Adblock-fast: ad-blocking service for dnsmasq, smartdns and unbound

I just took a look at your repo. I'm not entirely sure what packages to download. Can you be a little more specific? I'm pretty sure I will get the time to try it out later today, so hopefully I'll have something a little bit later :slight_smile:

How long does something like that take usually? :slight_smile: Merging pull requests isn't something that typically takes long in my experience, but I suspect the process might be a bit different with stuff like this, than what I'm used to. In regards to the build-bots, then I'm clueless hehe

I could be up for waiting if it doesn't take too long, but the other approach is also fine with me. Depends on what makes the most sense for you?


root@Redmi-AX6000:~# service adblock-fast dl
Force-reloading adblock-fast 1.1.1-r8...
[DL] Blocked File: raw.githubusercontent.com (adblockplus) [✓]
Sorting combined list [✓]
Optimizing combined list [✓]
Allowing domains [✓]
Formatting merged file [✓]
Creating dnsmasq nft set file [✓]
Removing temporary files [✓]
Restarting dnsmasq [✓]
adblock-fast 1.1.1-r8 is blocking 676 domains (with dnsmasq.nftset) [✓]
root@Redmi-AX6000:~#

After running this command, the error in Luci disappeared, but after a reboot it appeared again. I cleared the cache, launched it incognito, and launched it in another previously unused browser. There are mistakes.
OpenWrt 23.05.3 (r23809-234f1a2efa)

I'm sorry! As it turned out, firmware-selector.openwrt.org has nothing to do with it. If you give a command from the console or click on the Restart button in the plugin management window, which, as far as I understand, is the same the plugin restarts and does not write any errors. Which also works until you reboot the router. It is after a reboot or just loading that this problem appears.

@stangri quick question:

  1. Are the readme steps "Requirements for IPv6 Support" of installing ip6tables-mod-nat kmod-ipt-nat6 still necessary? I was under the impression nftables replaced iptables.
    • If it is still necessary, what about adding a LuCI GUI section in the "Information" area that indicates whether IPv6 is working or not?
1 Like

Good catch, I'll have to revisit that section.

For all the domain-based options (like the default dnsmasq.servers) the name blocking should work for both IP families, it's only for the IP-based options (like ipset/nftset) where the IP family support matters.

I'll consider checking for IPv6 support when it needs to be explicitly enabled in adblock-fast settings, but that might have to be a part of the bigger change to both principal and WebUI packages and might take a while.

1 Like

I came upon an article recommending to allow-list the domain succeedscene.com to get past some adblock detectors. I wonder if anyone has been using it and if it works well, if it should be added to allowed_domains in the default config?

@duskern the adblock-fast update has been merged into OpenWrt snapshots and 23.05 repository. Unbound hasn't been fixed yet, so if you want, you can replace the /usr/lib/unbound/unbound.sh with the this file and it should pull the ablock-fast created blocklist.

1 Like

Thx @stangri. I'll look into it over the weekend. I've been swamped at work, so have not really had time to look into it :slight_smile:

I might have an issue upgrading. It says there's an 1.1.1-11 upgrade available, but when I do the upgrade I get this message:

Preformatted text`Package adblock-fast (1.1.1-r7) installed in root is up to date.

I'm unsure if anything gets installed or not, but the version seems to be the r7 still. Am I doing it wrong?

Edit: I later removed adblock-fast to reinstall it. It seems the adblock-fast luci package is still version 1.1.1-r7, so it might just be that the version info shown in the Services > adblock-fast is showing the luci package version, and not the adblock-fast version

Edit again: So now I've installed it again, and it seems that the info showin in the UI is actually 1.1.1-11 now, so scratch what I just wrote :slight_smile:

More edit.
After following your guide @stangri, I was able to get it working. I haven't really done any checking on how the adblocking is working overall, but I will at some point. I did a check using the manual block list and it works everywhere on the network. Doing nslookup on the router works as intended, also works from my phone and browser on my main computer, so I'd say that's pretty good! Any good suggestions on a quick test to see if the block lists are in effect?

Check the last 20 domains in your block-list by running

tail -20 /var/lib/unbound/adb_list.adblock-fast

and then run nslookup on some of them to test if they resolve to anything besides NXDOMAIN.

In the next version, adblock-fast will be able to output the current block-listed domains so the above could be automated.

Thanks for testing, the unbound 1.19.3-2 which will be available in snapshots and 23.05 repo will support the adblock-fast lists.

I just merged the PR for snapshots and I'll create a cherry-pick for stable.

I haven't gotten to do this test just yet, but I will. Everything does look to work none the less :slight_smile:

That sounds nice. I might try to setup something using Zabbix, that checks that blocking is up.

You're welcome, and thx for doing a pretty quick fix for getting this working with Unbound. I'll do an upgrade at some point soon and verify that everything is still working as intended :slight_smile:

I use OpenWrt 23.05.3 with DNSMASQ + HTTPS DNS Proxy and started using AdBlock-Fast + StevenBlack blocklist. I did the install procedure of dnsmasq-full so adblock-fast would work with dns-over-https (dnsmasq nft set option) and everything looked ok.

After some time some stuff got blocked like profile thumbnails on youtube, images on google search when scrolling, play store on android devices, etc. Tried to pin point domains which causing the damage but always come back short. At the end I disabled blocklist and to my surprise problem still exist when adblock-fast was running without any blocklist. When I stop adblock-fast service problem is gone.

One thing I discovered is when I added some domain to allow list, and adblock-fast do restart dnsmasq to apply changes, problem disapeared, but after some time it came back.

I would like to provide more info but don't know how.

As far as I remember, adblock-fast should throw an error, something like "nothing to do" if there are no enabled block-lists or blocked domains -- it shouldn't successfully start.

Also, I don't think any of the block-lists in the default config file are blocking youtube or youtube resources. I'm also using StevenBlack, among other lists and I do not experience missing thumbnails on youtube.

Who's your ISP? What are the providers you're using with https-dns-proxy?

I'm customer of local ISP. Previously for years I used dnsmasq+dnscrypt but changed dnscrypt to dns-over-https to make things simpler. Or so I thought...

Right now its: dnsmasq-full v2.90-2 + https-dns-proxy v2023.11.19-r1 installed from luci. Added adblock-fast v1.1.2-1.

I use standard DNS settings for https-dns-proxy which is Cloudflare 1.1.1.1 & 1.0.0.1 and Google 8.8.8.8 & 8.8.4.4.

Let me demonstrate the issue.

  • adblock-fast service disabled (top window)
  • adblock-fast service enabled (bottom window, after scrolling down)

And it is tricky to trigger becouse one second it is fine, and minutes or hours later it is failing. No idea what is causing this.

And about YT, its not thumbnails, but profile (channels) thumbnails. Those avatatr pics in round shape. They are probably linked from other domain.

I have StevenBlack list enabled and I cannot reproduce the issue you're seeing in the second screenshot.

Anything interesting in the routers logs when it's happening? If not, have you tried different browsers/clients?

Nothing on the system logs.

When I right click on images that didn't load and choose 'open image in other tab' the image do not load and I get ERR_CONNECTION_REFUSED (sometimes ERR_QUIC_PROTOCOL_ERROR) in the browser. The domain is https://encrypted-tbn1.gstatic.com/ which is not blocked by blocklist (I checked, then I even added it to allowed domains). Yet it do not load. Interesting is that if I wait for a couple minutes, the images will load and thumbnails behind *.gstatic.com domain wil load again. Other interesting thing is that after I allowed mentioned domain, and missing images started to not load, the domain was https://encrypted-tbn2.gstatic.com/ (not tbn1 like before).

I don't know what is triggering this issue. One thing I know is when I disable adblock-fast service it will never happen.

About debug file... it is very verbose and contain a lot of info I should not share in public (IP's, my network map, MAC's, etc). What should I look for?

Hello there. Thanks for releasing this package, I'm using it in these days.
adblock-fast 1.1.2-1
luci-app-adblock-fast 1.1.2
luci-i18n-adblock-fast-zh-cn git-24.137.59920-b342a45

The service works well, but the web UI seems not. Sometimes it will take a while to load it's web UI, and even got time out, and sometimes it will just take a second, unpredictably. I'm using your https-dns-proxy plugin two, it runs smoothly.

Which logs/configs should I check to find out the reason? The syslogs shows nothing wrong. I'm a China user, and the github/openwrt/jsdelivr is intermittently unaccessible for me, could it be the reason?

Is there an issue with the latest version? Been using Adblock Fast for a long time now but never had this happen, even after restarting the service and a reboot it won't start on a new build from today. From LuCI page:

Service Status
Version 1.1.2-1 - Failed to start.

Service Errors
Failed to download https://adaway.org/hosts.txt!
Failed to create '/var/run/adblock-fast/dnsmasq.servers' file!
Failed to create block-list or restart DNS resolver!
Errors encountered, please check the README!