I flashed OpenWrt onto my router and wrote a script which prevents ads from being displayed on any devices on my network that use DNS to find them on the internet. Chromecasts, phones, tablets, PCs, and (probably?) Rokus (I don't have one to test with) can now all reach an ad-free internet without users needing to install any addons at all. I'll link to my script on github if anybody's interested in duplicating my setup.
Edit: Okay, the script is at https://github.com/tablespoon/fun/blob/master/adblocker.sh It's written in such a way that installation is very simple: just place it anywhere permanent on the filesystem (don't place it in /tmp -- this is tmpfs in OpenWrt, and will be cleared if the router loses power or reboots. In my example below, I save it to root's home) and run it once. It will add itself to root's crontab, and will pull down new lists of known ad and malware servers every Tuesday at 3 am (plus a random delay to prevent load on the remote webservers). It also carefully adds itself to /etc/rc.local, so a server list refresh will also occur whenever you reboot your router.
My router is a TP-Link WR841N which has fairly limited storage... the largest partition after flashing OpenWrt ended up being /tmp, which is why I'm saving the blocklist there.
If you want to blacklist or whitelist any particular domains, simply add them to /etc/adblocker_blacklist or /etc/adblocker_whitelist and rerun the script.
Let me know if you have any questions.
Edit 2: In case anybody is interested, this is the router I'm using. http://www.amazon.com/TP-LINK-TL-WR841N-Wireless-Router-300Mpbs/dp/B001FWYGJS
It's running OpenWrt Barrier Breaker 14.07, which is (still) the latest full release as of this writing. https://openwrt.org/
Edit 3: Since people are asking, I wrote up some installation instructions to follow. This assumes you've already got OpenWrt running on your router (a guide for that can be found here: http://wiki.openwrt.org/doc/howto/generic.flashing). Please let me know if you run into any problems!
Edit 4: New version released. Improved security by expanding a sed regex to include all IP addresses (thanks to /u/Two_Coins and /u/Turbosack for the suggestion!) and added a random delay when invoked by cron to prevent undue load on the hostlist webservers (thanks to /u/Deckardzz for the suggestion!). Updated pastebin link and md5sum in the instructions below. If you already installed the old one, run 'crontab -r' and follow the setup instructions again to install the new version.
Edit 5: The mods responded. The post had been auto-moderated due to the Amazon link. They have graciously restored the post because it's clear I'm not trying to sell this router. Thanks for the support, everyone! And thanks for being awesome, moderators!
Edit 6: New version released. Thanks to /u/minecraft_ece for suggesting the prevention of multiple simultaneous instances, the prevention of overwriting the block list if downloads mysteriously fail, and the automatic white listing of private networks (192.168.0.0 and 10.0.0.0). There have also been some minor performance improvements added, as well as a simplification of of the created crontab entry--jitter is now permanently defined because there was no reason to recalculate this each week. Finally, blacklist and whitelist parsing has been improved--previously, dots were erroneously treated as regex dots (wildcards) instead of periods. Full changes can be seen here: https://github.com/tablespoon/fun/commit/13adb0cf191194af09766a6965ffe876aa14367b
Edit 7: New version released. Thanks to yunake (https://github.com/yunake) for eliminating misleading output from uci during the initial run of the script.
Pastebin link and checksum have been updated in this post to point to this version.
Edit 8 (Aug. 9, 2016): /u/tekni5 contacted me to let me know that adaway has switched to https and suggested using crossorigin.me as an http wrapper for the download of adaway's list. I've merged that suggestion in as well as updated the installation instructions to use the crossorigin.me wrapper for the initial download of the script from github (which also https). This cuts out the somewhat-messy usage of pastebin as an http host of the script.
This assumes you've already got OpenWrt running on your router (a guide for that can be found here: http://wiki.openwrt.org/doc/howto/generic.flashing)
First, connect to your OpenWrt web interface and go to System -> Administration. Ensure that ssh is available on your LAN interface, enable password login, and allow root password login. Next, you want to ssh to your router. If you're running Windows, you can use putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) to ssh to your router's IP address. If you're running OSX or Linux, just open a terminal and type 'ssh root@192.168.1.1' (or whatever the correct address is). Log in as root using the same password as you did for the web interface.
Once you're in, you can use this command to download the script. It's a little bit ugly... the OpenWrt-provided wget doesn't support https, so we're using pastebin as an http mirror. However, pastebin forces DOS-style newline characters, so we're using awk to translate the file back into the format that Linux expects. The initial cd selects your installation directory, and is included here for completeness--this can be any permanent location (don't use /tmp; it exists in memory in OpenWrt).
cd /root/
wget http://pastebin.com/raw/dxUwBF89 -qO- | awk '{ sub("\r$", ""); print }' >adblocker.sh
Verify that your downloaded file matches mine exactly (to protect yourself). The checksum should be cfed91c4630356bfcf5b9049a5499e9f:
md5sum adblocker.sh
If it matches, make it executable and run it:
chmod +x adblocker.sh
./adblocker.sh
After a small delay (mine takes about 10 seconds, but it will depend on your connection as well as the speed of your router's processor), you should be returned to your prompt with no output at all. Finally, you can verify that it got installed by checking root's crontab:
crontab -l You should see something like this (this is just example output; do not copy/paste this):
# Download updated ad and malware server lists every Tuesday at 3:22 AM
22 3 * * 2 /root/adblocker.sh
If everything matches (other than the minutes after 3 AM -- this is randomized for each installation to prevent load on the host list webservers), you're good to go.
If you are still seeing ads, try flushing your device's DNS cache. If you don't know how to do this, just reboot it instead. (thanks, /r/mcplaty!)
This is quick and dirty, but should do the trick:
crontab -r
sed -ri '/adblocker\.sh/d' /etc/rc.local
uci del_list dhcp.@dnsmasq[0].addnhosts="/tmp/adblocker_hostlist" && uci commit
rm -f /tmp/adblocker_hostlist
/etc/init.d/dnsmasq restart
The first step clears root's crontab (OpenWrt has an empty root crontab by default).
The second step removes the script from OpenWrt's startup script.
The third step removes the blocklist from dnsmasq's config.
The fourth step actually deletes the blocklist from your router (to free up a bunch of space).
The last step restarts dnsmasq to flush its cache.
If you're using something other than OpenWrt, you may be in luck! I can't personally vouch for any of these, but I'm including them to save you some time. They are reportedly good.
/u/nerdlymandingo shares this for dd-wrt users: https://www.reddit.com/r/bestof/comments/3izurp/tablspn_shares_script_to_be_used_in_conjunction/culcc3f
/u/mark3748 shares this for ASUSWRT-MERLIN users: https://www.reddit.com/r/bestof/comments/3izurp/tablspn_shares_script_to_be_used_in_conjunction/culki42
/u/goodtimes50 shares this for Tomato users: https://www.reddit.com/r/technology/comments/3iy9d2/fcc_rules_block_use_of_open_source/cumx0a1
This is a copypasta from reddit