Adblock-fast: ad-blocking service for dnsmasq, smartdns and unbound

Hello @dave14305 I took a shot at supporting the allow-listing by explicitly adding the domains to the final dnsmasq.servers file like you suggested in 1.1.2-6 available from dev repo.

It of course took quite a bit longer to implement as I originally hoped, I needed to update both processing of allow/block-lists when downloading, the operation of allow command and even make changes into how the size of the final block-list is calculated, as it would now contain explicitly allowed domains.

Please test 1.1.2-6 as much as you can. I still need to probably add support for allowing domains when using remote dnsmasq config file, but I'd like to have this basic functionality tested.

Great, I’ll be able to test it out tomorrow evening when I have the network to myself.

I was able to install and start some testing during Monday Night Football.

At first glance, I’m surprised to see that the allowing is only one method or the other (e.g. sed or #), but I was advocating to do both methods at once.

My first test using Hagezi Pro was to allow apple.com. This didn’t allow any of the currently blocked Apple sub-domains because the blocked domains are more specific than the new allow entry. You would need to sed out all blocked entries ending in apple.com and then add the new entry server=/apple.com/#. The sed is technically enough for this particular scenario (allowing a higher-level domain of one or more blocked domains), but since you won’t know in advance if it’s a partial match, exact match or no match, you should execute both methods.

The next test was to whitelist a random doubleclick sub-domain 9120651.fls.doubleclick.net since fls.doubleclick.net is in the block list. This works as expected. 9120651 resolves properly, and any other subdomain like 9121695.fls.doubleclick.net continues to be blocked.

Allowing an exact match of blocked domain like browser-intake-datadoghq.com works as expected.

Does all that make sense?

@dave14305 I thought it would be a significant speed improvement if I didn't need to purge the final block-list from allowed sites, but I see your point. So 1.1.2-7 available from OpenWrt snapshots repo and from my private repo has the proper processing as you suggested.

Something is wrong since the sed patterns are at the top of the file.

root@router:~# head /var/run/adblock-fast/dnsmasq.servers 
/(^|\.)cdn\.jsdelivr\.net$/d;
/(^|\.)browser-intake-datadoghq\.com$/d;
server=/cdn.jsdelivr.net/#
server=/browser-intake-datadoghq.com/#

I imagine this is the relevant line:

I see now, $SED_TMP is appended with the server statements, but it still has content in it from earlier.

1 Like

This is embarrassing. Fixed in adblock-fast 1.1.2-8.

2 Likes

On the plus side, everything is working well based on my 3 alllowlist scenarios! Thank you.

I have previously ignored the news about the per-instance conf-dir support for dnsmasq (applicable for dnsmasq.conf, dnsmasq.ipset and dnsmasq.nftset configurations only), but was reminded about it with the recent drama with switching default values for per-instance conf-dir.

The adblock-fast 1.1.2-10 (and please update the luci app to the same version), has support with configurable per-instance conf-dir for dnsmasq. I've quickly tested with all 3 options affected (and dnsmasq.servers which is not affected) and it seemed to work for me.

If you use adblock-fast with either dnsmasq.conf, dnsmasq.ipset or dnsmasq.nftset options for resolver, especially if you have multiple dnsmasq instances, please install 1.1.2-10 and test.

Pending any reported bugs, I'll be creating PRs for OpenWrt packages both snapshots and 23.05 repos before the end of the week.

1 Like