Can you provide your full config from /etc/config/adblock
?
Thanks.
Can you provide your full config from /etc/config/adblock
?
Thanks.
sure:
root@OpenWrt:~# cat /etc/config/adblock
config adblock 'global'
option adb_enabled '1'
option adb_debug '1'
option adb_forcedns '0'
option adb_safesearch '0'
option adb_dnsfilereset '0'
option adb_mail '0'
option adb_report '0'
option adb_backup '1'
option adb_dns 'dnsmasq'
option adb_fetchutil 'uclient-fetch'
list adb_sources 'adaway'
list adb_sources 'adguard'
list adb_sources 'disconnect'
list adb_sources 'yoyo'
option adb_dnstimeout '60'
What happens normally if you run /usr/bin/nslookup example.com
on the router?
root@OpenWrt:~# /usr/bin/nslookup example.com
Server: 127.0.0.1
Address: 127.0.0.1:53
** server can't find example.com: NXDOMAIN
** server can't find example.com: NXDOMAIN
root@OpenWrt:~# /usr/bin/nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
Name: google.com
Address: 142.250.203.110
Non-authoritative answer:
Name: google.com
Address: 2a00:1450:400a:802::200e
That NXDOMAIN is the problem. Is example.com
in the blacklist or being blocked by the upstream router?
Its not on /etc/adblock/adblock.blacklist if u are asking for that:
root@OpenWrt:~# grep -i "example.com" /etc/adblock/adblock.blacklist
I dont think it is blocked by upstream router but to be 100% i will connect to it later with my PC and see if im getting the same result.
What happens if you specify an external DNS server on your nslookup?
$ nslookup example.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: example.com
Address: 2606:2800:220:1:248:1893:25c8:1946
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
Try these tests:
nslookup example.com 127.0.0.1
nslookup example.com 172.16.0.1
nslookup example.com 8.8.8.8
And check if example.com
is shown in the whitelist.
It should be the upstream ISP router or its upstream DNS servers are blocking example.com
.
Can you set your own DNS servers on the OpenWrt WAN interface?
the lookup domain does not work. Set 'adb_lookupdomain' in your adblock config to 'google.com' or to 'false' ... the latter value disables the check at all.
Edit: The option is available via LuCI as well.
That is a form of cheating. Let us solve the mystery first!
Hi guys,
Here is output of tests.
BTW. for what is this example.com domain? Does adblock do some connectivity test on it before it starts or why is it so important to have it accessible?
root@OpenWrt:~# nslookup example.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
Non-authoritative answer:
Name: example.com
Address: 2606:2800:220:1:248:1893:25c8:1946
root@OpenWrt:~# nslookup example.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1:53
** server can't find example.com: NXDOMAIN
** server can't find example.com: NXDOMAIN
root@OpenWrt:~# nslookup example.com 172.16.0.1
Server: 172.16.0.1
Address: 172.16.0.1:53
** server can't find example.com: NXDOMAIN
** server can't find example.com: NXDOMAIN
root@OpenWrt:~# nslookup example.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
Non-authoritative answer:
Name: example.com
Address: 2606:2800:220:1:248:1893:25c8:1946
The root cause of your issues seems to be that the 172.16.0.1 router is blocking your DNS request to example.com
. If you can login to that router and determine the DNS configured on it, we might better understand the problem. Or see what DNS servers are shown when visiting dnsleaktest.com or https://dnscheck.tools.
But there are also several workarounds:
example.com
with google.com
in Adblock config.uci set network.wan.peerdns='0'
uci add_list network.wan.dns='9.9.9.9'
uci add_list network.wan.dns='149.112.112.112'
uci commit network
ifup wan
service dnsmasq restart
example.com
is not blocked.nope, please don't fiddle in the adblock script with sed or similar, just use the already mentioned adblock config option 'adb_lookupdomain'.
it's a safeguard to test your DNS backend with the loaded lists...if it failes adblock returns to a safe state (without the list).
Hi guys, thank you very much for your replies.
Thanks again everyone for helping.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.