Friday, 16 October 2015

using docker to block ads

So i'll continue the Docker run of blogs with another short guide with how we can use docker to block ads. To be fair, this is yet again an example of using a container to do a relatively simple task an make it even easier. The idea here is we're going to containerize a Domain Name Server (DNS), in addition we'll run a script that will pull down ad-servers and block them. Then you just need to point your devices on your network to the DNS and boom, you've reclaimed some bandwidth and saved yourself being exposed to some rather crappy ads.

So yet again, make sure you have docker installed.

We're going to use the excellent work of Sameersbn's bind docker image ( All though i'm going to modify it slightly, as always you can build it with the 'docker build -t' option, \0/ yay!

We're also going to run a container that serves a pixel on port 80. This will be served to whenever our client speaks to our DNS looking for one of the ad domains in a blocklist.

The first time you run the DNS container you'll need to supply it two environmental variables, DN4C (the domain name you want for the container) and IP4C (the IP address of host you're serving from). As usual red indicates specific to you settings. Its pretty simple to be honest, basically;

$ docker run -d -e -e IP4C= -p 53:53 -p 10000:10000 --name adbind -v /srv/docker/bind/:/data arr0n/docker-adbind 

$ docker run -d -p 80:80 --name pixlserv arr0n/docker-pixlserv

There is a script called that's called with the script. This pulls down known ad-servers and when a client requests one of those domains from the blocklist, it will be served a pixel locally. Both images and scripts are available on the Docker-Hub but if you wish to build them yourself you can find them at and Also the DNS container has webmin installed in case you need to do any administration to the server. You'll find a folder called 'data' in your working directory that stores all the configuration files. I'd also suggest running the containers with the --restart=always switch. Now all you'll need to do is point your client to the DNS container and ads will be blocked for you.


Finux Xx


As I said the DNS image we're using is only slightly altered from Sameersbn, I've taken this paragraph from his Github. I obviously suggest you set the ROOT_PASSWORD variable too.

"When the container is started the Webmin service is also started and is accessible from the web browser at http://localhost:10000. Login to Webmin with the username root and password password. Specify --env ROOT_PASSWORD=secretpassword on the docker run command to set a password of your choosing."