Installing NoTrack
NoTrack is best installed on a Raspberry Pi with Ubuntu Server or Raspberry Pi OS.
You can also install it on your main Ubuntu or Debian based desktop / laptop
Unfortunately, there is no compatibility for other Linux Distributions, macOS, or Windows at this time
Dependencies
The automated NoTrack install script will require the following dependencies to be met by your package manager:- Python 3.6 or above
- Git
- Dnsmasq
- Nginx
- MariaDB or MySQL
- Memcache
- PHP 7.0 or above
- PHP CGI
- PHP Memcache
- PHP MySql
- PHP cURL
Installation
NoTrack is a DNS server and should therefore have a static IP address assigned to it, in order for devices on your home network to be able to find and access it quickly.
I highly recommend you set your NoTrack device to have a Static IP Address before starting the install.
Automated Install with Ubuntu / Linux Mint
$wget https://gitlab.com/quidsup/notrack/raw/master/install-ubuntu.sh $bash install-ubuntu.sh
Automated Install with Debian / Raspberry Pi OS (formerly Raspbian)
$wget https://gitlab.com/quidsup/notrack/raw/master/install-debian.sh $bash install-debian.sh
Welcome to NoTrack v21.11
This installer will transform your system into a network-wide Tracker Blocker
Install Guides: https://youtu.be/MHsrdGT5DzE
https://gitlab.com/quidsup/notrack/-/wikis/home
Press any key to continue...
Select Installation Folder, I normally use my home folder
(use up/down arrow keys or select with corresponding number key)
Select Install Folder * 1: Home /home/quids 2: Opt /opt 3: Cancel
NoTrack Installer will now specify some default values for Primary and Secondary DNS server and Listening IP Address.
You can change these later on after the install has completed.
Installing to : /home/quids/notrack Hostname : ubserver Network Device: enp0s3 Primary DNS : 1.1.1.1 Secondary DNS : 1.0.0.1 Listening IP : 127.0.0.1 Note: Primary and Secondary DNS can be changed later with the admin config
During the install you may see this error occur when Dnsmasq is being installed:
It’s due to a conflict with Systemd stub resolver currently occupying the UDP/53 port, and will be fixed by the install script during a subsequent step.
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2021-12-19 18:24:06 UTC; 6ms ago
Process: 2141 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Process: 2142 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
Dec 19 18:24:06 ubserver systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Dec 19 18:24:06 ubserver dnsmasq[2141]: dnsmasq: syntax check OK.
Dec 19 18:24:06 ubserver dnsmasq[2142]: dnsmasq: failed to create listening socket for port 53: Address already in use
Dec 19 18:24:06 ubserver dnsmasq[2142]: failed to create listening socket for port 53: Address already in use
Dec 19 18:24:06 ubserver systemd[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Dec 19 18:24:06 ubserver dnsmasq[2142]: FAILED to start up
Dec 19 18:24:06 ubserver systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Dec 19 18:24:06 ubserver systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
The installer ends with this completion message:
Finished processing all block lists
Total number of domains added: 17903
Total number of domains deduplicated: 8
Sorting and Deduplicating blocklist
Further deduplicated 4 domains
Final number of domains in blocklist: 17899
Finished creating block list for NoTrack :-)
=========================================================
NoTrack Install Complete :-)
Access the admin console at: http://ubserver/admin
Post Install Checklist:
• Secure MariaDB Installation
Run: /usr/bin/mysql_secure_installation
• Reboot System
PHP and Nginx services don't always restart cleanly
• Enable DHCP
http://ubserver/dhcp
Reboot your system:
$sudo reboot
Test Out NoTrack:
Firstly we’re going to test out the DNS server on the NoTrack device to see if the blocking is working ok
Try resolving an item in the blocklist /etc/dnsmasq.d/notrack.list, such as 207.net
$dig 207.net ; <<>> DiG 9.16.1-Ubuntu <<>> 207.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38780 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;207.net. IN A ;; ANSWER SECTION: 207.net. 300 IN A 192.168.6.2 ;; Query time: 4 msec ;; SERVER: 127.0.0.53#53(127.0.0.53)
The answer section tells us NoTrack has resolved 207.net to itself at the local IP address of 192.168.6.2, which is exactly what we want it to do for a domain in the blocklist.
You will get a normal answer to any domain not in the blocklist
$dig quidsup.net ; <<>> DiG 9.16.1-Ubuntu <<>> 207.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38780 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;207.net. IN A ;; ANSWER SECTION: quidsup.net. 300 IN A 104.21.61.91 quidsup.net. 300 IN A 172.67.208.146 ;; Query time: 4 msec ;; SERVER: 127.0.0.53#53(127.0.0.53)
You can also test out the NoTrack DNS resolver from another system.
In my case I would append the NoTrack IP of 192.168.6.2
$dig 207.net @192.168.6.2
Directing Your Systems To Use NoTrack
The simplest method of getting all your systems to utilse NoTrack is with DHCP (Dynamic Host Configuration Protocol), which you can enable in the Admin interface.
In my case I’m going to open a web browser and go to http://192.168.6.2/dhcp
- Enable DHCP
- Enter Gateway IP - Usually the IP address of your router
- Enter starting range for DHCP (leave as default)
- Enter end range for DHCP (leave as default)
- Set a Lease Time - default is 24H (24 Hours)
Note:
You will need to disable DHCP on your router, otherwise you’ll end up with a race condition and NoTrack might not be the first to answer
Secure Your NoTrack System
Lockdown MariaDB / MySQL:
$sudo /usr/bin/mysql_secure_installation
- Old password will be blank by default
- Set a Root password
- Remove anonymous users? - Yes
- Disallow root login remotely? - Yes
- Remove test database and access to it? - Yes
- Reload privilege tables now? - Yes
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Admin Password
You can set a password in the Admin interface, under Config > Security
