pk198105's solution works, it just needs that last issue to be resolved somehow.
I tried the python script and it ended up blocking most youtube video streams.
Had to disable it and remove the blocked domains it had blacklisted. It did more than just block the ads DNS hosts.
this will also block mobile ads or just youtube on pc in general?
Have blocked 100% ads on pc
Later make solution more easy for pi hole 
The exact same domains and ips now serve both ads and videos.
I guess uBlock blocks at the browser by checking the request urls. Blocking with dns isnāt going to work anymore 
I read someone talk about using a dns from a remote country to reduce the number of ads served but I donāt see how that would work since the ads are served based on request ip not resolving the dns.
Any other ideas?
Ads are based on ip address location
Iām not so sure about that. Using a vpn recently as a test the IP was located in US - checked the geo location of the IP and with trace route. But the ads were showing from Dubai.
I wonder if the dns configured there was resolving for Dubai instead of sending a geo local YouTube ip in US
Very odd anyway.
That's not correct. Yes, you can block ads/trackers delivered by 3rd-party services like doubleclick.net. That's why Pi-hole works so well as it works on the DNS level.
However, if a (reputable) site like https://www.example.com delivers ads via, say,
http://www.example.com/ads/annoying.js
or
http://www.example.com/adserver/bs.jpg
or whatever you can't block this with Pi-hole - you would have to block www.example.com completely (which is not what you want). You need an adblocker like uBlock Origin as the filter syntax used in its filterlists is much more flexible.
An ad like
http:// www.spiegel.de/staticgen/data_imports/gutscheine/SpiegelHPWidget_Small_390x85px_rewe_23-10-18RR.jpg
can easily be blocked by uBO with the following filter rule:
||www.spiegel.de/staticgen/data_imports/gutscheine/$image
You can't do that with Pi-hole.
We were talking about YouTube specifically.
So we know that ads and videos are served from the same YouTube domains. So you canāt block based on that.
We also know that when you click a video YouTube calls the YouTube api and asks for what to show - likely an ad url and or a video url. Of course uBlock can filter on that an pi hole canāt.
What I was actually talking about was if you are in the US that YouTube api knows you are there āsomehowā and sends back 1 of a million YouTube ads for the US.
If on the other hand you are in some tiny obscure country it will send you 1 of maybe 100 ads available - in other words you will see a lot less ads in a small obscure country than the US.
Now the question is how does it know which country you are in? Thereās a few possibilities:
-
it checks which ip the request comes from ie your ip.
-
when you request the dns for some domain letās say api.youtube.com, the dns server sends the ip of a google server setup to respond with ads AND videos for your country. Basically a regional server that handles all YouTube api requests. We still canāt block this ip as itās needed by YouTube for everything.
I would have assumed it was 1) BUT testing out some vpn servers which show the ip as US I see Dubai ads.
This leads me to think this vpn setup may be using a Dubai dns server which incorectly sends back ips for google servers in Dubai. Ok their setup is broken but it raises the question that could 2) be how youtube serve you ads for your country?
Most public dns servers should serve you local ips based on where you are requesting from - but some probabaly donāt. Has anyone tried an alternative dns and actually got ads from a different country ever?
Someone further up said they did exactly that, I was skeptical but after the vpn test I did it may be worth a second look.
Edit: I am neither in US or Dubai so itās got nothing to do with where I really am!
Tell us 
This particular vpn uses its own dns. The ips it returns canāt be reached outside of the vpn network whereas all other YouTube addresses seem to be reachable from anywhere in the world.
Itās likely Dubai have special youtube nodes to comply with local policy, but that wasnāt really my point.
What this means is that an IP address in the US (the vpn end point) was able to be served ads from Dubai because of the dns resolution. So in that case we could redirect some host (which one?) to a tiny countries youtube node to reduce the ads significantly.
Anyway it needs more investigation. Itās also possible that the app itself is connecting to a site or non http/s protocol somewhere to get its external up like STUN does.
More I read this thread, the more I believe that a complimentary client-side plug-in is needed. Client-side code should communicate with pi-hole back-end to automatically update black-list queries.
Client side is no good for smart TVs.
You used to just block the ad servers and change the TV's DNS settings. You can still kinda do it but you also need something that emulates a YouTube server and says "no ad, just play the video".
If I'm not mistaking every device has some sort of Ad tracking id and perhaps a standard way to pass it in the data exchange between client/server. If this could be sniffed-out and blocked it would work?
The apps and website seem to work slightly differently.
App:
-
App starts and connects to redirector.googlevideo.com, this returns a media endpoint.
-
app sends a large post to the endpoint above to authenticate, get an access key and allow acces, if you blocked redirector nothing is sent yet. (This access key is used from now on to all media endpoints)
-
app connects to YouTube api etc and gets the video list etc
-> click a video in app
-
site connects YouTube.com and asks for ad and media endpoints.
-
app connects to both endpoints (ad and video). App sends large post to authenticate IF you blocked redirector, to the first of the endpoints connected - could be video could be ad.
-
app starts to receive from video endpoint then pauses. Simultaneously it receives from ad endpoint - which may return nothing.
-
if no ad in 5) or ad is finished the app resumes receiving the video.
You canāt block the above using domains. Itās impossible. If you can install your own certificate you CAN intercept the ssl traffic and block the ad request to the api.
Even if you block YouTube.com at a specific time to block the api request and not the rest the app tries numerous backup methods to get the ad including using a random media endpoint and asking for a random ad. I believe the normal way is to ask for a targeted ad and fallback is to ask for any ad directly from a random media endpoint.
Looking at the above itās basically imposssible to block this without intercepting the traffic. To do this off device you need to do ssl mitm which means your own CA and connecting devices trusting it.
Oh and YouTube apps also use QUIC as their primary connect for media. Then fallback to tcp https if it fails.
Web:
I havenāt looked at this extensively but Iām guessing itās not far from the above. Using a browser plugin you can intercept before ssl encryption so you can basically filter the traffic.
Final notes:
I strongly suspect that the endgame here is that YouTube will create an access flow - get ad, when ad is finished or no ad send video access key - request and play video.
They could still do this by only pre sending parts of the video until the access key is given.
At this point blocking will become impossible.
With youtube red etc being pushed heavily now, and ads increasing I think this is a major focus for youtube now - we probabaly wonāt win this one 
2 Likes
See my post below. To sniff you need to intercept ssl, and to do that your device needs to have capability to trust a third party certificate.
Mobile phones, computers etc can do this, smart TVs etc probabaly canāt.
This kind of blocking would require a squid proxy of sorts with built-in adblocking
Blockquote
Yeah the squid part is the easy bit - getting dumb devices to trust your custom cert is the hard / impossible bit!
Try this regex blocker:
r[0-9\-]*\-sn\-[a-z0-9]*\-[0-9a-z]{4}\.googlevideo\.com
1 Like