.prv
    Address: 10.165.161.12

    Non-authoritative answer:
    Name: pagead46.l.doubleclick.net
    Addresses: 2a00:1450:4009:80b::1019
                         74.125.230.153
                         74.125.230.141
                         74.125.230.154
    Aliases: pagead2.googlesyndication.com




    BlockedDomains.jpg
  • Avatar
    tonmachielsen

    This is what i see:

    >nslookup -type=txt debug.opendns.com
    Server:  resolver1.opendns.com
    Address:  208.67.222.222

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to resolver1.opendns.com timed-out

    >nslookup ads.yahoo.com
    Server:  resolver1.opendns.com
    Address:  208.67.222.222

    Non-authoritative answer:
    Name:    ads.yahoo.com
    Addresses:  67.215.65.131
              67.215.65.131

    >nslookup doubleclick.com
    Server:  resolver1.opendns.com
    Address:  208.67.222.222

    Non-authoritative answer:
    Name:    doubleclick.com
    Addresses:  2a00:1450:4003:807::1008
              173.194.45.174
              173.194.45.160
              173.194.45.169
              173.194.45.163
              173.194.45.167
              173.194.45.166
              173.194.45.162
              173.194.45.165
              173.194.45.168
              173.194.45.161
              173.194.45.164
    What am i supposed to see? It looks like these domains resolve correctly to their original hosts.

  • Avatar
    rotblitz

    Well, ads.yahoo.com is well blocked by your settings, because 67.215.65.131 is hit-block.opendns.com (i.e. listed in "always block").

    Not so doubleclick.com.  Sorry, this was a typo from me.  It should have been:

       nslookup doubleclick.net.

    Also, repeat the first diagnostic command where you got a timeout (and don't forget the trailing dot again with these commands!):

       nslookup -timeout=12 -type=txt debug.opendns.com.

  • Avatar
    tonmachielsen

    All good.

    When will we have ad-blocking as a category?

  • Avatar
    rotblitz

    If you ask me, I can't know.  I only could help with your previous questions, not with this one.  This can be answered by OpenDNS only.

  • Avatar
    Alexander Harrison

    At the moment, OpenDNS is not designed to be an ad blocking service and therefore we categorize domains for advertising; however, they are not able to be blocked at this time and there are currently no announced plans to enable any ad blocking capabilities. You are always free to add advertising domains to your block list to create your own ad blocking list to block. 

  • Avatar
    tonmachielsen

    Ok, thanks!

  • Avatar
    thekochs

    I'm new to OpenDNS......what are the top AD sites to put in the Always Block Domain feature ?
    I looked at my "stats" and see ads.flurry.com that is in your original list.

  • Avatar
    mattwilson9090

    I have never seen those types of statistics. What's more important is not what everyone else has added in their list, but how you want to use OpenDNS.

    Many businesses want to block social networking sites, while home users let them through. Some families want to block all search engine and then whitelist a specific one, while businesses usually don't care. The best thing to do is to block the categories that you don't want accessed, and then add any that appear to be problems after categories are blocked, or that you specifically don't want to have in your network.

  • Avatar
    thekochs

    Anyone want to chime in for top AD sites I should apply the domain to my "Always Block" list ?
    I know it is just opinion but I'm asking.
    Please list the exact URL I'd need to add.

     

    Thx !

  • Avatar
    mattwilson9090

    Again, without knowing what you want to accomplish with OpenDNS it's impossible to make specific recommendations, especially to the blacklist. The blacklist isn't intended as the primary management for what you block, it's intended for the outliers that either aren't covered in a blocked category, or something specific that you need blocked that is in a category you want to allow. That's the whole purpose of the categories, so that you don't have to manually add everything to a whitelist or blacklist.

     

    I personally use very few blacklist entries, generally ones that aren't yet categorized for a category that I need to block. I actually use more whitelist entries, to allow a specific domain that is categorized in a domain that I otherwise do want to block.

  • Avatar
    tonmachielsen

    I see OpenDNS as a platform to centrally manage what my family will see when they browse the internet and to protect the devices in my home against malware. In my household we are my wife, myself and two growing up kids 8 and 13 years old. I use categories to prevent that my kids are unintentionally exposed to inappropriate content while browsing the web.

    The internet has changed from a source of information to a mechanism to force specific content to users. Mechanisms used are, among others, geotargeting (unintentional language changes, manipulation of search results), cookies (content bubble, look it up on Google), and ads.

    OpenDNS cannot do anything about geotargeting, as far as i know,  or about the search/content bubble caused by websites registering who is doing what on the internet.. But ads, yes. I am not against ALL ads. Ads are needed to pay for hosting. I am against ANNOYING ads. Ads that break the web experience. We can use OpenDNS to prevent exposure to those unwanted ads. OpenDNS is a perfect platform to centrally manage which ads can be seen and which not. So among other categories and security functions i use OpenDNS as a platform to control which ads can be seen by my family.

    I think that this discussion would not be needed if Open DNS would enable us to block Ads as a category.

    Ah, and a ads domains blacklist can be found by simply searching in Google. There are several lists available.

  • Avatar
    tonmachielsen

    Having said all this i started searching the web and found this: http://www.fooldns.com/fooldns-community/english-version/

    I'm going to try it out.

    Any competitive info comparing FoolDNS and OpenDNS?

  • Avatar
    mattwilson9090

    OpenDNS at it's core is a recursive DNS service with a lot of additional features added on, including security related features, domain blocking, and DNS reliability. If blocking something requires a feature beyond DNS service OpenDNS can't even see it, let alone block it.

    The issue of blocking the ads category has been debated in many threads on this forum, the end result of which Alexander's statement above regarding blocking ads. I'm not going to try to rehash any of that conversation here but you are free to read the threads that discuss it. In short, if you want to use OpenDNS and block ads you'll need to use adblocker software, such as Ad Block Plus.

    That said, I've never heard of FoolDNS, but a few things jumped out at me. The vast majority of the website is not in English so I can't read what's there, so I can't really evaluate it. I suspect it's in Italian, but since that's not one of the several languages I have studied, I can't say for sure. If you read that language you are free to evaluate it, but if you can't read the language I'd run at full speed from this service. Unlike OpenDNS it does not block categories and does not seem to be user configurable. They are only concerned with blocking ads, cookies, and malware, but I have no idea how effective they are at either task. In short, the only material you can block are ads that they find objectionable. Although it's listed as a free service for home users, you can do only so many DNS lookups (with no enumeration of how many, in what period of time, or how many users at a particular network the service is intended to support). I get the impression that there might be a strong upsell campaign for anyone using the free service. Also, they SELL your data.

    They claim that the data is anonymized, but any company claiming to be a security service that is also selling your data is suspect. They claim not to track IP addresses, but as we've learned from the NSA's snooping, much information can be gleaned from metadata and whatever other information they might be tracking. I've seriously got to wonder who they are selling the data to, and if they are selling it to advertisers, does that mean an abusive advertiser can get "greenlit" by them simply by offering some money or buying data from them.

    In short, this isn't a service that I'd feel comfortable using or even testing, let alone recommending to others.

  • Avatar
    rotblitz

    I came to similar conclusions like mattwilson9090.

    The service is not configurable and does not provide any stats in the free version.

  • Avatar
    rotblitz

    @thekochs
    "what are the top AD sites"

    This is not the question.  The question would be: what are your top ad domains, because these are different on each network, depending on the web usage.

    That said, simply check your domain stats to find out what your top ad domains are.  (I could tell what mine are, but this would not help you.)

  • Avatar
    thekochs

    I see ads.flurry.com

    Curious, adding ads.flurry.com to the "Always Block" list is not going to break anything as far as IE11 or something ?

  • Avatar
    rotblitz

    Is this a question?  Or an experience?  And what should this have to do with IE11?

    What evident effect would you have expected by blocking ads.flurry.com ?  You'll not see content from them anymore.

  • Avatar
    thekochs

    It was a newbie "what will it affect" general question.
    I'll ad and see.

    Thx !

  • Avatar
    tonmachielsen

    At the end i did this for ad-blocking: http://jacobsalmela.com/raspberry-pi-block-ads-adtrap

    I will continue to use OpenDNS for it's security features.

  • Avatar
    mattwilson9090

    Whether or not a web page is broken by blocking ads has nothing to do with the browser that is used. It is entirely dependent on the webpage itself. There are some sites that are so dependent on their advertisers that if you block them you will totally break the page and not be able to do anything with it. Whether or not blocking an advertisers domain breaks one site doesn't necessarily mean the same results will occur on a different site.

    The only way you can find out is to block the domain and see what happens.

  • Avatar
    mattwilson9090

    The raspberry pi device could work since it appears that you can add your own resolvers instead of the google resolvers, but then you are totally dependent on yoyo.org for the adblocking to be accurate. I have no idea how good they are at that, but their webpage is rather offputting for people trying to support a serious product.

    The only way this can be configured is by modifying the script and conf files. Some have the skills to do that, but the vast majority of people don't.

  • Avatar
    tonmachielsen

    It might be my perception, but i think that anyone who knows what is OpenDNS and how it works might also be able to follow the instructions on the site. But anyway. To be honest, i think that OpenDNS is missing an opportunity here. Most people find annoying ads annoying. Ad-Blocking is one of the most popular add-ons for browsers and many times the first add-on people install. This has a reason. I think website owners have gone too far with pushing ads on people. Nobody bothers about an ad here and there, web hosting needs to be payed from something and ads is a solution. But if you cannot find the content you are looking for anymore because you are lured into clicking on ads instead, this becomes pretty annoying.

    OpenDNS could be the de-facto DNS service if they would start blocking ads. Yes, there is a thin line here where you want or do not want to take away the income of advertisers and that's a decision OpenDNS needs to make (or already made).

  • Avatar
    mattwilson9090

    As is evidenced by many of the threads in here, many people who use OpenDNS do not really know what it is, or how it works. It's been my experience that most people have no clue how the internet, let alone their own computers, work, so something like a raspberry pi based solution will be a good choice for very few.

     

    I can tell you this, I look at hundreds, if not thousands, of different computers a year. Off the top of my head I can't think of any of them that had an ad blocking plugin in their browsers in the past year.

     I'm not going to rehash all of the conversations, pro and con of why OpenDNS is choosing not to make the ad category blockable. Although they might change that decision in the long term, I don't see them doing it in the short term. However, I will point out that if ads are blocked via DNS, if it becomes necessary to unblock a particular ad domain, after it is unblocked it will require flushing the DNS cache on the computer, as well as any intermediary devices (such as a router that is providing DNS services) before that domain is effectively unblocked at the device that needs to access it.

    The primary reason someone would need to unblock an advertisers domain is because a site could become broken or totally non-functional if it's advertisers are blocked. Blocking and unblocking those ads via DNS is going to be much more unwieldy than being able to control it locally.

Please sign in to leave a comment.