Service for blocking ads, malware, and AI

Updated June 18, 2026.

I have a DNS server (a service that converts a domain name like reddit.com into an IP address) that I set up for myself, and I use it to blocks ads, malware, and generative AI websites. The server is small, but it has enough capacity to handle a lot of users since a recursive DNS service isn’t that resource intensive. Please feel free to use it and share it with your friends! There’s no need for an account.

Let’s block ads and AI!

Take note though that this is not enough to block all ads. Ads on YouTube, Facebook, and Instagram, for example, can’t be blocked this way. Installing uBlock in your browser better in that situation.

Notes

Check out the status page if things aren’t working. Let me know if you’re having issues!
It uses the following lists:
- Blocks ads, tracking, malicious, and phishing websites: HaGeZi Pro++ and Threat Intelligence Feeds and DNSBunker CTI
- Blocks AI websites: No AI
- Unsafe file sharing websites: Free Media Heck Yeah Filterlist
- Malware domains: DandelionSprout’s Anti-Malware
- Additional tracking and privacy invasive services: BadBlock
- A blocklist of phishing websites, curated from OpenPhish, IPThreat and PhishTank: phishing-filter
Only secure DNS is enabled so only DNS-over-HTTPS, DNS-over-TLS, and DNS-over-QUIC are the only ones supported at the moment.
No queries are logged.

How to use

Choose the server that is geographically closer to you. One server is in Standing Peachtree (Atlanta, GA) and another in Lenapehoking (Philly, PA). The distance affects how fast the domains are resolved. Using the service for the first time might feel slow at first and that’s because the domains are not cached yet, but they should get faster as time goes by because the server will cache the frequently-accessed domains for you.

If you want to check if you’ve properly configured it, you can try accessing OpenAI or Anthropic. You should see that they’re no longer accessible to you although it might be cached on your device so you can try a tool called dnscheck.tools to be sure. Your DNS resolver should be showing “controld.com” and/or “adguard-dns.com"

Protocol	Standing Peachtree	Lenapehoking
DNS-over-HTTPS/2 or HTTPS/3	`https://dns.acab.fans/dns-query`	`https://dns2.acab.fans/dns-query`
DNS-over-TLS or DNS-over-QUIC	`dns.acab.fans`	`dns2.acab.fans`

Android

Go to Settings > Network & internet > Private DNS and type in dns.acab.fans or dns2.acab.fans. See the help page on Google for more information.

Firefox

Including LibreWolf, WaterFox, Mullvad Browser, Zen Browser.

Go to Settings > Privacy & Security > DNS over HTTPS > Maximum Protection > Custom and type in https://dns.acab.fans/dns-query or https://dns2.acab.fans/dns-query. See the help page on Mozilla for more information.

Chrome

Including Brave.

Go to Settings > Privacy and Security > Security > Use secure DNS > Add custom DNS service provider and type in https://dns.acab.fans/dns-query or https://dns2.acab.fans/dns-query.

Vivaldi

Go to Settings > Network > DNS over HTTPS > Custom DNS Provider and type in https://dns.acab.fans/dns-query or https://dns2.acab.fans/dns-query.

macOS and iOS

Download either dns.acab.fans.mobileconfig or dns2.acab.fans.mobileconfig on the device that you want to use it on. To install it, follow the instructions here.

Windows

YogaDNS is a free tool that you can use to set this DNS server for the whole system.

More notes

The actual lists

# Malware
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/wildcard/tif.txt
https://codeberg.org/xRuffKez/tif/raw/branch/main/adblock.txt
https://cdn.jsdelivr.net/gh/DandelionSprout/adfilt@latest/Alternate%20versions%20Anti-Malware%20List/AntiMalwareDomains.txt
https://raw.githubusercontent.com/fmhy/FMHYFilterlist/main/filterlist-wildcard-domains.txt
https://malware-filter.gitlab.io/malware-filter/phishing-filter-wildcard.txt

# Ads and trackers
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/wildcard/pro.plus-onlydomains.txt
https://badblock.celenity.dev/wildcards-star/badblock.txt

# AI blocklist
https://codeberg.org/durian/noai/raw/branch/main/noai.txt

# Allowlist
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/whitelist-referral.txt
!https://badblock.celenity.dev/wildcards-star/whitelist.txt

How port 53 is disabled on the server

Technitium DNS doesn’t allow disabling port 53 on the server and unfortunately it’s prone to abuse. So the servers that I’m running has the daemon Uncomplicated Firewall installed which manages the open ports for us. It has the following configuration:

> sudo ufw show added                                                                                                                                                      

Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH
ufw allow mosh
ufw allow 5380
ufw allow 53443
ufw allow 80
ufw allow 443
ufw allow 853