Managing HOSTS file Ad-Blocking on Win10
April 15, 2019 7:18 AM   Subscribe

I'm getting ready to set up a new Win10 computer, and I was wondering what was the best method for handling Ad-Blocking via HOSTS File these days.

On my old computer, I'm using HostMan, and it'd regularly give me out-of-memory errors. This may be because I was subscribed to a lot of different lists.

I also had issues where HOSTS file updates would fail because other processes also had the file open which would lock out any edits to the file. I had a separate file-unlocking utility, but often times, the other processes with the HOSTS file open could not be killed, and I would have to wait for them to let go of the file before HostMan could apply its update.

So, since I have a chance to start fresh, here are my questions:

1. Is HostMan still the best way to manage the blocking via HOSTS file under Win10, or is there a better utility these days?

2. Is there any way to prioritize HostMan or whatever other utility that is out there so that it can make its edits to update the file even if other processes are trying to access it (some combination of running the utility as an elevated-privileges special account and customized file permissions, perhaps)?

3. What lists should I subscribe to for optimal Ad-Blocking and malware protection?

4. I'm aware of Pi-Hole but I had been hoping to avoid off-computer solutions. I've heard that Pi-Hole's software can be run on Windows in a Docker container, but I'm not at all familiar with Docker, is the process especially complex, and is Docker free?
posted by radwolf76 to Computers & Internet (4 answers total) 7 users marked this as a favorite
I have not used it (I looked into it but ended up using a PiHole instead), but Technitium is designed for exactly this purpose.

Basically you are doing what the PiHole does, but locally on your machine.

It's equivalent to a very complex /etc/hosts file, but... not. Instead it actually runs a proper DNS resolver, which only responds to requests from the local machine. So your nslookup order is [hosts file] -> [technicium] -> [network dns] (setting aside the issues of caches and stuff).

This means you can still use hosts files for one-off local configurations, which is nice.

I have some questions about how it works when you move around between networks with oddball DNS configs and stuff... but at least it seems designed for the job.
posted by Kadin2048 at 7:41 AM on April 15 [1 favorite]

I'm aware of Pi-Hole but I had been hoping to avoid off-computer solution

If the reason for this is to avoid having another box, and if you have an appropriate router, you can run the blocker there. I use Diversion - it just takes a USB drive plugged into my Asus router. It's great. Supported router models are listed here. If the reason for avoiding an off-computer solution is that you want some clients to be unaffected, you can configure the router to exclude clients from ad-blocking.
posted by exogenous at 7:41 AM on April 15 [1 favorite]

It looks like Acrylic DNS Proxy Home Page is like Technitium that Kadin2048 mentioned. A local DNS Proxy server for Windows machines.

It looks like PiHole is a UI/UX layer over `dnsmasq` which is A local DNS Proxy server for Linux machines. :) So in theory, running the Docker version of PiHole (Docker is free btw) should be about the same as Technitium or Acrylic. It may also be possible now to just use the Linux Subsystem for Windows (LSW) abilities of Windows 10 (I think) to just run PiHole on a LSW instance without Docker (or maybe Docker uses LSW itself now).

Anyway, that's probably the direction you want to head. A local DNS Proxy server. Then you just set Windows DNS to point to the Proxy and set the Proxy to point to the real DNS, and then it's just a set of lines in the Proxy's configuration that does the blocking. This is much better than using the 'hosts' files because the Proxy configs allow the use of wildcards to match requests.

I'm not sure if Docker on Windows is 'hard' or not.
posted by zengargoyle at 10:08 AM on April 15

Oh, it's Windows Subsytem for Linux (WSL)... my bad.

Check out Install Docker Desktop for Windows | Docker Documentation for the System Requirements. And alternatively Docker Toolbox overview | Docker Documentation for running Docker on Windows systems that don't meet those requirements.

Or read up on WSL and maybe Pengwin: A Linux specifically for Windows Subsystem for Linux | ZDNet (or some other Linux distro tweaked to be easily WSL compatible).

One way or another... you can install Docker, or Docker under VirtualBox, or a Linux under WSL, or a Linux under VirtualBox, and then install Pi-hole for which ever method you choose to get your ad blocking local Proxy DNS server running on your machine.

Basically all of these boil down to running a Linux of some sort inside a Virtual Machine and then running Pi-Hole inside that.

Or try the native Windows Technitium or Acrylic solutions. (or something else that somebody comes up with).

In truth, the 'hosts' file wasn't designed to do the sort of ad-blocking you want to do. You really need some sort of powerful DNS Proxy server bit of software and then (once you get it working) it becomes a trivial matter. The real complexity is that you want it locally on your machine and you're running Windows.
posted by zengargoyle at 8:25 PM on April 15

« Older Navigating relationship with crush/friend after...   |   Time for another round of Name That Scat Newer »

You are not logged in, either login or create an account to post comments