DNS Filtering and Ad Blocking

Your Pimeleon router provides automatic DNS filtering that blocks ads, trackers, and malicious websites before they even load. Powered by DNS filtering and encrypted DNS, this multi-layer protection makes your internet faster, more private, and more secure.

What is DNS?

DNS (Domain Name System) is like the internet's phone book. When you type "google.com" into your browser:

1. Your device asks the DNS server "What's the address for google.com?"
2. DNS responds with the IP address (like "142.250.185.46")
3. Your browser connects to that address

This happens automatically, thousands of times per day as you browse.

How DNS Filtering Protects You

Your Pimeleon router intercepts these DNS requests and checks them against blocklists:

You visit a website
    ↓
Website tries to load ads from ad servers
    ↓
DNS filter checks: Is this an ad domain?
    ↓
✗ Blocked → Ad never loads
✓ Allowed → Content loads normally

All of this happens in milliseconds - you never see the ads or wait for them to load.

Multi-Layer DNS Protection

Your router uses a sophisticated multi-layer approach:

Your Request
    ↓
DNS Filtering (Ad Blocking)
    ↓
Encrypted DNS (Privacy)
    ↓
Internet

Layer 1: DNS-Based Ad Blocking

DNS filtering is the powerhouse behind your network-wide ad blocking. It works silently in the background, blocking millions of ads, trackers, and malicious domains before they ever reach your devices.

What it does: Blocks known ad and tracking domains Your benefit: Faster page loads, less data usage, better privacy Coverage: Millions of known ad/tracking domains

Layer 2: Encrypted DNS

What it does: Encrypts DNS queries so your ISP can't see them Your benefit: Your browsing history stays private Technology: DNSCrypt and DNS-over-HTTPS

What Gets Blocked

Advertisements

• Banner ads
• Pop-up ads
• Video ads (on some platforms)
• Sidebar ads
• In-app advertisements

Tracking and Analytics

• Tracking pixels
• Analytics scripts
• Behavior tracking
• Cross-site tracking cookies
• Marketing beacons

Malicious Content

• Known malware domains
• Phishing websites
• Suspicious tracking domains
• Crypto-mining scripts

Privacy Invaders

• Third-party trackers
• Data collection scripts
• User profiling services
• Fingerprinting attempts

What Doesn't Get Blocked

Content You Want

• Regular website content
• Streaming services (Netflix, YouTube, etc.)
• Social media platforms
• News websites
• Shopping sites
• Banking and financial services

Some Types of Ads

DNS filtering blocks ads from separate domains. It cannot block:

• YouTube ads (served from YouTube's own domain)
• Facebook/Instagram ads (served from Facebook's domain)
• Sponsored content within websites
• First-party promoted posts

Why? These ads come from the same domain as the content, so blocking them would break the entire service.

Benefits You'll Notice

Faster Page Loading

• No ad downloads: Pages load 30-50% faster on ad-heavy sites
• Less data transfer: Blocked content doesn't use your bandwidth
• Reduced CPU: Your device doesn't process ad scripts
• Better battery life: Less processing means longer battery on mobile devices

Cleaner Browsing Experience

• Websites display without intrusive ads
• No auto-playing video ads
• Fewer pop-ups and overlays
• More screen space for actual content

Enhanced Privacy

• Tracking scripts can't run
• Your browsing behavior isn't profiled
• Cross-site tracking is blocked
• Analytics companies don't see your activity
• Encrypted queries: ISP can't see what websites you look up
• Reduced fingerprinting: Fewer third-party connections

Enhanced Security

• Malware blocking: Known malicious domains won't load
• Phishing protection: Fake websites are blocked automatically
• Safe browsing: Family-friendly by default

Network-Wide Protection

Works on ALL your devices automatically:

• Smartphones and tablets
• Computers (Windows, Mac, Linux)
• Smart TVs
• Gaming consoles
• IoT devices (smart home gadgets)

No need to install ad blockers on each device!

How Effective Is It?

Real-World Results

Typical blocking rates:

• Light browsing: 10-20% of requests blocked
• Ad-heavy sites: 30-50% of requests blocked
• Average: 15-25% of all DNS requests blocked network-wide

Example: In a household with normal browsing:

• 10,000 DNS requests per day
• 2,000 ad/tracker requests blocked
• 20% fewer things trying to track you

Coverage

The system uses regularly updated blocklists with:

• Millions of known ad domains
• Thousands of tracking domains
• Hundreds of thousands of malicious domains

Lists are updated automatically to catch new ad servers.

How to Tell It's Working

Signs DNS Filtering is Active

1. Fewer ads: You'll see significantly fewer ads on websites
2. Faster loading: Pages load quicker without ad scripts
3. Cleaner layout: Websites look cleaner without ad placeholders
4. Empty ad spaces: Blank spaces where ads would normally appear
5. Broken image icons: Where ads would be

These are signs DNS filtering is working correctly!

Testing DNS Filtering

Try visiting known ad-serving domains - they should be blocked:

• doubleclick.net - Should not load
• googlesyndication.com - Should not load
• adserver.com - Should not load

Note: These are ad servers, not regular websites, so blocking them is expected behavior.

Understanding DNS Resolution Time

Your DNS lookups are fast:

• First lookup: 20-50ms (checking filters and cache)
• Cached lookups: <1ms (instant from cache)
• Average: Most users won't notice any delay

Why first visits are slightly slower:

1. DNS filter checks domain against blocklists (~10-20ms)
2. Encrypted DNS lookup if allowed (~20-50ms)
3. Total: ~30-70ms one-time delay

Subsequent visits:

1. Domain cached locally (~1ms)
2. Nearly instant

Result: First visit slightly slower, all future visits much faster.

Accessing the Admin Dashboard

Your network administrator can access detailed statistics showing:

• Total queries handled
• Percentage of queries blocked
• Top blocked domains
• Top allowed domains
• Query activity over time
• Per-device statistics

This information helps optimize filtering and troubleshoot issues.

Privacy Protection Features

DNS Query Privacy

Your DNS queries are protected multiple ways:

1. Local processing: Queries handled locally, not sent to ISP
2. Encrypted upstream: External queries encrypted with DNSCrypt
3. Privacy-respecting providers: Upstream DNS servers don't log
4. No tracking: Your browsing habits aren't profiled

Bypass Prevention

DNS filtering operates at the network level, so:

• Mobile apps can't bypass it
• Smart devices can't opt-out
• No per-device configuration needed
• Comprehensive protection for everyone

Some services try to bypass local DNS:

• DoH (DNS-over-HTTPS): DNS filtering blocks these bypass mechanisms
• Alternative DNS: Firewall rules prevent direct DNS access
• Hard-coded IPs: Some apps try to use hard-coded IP addresses

Your admin has configured protections against these bypass attempts.

Local Network Integration

Automatic Hostname Resolution

• What it does: Gives friendly names to network devices
• Example: Access "myprinter" instead of remembering the IP address
• Your benefit: Easier to find and connect to network devices

Cross-Network Access

• Works everywhere: Access network devices from wired or wireless
• Consistent names: Same hostname works from any network
• Zero configuration: Happens automatically when devices connect

Local Network Services

DNS filtering knows about your local network:

• Internal devices resolve by hostname
• Local services work normally
• Printers, NAS, and smart devices discoverable
• No interference with network functionality

Performance and Efficiency

Resource Efficiency

DNS filtering is designed for efficiency:

• Low CPU usage: Minimal processing overhead
• Smart caching: Frequently queried domains cached locally
• Optimized lists: Blocklists compiled for fast lookups
• Rate limiting: Prevents DNS abuse

Network Impact

Typical DNS filtering overhead:

• CPU: <5% on average
• Memory: ~100-200MB
• Network: Negligible bandwidth usage
• Latency: +10-20ms for first lookup, <1ms cached

You won't notice the performance impact.

Common Questions

Why do I still see some ads?

1. First-party ads: Ads from the same domain as content (YouTube, Facebook)
2. New ad servers: Very new domains not yet on blocklists
3. Sponsored content: Posts marked as "sponsored" within a platform
4. Native advertising: Ads designed to look like content

DNS filtering blocks most ads, but not 100%. For maximum blocking, combine with browser-based ad blockers.

Will DNS filtering break any websites?

Very rarely. The blocklists are carefully curated to block only ads and trackers, not actual website functionality. If a site doesn't work:

1. Try reloading - Sometimes temporary glitches occur
2. Check other browsers - Rule out browser-specific issues
3. Contact your admin - They can whitelist specific domains

Can I see what's being blocked on my device?

Yes! Your network administrator can filter the logs to show activity for your specific device.

Does this slow down my internet?

No - the opposite!

Why it's faster:

• Blocked ads don't download (saves bandwidth)
• Fewer scripts to process (faster page rendering)
• Local DNS cache (instant lookups for frequently visited sites)

You'll typically see faster page loads, not slower.

Can I temporarily disable blocking?

Your network administrator can:

• Disable blocking entirely (not recommended)
• Whitelist specific domains
• Adjust filtering levels

As a regular user, you can't bypass it (this ensures network-wide protection).

Can individual devices bypass this?

No. DNS filtering is network-wide and works for all devices:

• Smartphones
• Tablets
• Computers
• Smart TVs
• IoT devices
• Game consoles

This ensures comprehensive protection for everyone on the network.

Integration with Network Services

Works With Everything

DNS filtering integrates seamlessly with:

• DHCP: All devices automatically use the router for DNS filtering
• DNS: Multi-layer filtering and encryption
• Firewall: Coordinated security
• Monitoring: Network-wide statistics

Technical Details (Optional Reading)

How Internal Domains Work

The router manages local domains for your network:

• Internal hostnames are resolved locally (instant)
• External domains go through filtering (very fast)
• Smart caching reduces repeated lookups

Encrypted DNS Providers

Your queries are encrypted and sent to privacy-respecting DNS providers:

• Cloudflare (1.1.1.1)
• Quad9 (9.9.9.9)

These providers:

• Don't log your queries
• Support DNSSEC (security validation)
• Have fast, reliable infrastructure

Troubleshooting

Website Won't Load

Symptom: A website won't load or gives an error

Possible Causes:

1. Legitimately blocked: Domain is on a blocklist
2. Website is down: Problem with the website itself
3. DNS cache: Old DNS entry cached

Solutions:

1. Try accessing from mobile data to verify site is up
2. Try different browser
3. Clear browser cache
4. Try on different device
5. Contact network administrator to check if domain is blocked

Slow Website Loading

Symptom: Websites take a long time to start loading

Troubleshooting:

1. Check if problem is site-specific or network-wide
2. Run speed test to verify internet connection
3. Restart device's network connection
4. Contact network administrator if widespread

Common causes:

• Website issue (not DNS filtering related)
• Network congestion
• Internet service provider issue

All Websites Failing

Symptom: No websites load at all

This indicates DNS service is down:

1. Check router is powered on and connected
2. Restart router
3. Contact network administrator for support

Privacy and Security

What Information is Logged?

Your network administrator can configure logging. Typically:

• Query logs: Can be enabled for troubleshooting (usually disabled for privacy)
• Statistics: Aggregate stats (total queries, block percentage)
• No content: DNS only sees domain names, not actual web pages you visit

Your Privacy is Protected

• Queries encrypted between router and upstream DNS
• Upstream providers are privacy-respecting (no logging)
• ISP cannot see your DNS queries
• Trackers and ads are blocked before they load

Best Practices for Users

Don't Panic About Blocked Domains

Seeing high block percentages is good, not bad:

• 20% blocked = working normally
• 40% blocked on ad-heavy sites = working great
• More blocking = better protection

Report Legitimate Blocks

If an important website doesn't work:

• Note the exact website and what doesn't work
• Contact your network administrator
• They can check logs and whitelist if needed

Don't assume DNS filtering is the problem - often it's the website or your browser.

Combine with Browser Security

DNS filtering is powerful but not complete:

• Consider browser-based ad blockers for first-party ads
• Use browser privacy extensions for additional protection
• Keep browser and OS updated for security patches

Related Documentation

• DNSCrypt Privacy - Encrypted DNS explained
• Network Overview - Overall network architecture
• HTTP Filtering - Additional content filtering

Bottom Line: DNS filtering provides powerful, network-wide ad and tracker blocking that makes your internet faster, more private, and more secure - all without any configuration on your part. Just connect and enjoy an ad-free experience!