I currently own the Asus RT-AC66U router and I love it. I’ve had it for over a year and it has been steady as a rock. But with this “cloud first, mobile first” (and customer last) philosophy of Microsoft, I was looking for a way to make my router block all that tracking that is in Windows 10 and trying to be in Windows 7 and 8. Block it at the router level and Microsoft can’t do a thing about it. According to Asus, the RT-AC66U router supports DD-WRT. This is a requirement. If your Asus router does not support DD-WRT, then this how-to will not help. Fortunately you don’t need to install DD-WRT. DD-WRT can a pain to install on a router. You do need to install the Merlin firmware, which you can download here.
This is an advanced how-to meant for more technical people.
- First, download and install the latest Merlin firmware for your router.
- If you haven’t already done so, configure all the settings you need for your router.
- Enable SSH access and custom JFFS2 scripts to your router by clicking on Administration -> System and enabling the corresponding settings.
- Download PUTTY, a free SSH program for Windows or use the built-in SSH shell in Mac or Linux.
- Using PUTTY or your SSH program, connect to your router’s IP address. The username and password is the same as what you use to log in through a browser.
- Type in the following commands:
cd /jffs/configs/ cat > dnsmasq.conf.add
- Copy the text below to the SSH shell. Hint: If you are using PUTTY, you can highlight the entire text and press CTRL+C to copy all the text and then within the SSH shell, right click to paste the text. (P.S. This list came from https://github.com/WindowsLies/BlockWindows except I removed a Google entry and all Skype entries because I use Skype and I block Google tracking at my browser.)
address=/a.ads1.msn.com/0.0.0.0 address=/a.ads2.msads.net/0.0.0.0 address=/a.ads2.msn.com/0.0.0.0 address=/a.rad.msn.com/0.0.0.0 address=/a-0001.a-msedge.net/0.0.0.0 address=/a-0002.a-msedge.net/0.0.0.0 address=/a-0003.a-msedge.net/0.0.0.0 address=/a-0004.a-msedge.net/0.0.0.0 address=/a-0005.a-msedge.net/0.0.0.0 address=/a-0006.a-msedge.net/0.0.0.0 address=/a-0007.a-msedge.net/0.0.0.0 address=/a-0008.a-msedge.net/0.0.0.0 address=/a-0009.a-msedge.net/0.0.0.0 address=/ac3.msn.com/0.0.0.0 address=/adnexus.net/0.0.0.0 address=/adnxs.com/0.0.0.0 address=/ads.msn.com/0.0.0.0 address=/ads1.msads.net/0.0.0.0 address=/ads1.msn.com/0.0.0.0 address=/aidps.atdmt.com/0.0.0.0 address=/aka-cdn-ns.adtech.de/0.0.0.0 address=/a-msedge.net/0.0.0.0 address=/az361816.vo.msecnd.net/0.0.0.0 address=/az512334.vo.msecnd.net/0.0.0.0 address=/b.ads1.msn.com/0.0.0.0 address=/b.ads2.msads.net/0.0.0.0 address=/b.rad.msn.com/0.0.0.0 address=/bingads.microsoft.com/0.0.0.0 address=/bs.serving-sys.com/0.0.0.0 address=/c.atdmt.com/0.0.0.0 address=/c.msn.com/0.0.0.0 address=/cdn.atdmt.com/0.0.0.0 address=/cds26.ams9.msecn.net/0.0.0.0 address=/choice.microsoft.com/0.0.0.0 address=/choice.microsoft.com.nsatc.net/0.0.0.0 address=/compatexchange.cloudapp.net/0.0.0.0 address=/corp.sts.microsoft.com/0.0.0.0 address=/corpext.msitadfs.glbdns2.microsoft.com/0.0.0.0 address=/cs1.wpc.v0cdn.net/0.0.0.0 address=/db3aqu.atdmt.com/0.0.0.0 address=/df.telemetry.microsoft.com/0.0.0.0 address=/diagnostics.support.microsoft.com/0.0.0.0 address=/ec.atdmt.com/0.0.0.0 address=/fe2.update.microsoft.com.akadns.net/0.0.0.0 address=/feedback.microsoft-hohm.com/0.0.0.0 address=/feedback.search.microsoft.com/0.0.0.0 address=/feedback.windows.com/0.0.0.0 address=/flex.msn.com/0.0.0.0 address=/g.msn.com/0.0.0.0 address=/h1.msn.com/0.0.0.0 address=/i1.services.social.microsoft.com/0.0.0.0 address=/i1.services.social.microsoft.com.nsatc.net/0.0.0.0 address=/lb1.www.ms.akadns.net/0.0.0.0 address=/live.rads.msn.com/0.0.0.0 address=/m.adnxs.com/0.0.0.0 address=/m.hotmail.com/0.0.0.0 address=/msedge.net/0.0.0.0 address=/msftncsi.com/0.0.0.0 address=/msnbot-65-55-108-23.search.msn.com/0.0.0.0 address=/msntest.serving-sys.com/0.0.0.0 address=/oca.telemetry.microsoft.com/0.0.0.0 address=/oca.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/pre.footprintpredict.com/0.0.0.0 address=/preview.msn.com/0.0.0.0 address=/rad.live.com/0.0.0.0 address=/rad.msn.com/0.0.0.0 address=/redir.metaservices.microsoft.com/0.0.0.0 address=/reports.wes.df.telemetry.microsoft.com/0.0.0.0 address=/s.gateway.messenger.live.com/0.0.0.0 address=/schemas.microsoft.akadns.net/0.0.0.0 address=/secure.adnxs.com/0.0.0.0 address=/secure.flashtalking.com/0.0.0.0 address=/services.wes.df.telemetry.microsoft.com/0.0.0.0 address=/settings-sandbox.data.microsoft.com/0.0.0.0 address=/settings-win.data.microsoft.com/0.0.0.0 address=/sls.update.microsoft.com.akadns.net/0.0.0.0 address=/so.2mdn.net/0.0.0.0 address=/sqm.df.telemetry.microsoft.com/0.0.0.0 address=/sqm.telemetry.microsoft.com/0.0.0.0 address=/sqm.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/ssw.live.com/0.0.0.0 address=/static.2mdn.net/0.0.0.0 address=/statsfe1.ws.microsoft.com/0.0.0.0 address=/statsfe2.update.microsoft.com.akadns.net/0.0.0.0 address=/statsfe2.ws.microsoft.com/0.0.0.0 address=/survey.watson.microsoft.com/0.0.0.0 address=/telecommand.telemetry.microsoft.com/0.0.0.0 address=/telecommand.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/telemetry.appex.bing.net/0.0.0.0 address=/telemetry.microsoft.com/0.0.0.0 address=/telemetry.urs.microsoft.com/0.0.0.0 address=/view.atdmt.com/0.0.0.0 address=/vortex.data.microsoft.com/0.0.0.0 address=/vortex-bn2.metron.live.com.nsatc.net/0.0.0.0 address=/vortex-cy2.metron.live.com.nsatc.net/0.0.0.0 address=/vortex-sandbox.data.microsoft.com/0.0.0.0 address=/vortex-win.data.microsoft.com/0.0.0.0 address=/watson.live.com/0.0.0.0 address=/watson.microsoft.com/0.0.0.0 address=/watson.ppe.telemetry.microsoft.com/0.0.0.0 address=/watson.telemetry.microsoft.com/0.0.0.0 address=/watson.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/wes.df.telemetry.microsoft.com/0.0.0.0
- By the way, you can use this same template to block other websites. For the purpose of this article, I am limiting myself to Windows tracking, the kind of tracking that cannot be blocked except at the router.
- Also you can entries in the future simply by typing
cat >> dnsmasq.conf.add
and then adding entries the same way. If you need to delete an entry, you will have to delete the entire file using the
command and starting over.
- Press CTRL+C or COMMAND+C to save the changes.
- Next type these commands:
chmod a+rx /jffs/configs/dnsmasq.conf.add service restart
- After 5 minutes you probably should reboot the router through the web interface for the settings to take effect.
- Don’t forget to disable SSH when done just to be safe.
- Finally, using the web interface, try pinging any one of the websites above to see if they can be reached. If any can, wait 30 minutes and try again. If you do not get a response from 0.0.0.0 after 2 hours, then something wasn’t done right and you will need to try again.
- One last thing, if you upgrade your router’s firmware you may have to repeat these steps. Router upgrades may or may not clear user scripts.