Adblock-fast: ad-blocking service for dnsmasq, smartdns and unbound

Hi @stangri, is there any interest in expanding the concept of allowlist for dnsmasq to explicitly allow a subdomain of a blocked domain?

The use case would be a blocked domain such as:

server=/g.doubleclick.net/

where there are many subdomains being blocked. If I only need to allow pubads.g.doubleclick.net to let my wife's favorite phone app work, today I would need to allow the entire g.doubleclick.net domain so that the sed processing would remove it from the blocklist.

But by explicitly adding:

server=/pubads.g.doubleclick.net/#

to the final blocklist, I can specifically allow pubads while still blocking all other subdomains of g.doubleclick.net. The dnsmasq # syntax says "use the standard servers for this domain" and the more specific domain overrides the more generic parent domain block.

I show a potential patch below, if interested.

diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast
index c962c1fd3..3e8727582 100755
--- a/net/adblock-fast/files/etc/init.d/adblock-fast
+++ b/net/adblock-fast/files/etc/init.d/adblock-fast
@@ -1440,6 +1440,13 @@ $(sed '/^[[:space:]]*$/d' "$A_TMP")"
                json add error 'errorMovingDataFile'
        fi
        case "$dns" in
+               dnsmasq.servers)
+                       if [ -n "${allowed_domain}" ]; then
+                               for hf in ${allowed_domain}; do
+                                       echo "server=/${hf}/#" >> "$outputFile"
+                               done
+                       fi
+               ;;
                unbound.adb_list)
                        sed -i '1 i\server:' "$outputFile"
                ;;
1 Like

Hi. How do I update Adblock-fast? I treid this command, but it doesn't update the WebUI. Thanks!

opkg update; opkg install adblock-fast luci-app-adblock-fast

See what's installed and try upgrade.

opkg list-installed *adblock-fast*
opkg update
opkg upgrade luci-app-adblock-fast

Same.

Thank you for suggesting this. Let me sleep on how it's best to integrate it with the current method of allow-listing domains by removing them from block-list.

It does, you need to flush your browser cache so it fetches the new version from the router.

1 Like

I haven't used Unbound in a long time, but I think the same concept might apply with a transparent or always_transparent zone for allowed domains.

This is all in addition to removing the allowed domains from the blocklist with sed first.

I tried to open it with another browser and also checked with my phone browser, but it's the same.

# grep luciCompat= /usr/libexec/rpcd/luci.adblock-fast 
readonly luciCompat='2'
# grep packageCompat= /etc/init.d/adblock-fast 
readonly packageCompat='2'

Do these 2 grep commands both give the same number on your device?

1 Like

Got 1 and 2
image

Try to force reinstall the LuCI app.

opkg install --force-reinstall luci-app-adblock-fast

Thanks, that message is gone. Is Version 1.1.2-3 the latest version?

1 Like

Sorry for misleading you about the browser cache, but I'd be curious to find out why the newer version hasn't been installed with just opkg update; opkg install adblock-fast luci-app-adblock-fast.

The newest version (available from my repo) is 1.1.2-4, but I haven't submitted it to the OpenWrt packages yet.

I want to restrict internet access of specific IoT clients.
This means clients can only access specific domains for firmware upgrade etc.
In the context of a DNS blocker this would be a whitelist for specific clients.

Can you please advise how to realise this request with Adblock-fast?

you don't need adblock-fast for that, I'll reply in your other thread.

When I try to open webpage htts://energis.de I get 403 Forbidden error.
Using another router w/o Adblock-fast I cannot reproduce this issue.

Therefore my conclusion is that this domain is blocked.
And I need to enter it in Luci > Services > Adblock Fast > Allowed Domains.
However, after saving the new settings I still get 403 Forbidden error.

What is missing to apply new settings?

If you get a reply from the server, that means that the domain can be resolved and your browser tries to access the resolved IP.

Hi, I'm using version 1.1.2-3. The file size will not be stored in config, still, and even the web UI can't know the file size now. Function getFileUrlFilesizes will get a 0 size. I have tried rules without any available problems, and even flashed a new fresh firmware, but does't help.

1 Like

Thanks for pointing it out, there was a report either at OpenWrt or my own github repo before, if it's from you as well, I'm sorry I didn't have the time to look into it earlier.

Fixed in 1.1.2-4, this version should be storing new sizes for enabled lists. I'll create PR for snapshots and 23.05 branches before the end of the week, you can grab updated sources and binaries from upstream repo for now.