[adblock] dns backend restart with adblock blocklist failed

lleachii · May 9, 2023, 4:16pm

Can you provide your full config from /etc/config/adblock ?

Thanks.

czezz · May 9, 2023, 4:36pm

sure:

root@OpenWrt:~# cat /etc/config/adblock

config adblock 'global'
	option adb_enabled '1'
	option adb_debug '1'
	option adb_forcedns '0'
	option adb_safesearch '0'
	option adb_dnsfilereset '0'
	option adb_mail '0'
	option adb_report '0'
	option adb_backup '1'
	option adb_dns 'dnsmasq'
	option adb_fetchutil 'uclient-fetch'
	list adb_sources 'adaway'
	list adb_sources 'adguard'
	list adb_sources 'disconnect'
	list adb_sources 'yoyo'
	option adb_dnstimeout '60'

dave14305 · May 9, 2023, 4:53pm

What happens normally if you run /usr/bin/nslookup example.com on the router?

czezz · May 9, 2023, 5:02pm

root@OpenWrt:~# /usr/bin/nslookup example.com
Server:		127.0.0.1
Address:	127.0.0.1:53

** server can't find example.com: NXDOMAIN

** server can't find example.com: NXDOMAIN

root@OpenWrt:~# /usr/bin/nslookup google.com
Server:		127.0.0.1
Address:	127.0.0.1:53

Non-authoritative answer:
Name:	google.com
Address: 142.250.203.110

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:400a:802::200e

dave14305 · May 9, 2023, 5:05pm

That NXDOMAIN is the problem. Is example.com in the blacklist or being blocked by the upstream router?

czezz · May 9, 2023, 5:09pm

Its not on /etc/adblock/adblock.blacklist if u are asking for that:
root@OpenWrt:~# grep -i "example.com" /etc/adblock/adblock.blacklist

I dont think it is blocked by upstream router but to be 100% i will connect to it later with my PC and see if im getting the same result.

efahl · May 9, 2023, 5:11pm

What happens if you specify an external DNS server on your nslookup?

$ nslookup example.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8:53

Non-authoritative answer:
Name:   example.com
Address: 2606:2800:220:1:248:1893:25c8:1946

Non-authoritative answer:
Name:   example.com
Address: 93.184.216.34

dave14305 · May 9, 2023, 5:11pm

Try these tests:

nslookup example.com 127.0.0.1
nslookup example.com 172.16.0.1
nslookup example.com 8.8.8.8

And check if example.com is shown in the whitelist.

dave14305 · May 9, 2023, 5:25pm

It should be the upstream ISP router or its upstream DNS servers are blocking example.com.

Can you set your own DNS servers on the OpenWrt WAN interface?

dibdot · May 9, 2023, 5:30pm

czezz:

Tue May  9 15:54:55 2023 user.debug adblock-4.1.5[14886]: f_dnsup  ::: dns: dnsmasq, cache_cmd: -, lookup_cmd: /usr/bin/nslookup, lookup_domain: example.com, restart_rc: 0, dns_flush: 0, dns_timeout: 60, dns_cnt: 61, in_rc: 0, out_rc: 4

the lookup domain does not work. Set 'adb_lookupdomain' in your adblock config to 'google.com' or to 'false' ... the latter value disables the check at all.

Edit: The option is available via LuCI as well.

dave14305 · May 9, 2023, 5:33pm

That is a form of cheating. Let us solve the mystery first!

czezz · May 9, 2023, 8:50pm

Hi guys,
Here is output of tests.
BTW. for what is this example.com domain? Does adblock do some connectivity test on it before it starts or why is it so important to have it accessible?

root@OpenWrt:~# nslookup example.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8:53

Non-authoritative answer:
Name:	example.com
Address: 93.184.216.34

Non-authoritative answer:
Name:	example.com
Address: 2606:2800:220:1:248:1893:25c8:1946

root@OpenWrt:~# nslookup example.com 127.0.0.1
Server:		127.0.0.1
Address:	127.0.0.1:53

** server can't find example.com: NXDOMAIN

** server can't find example.com: NXDOMAIN

root@OpenWrt:~# nslookup example.com 172.16.0.1
Server:		172.16.0.1
Address:	172.16.0.1:53

** server can't find example.com: NXDOMAIN

** server can't find example.com: NXDOMAIN

root@OpenWrt:~# nslookup example.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8:53

Non-authoritative answer:
Name:	example.com
Address: 93.184.216.34

Non-authoritative answer:
Name:	example.com
Address: 2606:2800:220:1:248:1893:25c8:1946

dave14305 · May 10, 2023, 12:06am

The root cause of your issues seems to be that the 172.16.0.1 router is blocking your DNS request to example.com. If you can login to that router and determine the DNS configured on it, we might better understand the problem. Or see what DNS servers are shown when visiting dnsleaktest.com or https://dnscheck.tools.

But there are also several workarounds:

As @dibdot already mentioned, replace example.com with google.com in Adblock config.
Set your own WAN DNS servers on the OpenWrt router (Quad9 example):

uci set network.wan.peerdns='0'
uci add_list network.wan.dns='9.9.9.9'
uci add_list network.wan.dns='149.112.112.112'
uci commit network
ifup wan
service dnsmasq restart

Change the DNS servers used on the ISP router 172.16.0.1 so that example.com is not blocked.

dibdot · May 10, 2023, 3:56am

nope, please don't fiddle in the adblock script with sed or similar, just use the already mentioned adblock config option 'adb_lookupdomain'.

dibdot · May 10, 2023, 4:16am

it's a safeguard to test your DNS backend with the loaded lists...if it failes adblock returns to a safe state (without the list).

czezz · May 10, 2023, 8:28pm

Hi guys, thank you very much for your replies.

Yes, it seems that example.com is not resolved by my ISP's DNS
Final solution by @dibdot. Although I decided to use "duckduckgo.com" domain

Thanks again everyone for helping.

system · May 20, 2023, 8:29pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.