but they don't.. they add features nobody in the real world wants/needs instead of fixing their bugs and testing new releases before they come out instead of letting the community do their bug testing...
@@jan.kowalski negative? not really.. I've used tik since a very long time and although I like using tik, ROSv7 has been an absolute nightmare.. With every release they break new things, things that were working before are all of the sudden completely broken and new things that no one needs or wants are being added.. DLNA, adlists, .. all useless for a router. DLNA for example has been obsolete for almost a decade but still the mikrotik team insists on putting money and effort into developing the standard all over a gain instead of fixing what is broken and new releases don't even get tested if you look at the forum.. all the bugs that folks find that are pretty easy to spot if they had done any decent testing of the release before putting it out there..
Nice feature ! As others have said, it's not really on par with Pi-hole's features but it's a start ! I personally don't need all the features Pi-hole offers, so just being able to whitelist URLs and check requested URLs per device would be enough for me.
Something prevented the download from URL. It could be incorrect SSL configuration, a firewall rule, DNS resolution problem or maybe just a typo in the URL.
@@mikrotik I'm having exactly the same problem. SSL verification is disabled, no firewall rule preventing it, dns resolution and typo can be ruled out since the same url worked when fetching the file on the router.
Great feature! Please consider adding a whitelist option that can override entries from adlists. The StevenBlack list works nicely but I need to unblock a couple of domains. I know I can download the list, edit it and upload the file to router. But having to do that regularly becomes tedious and I miss out on the auto-updating adlists feature.
Thats pretty awesome, though barebones. It would definitely benefit from the ability to comment each entry, and disable/enable them on-the-fly, just like usual adblock DNS'
My Pihole currently uses a number of lists and merges them (allowing me to keep a list on a server of my own as well as using external list). Is this something that Mikrotik can add?
Is support for nftables or ip2tables support on containers in the works? there a many usecases and apllications that require this to function properly eg ION devices
Ad blocking works well in general. The main thing I'd like to do is block TH-cam ads though, and all the lists I've found so far don't seem capable of doing so. After some reading, a lot of folks seem to think this is impossible - though there are multiple browser extensions that can and do accomplish exactly that. Can someone provide some context/clarity to this?
@@TeeEllohwhydeeIf it is integrated into the router OS, what's better than that! Fortinet has got that. Maybe you want to run main on os not through container?
also, some times it's useful to pause ad blocking. can this feature be paused without disabling every single list? EDIT: nevermind, I see there's a pause feature in Winbox. could have mentioned that in the video.
what's the requirements for this to work? i tried it, using a file instead of the URL, name count was recorded or fetched correctly but match count doesn't. even when i open a website with ads, its as if nothing is blocked.
@@profkwl775 Same experience here, does not seem to do anything. Tried both with a local file and url. I'm running a newly-bought hAP ax2. OS reported as Version 7.15.3
@@mikrotik Thanks for reply! I'll have to wait the whitelist feature, since I have to block everything (especially unknown sites) allowing just the one needed for a specif software to run. There is an ETA or target build for this feature to come?
After adding, it will not download the file. Tried a few different things and ended up manually making the file myself after copying the links to a txt file. That does work but wont auto update. Hopefully that download issue could be fixed or has a fix to get it to work later on.
@@mikrotik Made that was off actually, also tried via winbox widget instead of cli. Looked over my firewall rules and cant see it getting blocked either.
of course not.. It can't beat Pi-Hole as Pi-hole does so much more and is easier to maintain and troubleshoot The adlist on tik does not even have any features, just add the list and be done with it, while in the real world we need to do so much more and be able to whitelist too
@@4L3xN3ti think it might be better for low ram devices, my ac2 seems to run out of ram from time to time when a container is running, i might just switch to an adlist since i just want to block ad websites
@@mikrotik that's why we continue to use pi hole. If it works on my rasp i would buy a level 4 license for routerOS. But don't get me wrong, i'll buy a Mikrotik hap ax model, they're amazing! But i can't decide. Hap AX lite AX2 or AX3. Please Mikrotik make it possible to run RouterOS on my PI devices!
@@mikrotik I've successfully implemented DoH using your guide, and it's working great for my home network. However, I'm encountering an issue with the new DNS adlist feature. Despite setting up 6 ad-blocking lists, none of them seem to be matching when I use various DNS testers. Is it possible that the adlist feature is incompatible with DoH? Or am I missing a step in the configuration process?
how hard is that feature on internal flash memory? just in case i use this feature by downloading lists to connected usb memory and then refreshing adlist, but maybe it would be nice in the future to add option to select temp location for downloaded lists?
DNS-level cannot and has never been able to block TH-cam ads since the ad injection is done at the scripting level on the browser, and possibly in the future directly into the video stream
Let me answer that question: Because Pi-Hole and AdGuard can do so much more than ROS yet another feature we don't need on a router instead of fixing bugs and testing releases before they come out
![[TH] 2024 PMGC League | Survival Stage วันที่ 1 | PUBG MOBILE Global Championship](http://i.ytimg.com/vi/FVFT-PFwU80/mqdefault.jpg)
Amazing! Mikrotik is is the go to technology because they LISTEN to the people.
but they don't.. they add features nobody in the real world wants/needs instead of fixing their bugs and testing new releases before they come out instead of letting the community do their bug testing...
@@ON3RVH Aren't you a little negative person? For instance I'm happy with mikrotik products since early 2000s.
@@jan.kowalski negative? not really..
I've used tik since a very long time and although I like using tik, ROSv7 has been an absolute nightmare..
With every release they break new things, things that were working before are all of the sudden completely broken and new things that no one needs or wants are being added..
DLNA, adlists, .. all useless for a router.
DLNA for example has been obsolete for almost a decade but still the mikrotik team insists on putting money and effort into developing the standard all over a gain instead of fixing what is broken and new releases don't even get tested if you look at the forum.. all the bugs that folks find that are pretty easy to spot if they had done any decent testing of the release before putting it out there..
@ON3RVH how many times have you copy+pasted that on this video now
@@user-lg4le8xr4s 0 as I don’t copy/paste..
Just add a whitelist option and it will be perfect for regular home use!
Nice feature ! As others have said, it's not really on par with Pi-hole's features but it's a start !
I personally don't need all the features Pi-hole offers, so just being able to whitelist URLs and check requested URLs per device would be enough for me.
This is a great addition to the already massive amount of options on RouterOS! I've set it up right away and it works. Awesome!
Thanks for adding more useful features to routeros. You people are awesome.
Just tried it out , works perfectly , Mikrotik for the win
We indeed do not need pi-hole, but we still need the underdog blocky. Why, because of its incredibly powerful and flexible confiootions.
In RouterOS You can already redirect DNS queries to an external Adblock dns server, like AdGuard or Cloudflare. Same as blocky
@mikrotik I personally use Pihole for local domain resolution along with Nginx, does Mikrotik allow that as well?
love it!
on hAP ac^2 with RO 7.15.2
Locally hosted adlist - worked correctly, name-count=163299
URL based adlist - same list, name-count=0
Something prevented the download from URL. It could be incorrect SSL configuration, a firewall rule, DNS resolution problem or maybe just a typo in the URL.
@@mikrotik I downloaded the file on the device itself without any problems with fetch, I will do more testing, thank you!
@@mikrotik I'm having exactly the same problem. SSL verification is disabled, no firewall rule preventing it, dns resolution and typo can be ruled out since the same url worked when fetching the file on the router.
Same problem here. Also nothing in the logs. Please let me know if you find a solution ;-)
same issue for me ( 7.15.2, hAP ac lite, local file OK, url NOK)
Should I change any DHCP or DNS settings except Adlist itself? I used Quick setup from the beginning
That's fantastic! Thank you for adding this feature.
Nice feature!
Great feature!
Please consider adding a whitelist option that can override entries from adlists. The StevenBlack list works nicely but I need to unblock a couple of domains. I know I can download the list, edit it and upload the file to router. But having to do that regularly becomes tedious and I miss out on the auto-updating adlists feature.
Is it possible to save the adlist to usb / sd card instead of internal storage, my Chateau lte just have 16MB of internal storage.
Superb @mikrotik! Great job. Will this be going into the next release of winbox?
Thats pretty awesome, though barebones. It would definitely benefit from the ability to comment each entry, and disable/enable them on-the-fly, just like usual adblock DNS'
My Pihole currently uses a number of lists and merges them (allowing me to keep a list on a server of my own as well as using external list). Is this something that Mikrotik can add?
You can use multiple lists as well
@@mikrotikdo we use the same method to add multiple lists ?
@@mikrotik Yes, but does it merge them, avoiding duplication?
Excellent, just excellent 😁
It would be good for it to download directly to RAM and bypass the flash, so CRS326 with 16MB of flash but enough RAM could use the feature.
The list itself is already stored in RAM.
Is this available on the MikroTik hAP ax3 US Version or MikroTik L009UiGS-2HaxD?
Hi :)
Really nice video!
Could you give several examples of other reliable lists?
Thank you in advance!
Best regards,
Plamen
Here is one source you can try firebog.net/
Is support for nftables or ip2tables support on containers in the works? there a many usecases and apllications that require this to function properly eg ION devices
Ad blocking works well in general. The main thing I'd like to do is block TH-cam ads though, and all the lists I've found so far don't seem capable of doing so. After some reading, a lot of folks seem to think this is impossible - though there are multiple browser extensions that can and do accomplish exactly that. Can someone provide some context/clarity to this?
How long until mikrotik starts recursively resolving DNS?
You can run a lightweight container with unbound/bind9 if you want a recursive DNS server.
@@TeeEllohwhydee I did it! I asked if mikrotik could integrate recursive DNS resolution, that would be great!
@@TeeEllohwhydeeIf it is integrated into the router OS, what's better than that! Fortinet has got that. Maybe you want to run main on os not through container?
also, some times it's useful to pause ad blocking. can this feature be paused without disabling every single list?
EDIT: nevermind, I see there's a pause feature in Winbox. could have mentioned that in the video.
This is coming in one of the next updates
Does it support regex?
If a domain is listed in more than one host list, when it's matched, does the match count increment for both lists or just the first one?
Doesn't appear to work in 7.15.2 when using DoH Server (Cloudflare) Have also tried a simple text file. Ensured dns/cache had been cleared on test pc.
You need to upgrade to 7.16 for it to work in conjunction with doh
But @MikroTik what is the update interval ?
Currently 1h
Gonna try 😊 thanks
what's the requirements for this to work? i tried it, using a file instead of the URL, name count was recorded or fetched correctly but match count doesn't. even when i open a website with ads, its as if nothing is blocked.
Did you increase cache amount? And did you set ssl verify to No?
@@mikrotik yes. i even set my own file with 2 domains only. name count 2, but when i open the 2 domains, they're both accessible and not blocked
@@profkwl775 Same experience here, does not seem to do anything. Tried both with a local file and url. I'm running a newly-bought hAP ax2. OS reported as Version 7.15.3
Wow, perfect!
Super work ... thank.
Nice!
Can be used to have a kind of "whitelist? so block everything except the urls of a specified list?
Download the list to your computer and edit out the urls you don’t want blocked.
Whitelist as a feature is coming soon
@@mikrotik Thanks for reply! I'll have to wait the whitelist feature, since I have to block everything (especially unknown sites) allowing just the one needed for a specif software to run. There is an ETA or target build for this feature to come?
This functionality does not work if the router has the Use DoH Server configured :sed-pepe:
You can’t “want to use other dns server” and “don’t want to use other dns server” at the same time.
After adding, it will not download the file. Tried a few different things and ended up manually making the file myself after copying the links to a txt file. That does work but wont auto update. Hopefully that download issue could be fixed or has a fix to get it to work later on.
Probably you forgot to set ssl verify to off
@@mikrotik Made that was off actually, also tried via winbox widget instead of cli. Looked over my firewall rules and cant see it getting blocked either.
Whitelisting please!
Does it have the same clients grouping and white\blackilst functionalities pi-hole has?
of course not.. It can't beat Pi-Hole as Pi-hole does so much more and is easier to maintain and troubleshoot
The adlist on tik does not even have any features, just add the list and be done with it, while in the real world we need to do so much more and be able to whitelist too
@@ON3RVH ok, thanks for the confirmation. I suspected it was a truncated function that this way is practically useless
@@4L3xN3ti think it might be better for low ram devices, my ac2 seems to run out of ram from time to time when a container is running, i might just switch to an adlist since i just want to block ad websites
Can i use RouterOS on my Raspbery or Orange PI?
No, bare metal install is only possible for x86 and AMPERE CPUs.
@@mikrotik that's why we continue to use pi hole. If it works on my rasp i would buy a level 4 license for routerOS.
But don't get me wrong, i'll buy a Mikrotik hap ax model, they're amazing! But i can't decide. Hap AX lite AX2 or AX3.
Please Mikrotik make it possible to run RouterOS on my PI devices!
Nice feature.
is it possible to do DNS server randomization like in blocky? (golang) That also is quite nice for privacy
You can add as many dns servers as you want
@@mikrotik I've successfully implemented DoH using your guide, and it's working great for my home network. However, I'm encountering an issue with the new DNS adlist feature. Despite setting up 6 ad-blocking lists, none of them seem to be matching when I use various DNS testers. Is it possible that the adlist feature is incompatible with DoH? Or am I missing a step in the configuration process?
@@RadHard They said that you cant have this 2 features enable. Unfortunely, or you use DoH or use Adlist.
Fantastic! Will check it out!
This needs some form of whitelisting feature to be useful, otherwise you have to deploy the management of lists somewhere else.
how hard is that feature on internal flash memory? just in case i use this feature by downloading lists to connected usb memory and then refreshing adlist, but maybe it would be nice in the future to add option to select temp location for downloaded lists?
As it uses dns server ram cache, lists being downloaded are only being stored in ram I assume
pihole is more reliable as of now
Do not forget to add NAT rule, to avoid addlist bypassing :)
/ip firewall nat add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address=! to-addresses=
DNS-over-HTTPS will still bypass it. Any advice to mitigate that?
@@RmFrZQ this task is for NGFW with DPI
@@livankiv I've thought the same...
Is Mikrotik going to offer deep packet inspection in the future?
That’s so cool! Can’t wait to replace pihole with this 😂
sadly it wont block youtube ads, pihole same wont
It will. Just use a better list
DNS-level cannot and has never been able to block TH-cam ads since the ad injection is done at the scripting level on the browser, and possibly in the future directly into the video stream
@@mikrotikrecommend a "better list?"
Let me answer that question: Because Pi-Hole and AdGuard can do so much more than ROS
yet another feature we don't need on a router instead of fixing bugs and testing releases before they come out
Not everyone has a server to run pihole 24/7
@@mikrotik sure they do. A rPi is cheap.
@@ON3RVH I may have it, but this is more convenient.
@@Rewarpsudomakeinstall how so? No way to add whitelists, whitelist a single domain, add device groups, identify devices on your network, ..
@@Rewarpsudomakeinstall convenient my backside
Thanks Mikrotik
no need for this feature
Why? Please elaborate