How-To: Configuring Adlists in Mikrotik routers
In this article we will show you how to quickly set up an adblocker on your MikroTik device. This function is available on RouterOS, even in our CHR plans.
The Adlist function of RouterOS can be used to block ads on your whole network. It is DNS based adblocker, like Pi-hole. It is available for all MikroTik devices running RouterOS 7.15 and higher.
What makes Adlists better than a Docker hosted adblocker in a MikroTik router:
- Quick to set up, just add blocklists and it will start
- No need to enable containerization on your router
- No need to create extra routing to access your adblocking settings
- No need to change the default DNS server on your Mikrotik router, it is integrated in it.
- It works on all MikroTik routers, even older ones with RouterOS v7
Preparing your router for Adlists
First, we need to ensure that our CHR is running the latest RouterOS v7 version. If it's not, we can update it by going to System>Packages>”Check for updates” and download the latest version of RouterOS.
If you still use RouterOS v6, you can upgrade it with this tutorial.
After the update is done, we need to make our DNS cache larger. Adlists use part of the DNS cache to store all the domains that we need to block. We will start by going to IP>DNS.
After that to make our DNS cache larger, change the Cache size value. This value depends on the size and number of adlists, as well as the available RAM on your router. If you plan to use 1-2 adlists on a router with 128MB RAM and do not run many services on it, you can set the cache to 30 MB or as in our example ~40 MB. After that click "Apply".
ip/dns set cache-size=40000
Adding Adlists
Adding Adlists is straight forward. Go to Adlists and click “+”. You can import your favorite lists by url, or import your own blocked domains via a file. We will start by adding the StevenBlack’s hosts list via an URL. Paste the URL and make sure that SSL Verify is disabled. Click on OK to add it.
ip/dns/adlist add url=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts ssl-verify=no
*SSL Verify is an optional extra security measure. For that you need to import the public key of the CA of the certificate. Without it and with SSL Verify enabled the import will fail.
You will see that the list is imported by the jump in DNS Cache usage and by the number of names next to the list.
We can also add our own list by uploading one from our PC or editing one directly in RouterOS CLI. An example adlist should look something like this.
0.0.0.0 adverts.com
0.0.0.0 click.adclick.com
0.0.0.0 example.click.com
0.0.0.0 malware-site.com
0.0.0.0 fraud.scam.com
To create and edit the file in RouterOS CLI enter these commands. After that enter the sites you wish to block and save it by pressing CTRL+O.
file/add name=adbl.txt
file/edit adbl.txt contents
After that we can apply the custom list by going to IP>DNS>Adlist and click on the “+”. Then instead of URL, click on the arrow next to file and choose your custom list. click on OK to apply it.
ip/dns/adlist add file=adbl.txt
You can see that it is successfully added when RouterOS gets some names from it.
And that’s it. Your router can now block ads for your whole network. Make sure that all devices in the network use your Router’s IP address as the DNS server.
If you wish to have more features such as tracking, ad redirects, custom upstream servers, you can try seting up a docker container on your CHR and using Pi-Hole / AdGuard Home using this tutorial.
