I installed adblock on my WRT3200ACM, partly because I wanted to be able to blacklist a few domains. Right now, it seems like the blacklist works correctly for my PC (hooked up via Ethernet) and for my iPad on WiFi, but not for my laptop running Ubuntu. As far as I can tell, the router is configured to force everyone on the network to use its DNS settings.
Is there an obvious reason that some machines don't seem to be affected by the blacklist?
First make sure your FF doesn't use DoH.
There is this interesting bug I noticed in FF. I can reach domains blocked at DNS level if DNS record it requests contains CNAME record. I discovered it on https://d3ward.github.io/toolz/adblock.html
E.g. adtago.s3.amazonaws.com - requesting record A will return NXDOMAIN (blocked by OISD list) but test (that link above) will fail on that domain because FF requests CNAME record (can be tracked by tcpdump) and finds IP regardless.
Actually I believe it should be addressed by adblock app somehow but it requires additional investigation. I found it about 3-4 months ago and I don't remember all the details. But it can explain why that test occasionally fails.
The problem is in FF. It requests not just A or AAAA records.
Might need to add DoH blocking https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns
All this can be done by luci-app-adblock, it has doh blocklist and DNS hijacking functionality.
Point wasn't how to do it, but to do it.
That was not the most elegant way to do it, especially if you have luci-app-adblock installed.
Unfortunately I don't know what most of those things are! Searching for "FF" is not giving me a lot of leads, although I was able to determine that DoH is "DNS over HTTP".
Is there a simple guide to setting this up for a short list of domains via luci-app-adblock?
FF usually means FireFox...
Just make sure that DNS over HTTPS is disabled in Firefox settings (or Chrome if you use it).
I see. Unfortunately I was hoping to use the blacklist feature to block myself from visiting some sites in an effort to curb impulse food delivery orders, but if I have to set up my own browser for it to work it doesn't have the same effect of "if you want to order DoorDash you'll have to spend five minutes in the router settings".
I may have to look for a different solution.