本文及资源最后更新时间 2021-11-15 by sky995
在现在这个流量为王的时代,什么程序都给你推一堆的广告,而且关都关不掉。好不容易有了一些广告屏蔽大师什么的程序,结果只能屏蔽电脑,个别还可以手机。但是智能电视、智能投影仪、车载平板等其他智能网络设备该如何是好呢?
昨天折腾了香港服务器,发现适合用来做私人 DNS 服务器,所以今天教你使用 AdGuard Home 搭建一个无广告和跟踪的私人 DNS 给电脑、手机、智能电视投影等设备去广告。
AdGuard Home 逻辑分析
缙哥哥以非专业角度分析:AdGuard 是一款全网广告拦截与反跟踪软件,而 AdGuard Home 是其子项目之一。它是基于DNS解析层进行屏蔽广告与跟踪链接,与本地 Hosts 功能类似,将以上链接在解析层进行阻拦,从而让你的终端不显示广告,并阻断跟踪。由于它是 DNS 解析层,所以即便你没有 Administrator 或 Root 权限,也可以使用。
将 AdGuard Home 安装完毕后,把所有家用设备的网络设置 – DNS地址填写为该IP,即便你不安装任何客户端软件,也能轻松掌控自己的整个网络环境,让你的终端广告去无踪,减少隐私泄露。
需要注意的是,任何与内容共享域的广告都不能被 DNS 级别的阻止程序阻止。比如:YouTube,Twitch广告,Facebook,Twitter,Instagram赞助的帖子……
AdGuard Home 主要功能
- 屏蔽广告和跟踪器(可订阅现成规则,也可以自定义阻止列表)
- 加密的DNS上游服务器(HTTPS上的DNS,TLS上的DNS,DNSCrypt)
- 家庭保护模式(阻止成人内容,以防未成年人查看,在搜索引擎上强制安全搜索)
AdGuard Home 涉及端口
部分带有安全控制的服务器服务商(如阿里云、腾讯云、华为云、亚马逊、谷歌云等)需要开放以下端口:
- 53端口:DNS默认使用53(TCP/UDP)端口进行通信;
- 80端口:访问设置控制台使用;
- 3000端口:初始化 AdGuard Home 使用。
CentOS 安装 AdGuard Home
<code><span class="com">#下载AdGuard Home</span><span class="pln"> wget https</span><span class="pun">:</span><span class="com">//github.com/AdguardTeam/AdGuardHome/releases/download/v0.103.3/AdGuardHome_linux_amd64.tar.gz</span> <span class="com">#解压</span><span class="pln"> tar </span><span class="pun">-</span><span class="pln">zxvf </span><span class="typ">AdGuardHome_linux_amd64</span><span class="pun">.</span><span class="pln">tar</span><span class="pun">.</span><span class="pln">gz </span><span class="com">#进入AdGuardHome目录</span><span class="pln"> cd </span><span class="typ">AdGuardHome</span> <span class="com">#放行3000端口(AdGuardHome初始化需要使用)</span> <span class="com">#firewalld放行3000端口</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">zone</span><span class="pun">=</span><span class="kwd">public</span> <span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">3000</span><span class="pun">/</span><span class="pln">tcp </span><span class="pun">--</span><span class="pln">permanent firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">reload </span><span class="com">#iptables放行3000端口</span><span class="pln"> iptables </span><span class="pun">-</span><span class="pln">A INPUT </span><span class="pun">-</span><span class="pln">p tcp </span><span class="pun">--</span><span class="pln">dport </span><span class="lit">3000</span> <span class="pun">-</span><span class="pln">j ACCEPT service iptables save </span><span class="com">#启动AdGuard Home</span> <span class="pun">./</span><span class="typ">AdGuardHome</span></code>
这里版本不要纠结,反正后台都可以一键升级的。运行 AdGuard Home 后,会提示打开http://IP:3000进行初始化设置,无脑下一步即可,账号密码自己要记住。
初始化完成后,以后只需要输入IP地址即可访问控制台。
如果你是使用阿里云 ECS 云服务器,那么会提示listen udp 0.0.0.0:53: bind: address already in use
,这是啥情况呢?其实是系统默认情况下带有本地DNS服务器systemd-resolved
,该服务使用53端口,从而阻止 AdGuard Home 与其绑定。要解决此问题,禁用systemd-resolved
守护程序即可。
<code><span class="com">//停止进程</span><span class="pln"> systemctl stop systemd</span><span class="pun">-</span><span class="pln">resolved </span><span class="com">//禁止随开机启动</span><span class="pln"> systemctl disable systemd</span><span class="pun">-</span><span class="pln">resolved </span><span class="com">//阿里云官方提供的停止进程命令</span><span class="pln"> systemctl stop systemd</span><span class="pun">-</span><span class="pln">resolved</span><span class="pun">.</span><span class="pln">service</span></code>
今天为了写 AdGuard Home 教程,安装了最新版本,发现跟半年前的对比,增加了非常多的功能。有点基础的一看就懂,看不懂的可以等缙哥哥有空出教程,再与大家分享。
AdGuard Home 其他设置
为了方便管理,可以继续输入命令./AdGuardHome -s install安装为服务,然后就可以使用下面的命令来进行管理了。
<code><span class="com">#启动</span><span class="pln"> systemctl start </span><span class="typ">AdGuardHome</span> <span class="com">#开机自启</span><span class="pln"> systemctl enable </span><span class="typ">AdGuardHome</span> <span class="com">#重启</span><span class="pln"> systemctl restart </span><span class="typ">AdGuardHome</span> <span class="com">#停止</span><span class="pln"> systemctl stop </span><span class="typ">AdGuardHome</span></code>
上面说过,AdGuard Home 默认使用53(TCP/UDP)端口进行通信,所以没有安全控制面板的服务器,还需要在防火墙那开放一下53端口。
<code><span class="com">#firewalld放行53端口</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">zone</span><span class="pun">=</span><span class="kwd">public</span> <span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">53</span><span class="pun">/</span><span class="pln">tcp </span><span class="pun">--</span><span class="pln">permanent firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">zone</span><span class="pun">=</span><span class="kwd">public</span> <span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">53</span><span class="pun">/</span><span class="pln">udp </span><span class="pun">--</span><span class="pln">permanent firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">reload </span><span class="com">#iptables放行53端口</span><span class="pln"> iptables </span><span class="pun">-</span><span class="pln">A INPUT </span><span class="pun">-</span><span class="pln">p tcp </span><span class="pun">--</span><span class="pln">dport </span><span class="lit">53</span> <span class="pun">-</span><span class="pln">j ACCEPT iptables </span><span class="pun">-</span><span class="pln">A INPUT </span><span class="pun">-</span><span class="pln">p udp </span><span class="pun">--</span><span class="pln">dport </span><span class="lit">53</span> <span class="pun">-</span><span class="pln">j ACCEPT service iptables save</span></code>
AdGuard Home 过滤器推荐
这里分享几个好人卡资源网自动的规则订阅地址。
- https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
- https://adaway.org/hosts.txt
- https://hosts-file.net/ad_servers.txt
- https://www.malwaredomainlist.com/hostslist/hosts.txt
- https://raw.githubusercontent.com/xinggsf/Adblock-Plus-Rule/master/ABP-FX.txt
- https://filters.adtidy.org/extension/chromium/filters/2.txt
- https://filters.adtidy.org/extension/chromium/filters/11.txt
- https://easylist.to/easylist/easylist.txt
- https://mizang.top/guize/easylistchina.txt
- https://mizang.top/guize/filter.txt
- https://mizang.top/guize/ABP-FX.txt
- http://www.malwaredomainlist.com/hostslist/hosts.txt
AdGuard Home 过滤规则
你也可以嗅探地址,然后根据提供的方式自己编写过滤规则,请确保每行只输入一条规则。你可以输入符合 adblock 语法或 Hosts 语法的规则。
||example.org^
– 拦截 example.org 域名及其所有子域名@@||example.org^
– 放行 example.org 及其所有子域名127.0.0.1 example.org
– AdGuard Home 现在将会把 example.org(但不包括它的子域名)解析到 127.0.0.1。! 这是一行注释
– 只是一条注释# 这也是一行注释
– 只是一条注释/REGEX/
– 阻止访问与指定的正则表达式匹配的域名