Adblock-lean: set up adblock using dnsmasq blocklist

This is the one! Easy to understand

3 Likes

What if user wants to block google.com? Then he'd just have to alter the configured list of domains to check I suppose. So that scenario is still OK.

2 Likes

Perhaps @dave14305 has something to say about having the blocklist entries taking precedence over allowlist entries in the allowlist_only mode (unfortunately, we may need to think of another name for this option if enabling the blocklist entries in this mode, after all).

1 Like

Hi, I have this same issue described where it errors out at the end of the process.

root@OpenWrt:~# service adblock-lean restart

Restarting adblock-lean.

Stopping adblock-lean.
Removing any adblock-lean blocklist files in /tmp/dnsmasq.d.

Restarting dnsmasq.

Waiting for dnsmasq initialization.
Restart of dnsmasq completed.

Stopped adblock-lean.

Started adblock-lean.

gawk detected so using gawk for fast (sub)domain match removal and entries packing.
GNU sed detected so list processing will be fast.
coreutils-sort detected so sort will be fast.

No existing compressed or uncompressed blocklist identified.
No local allowlist identified.
Not using any allowlist for blocklist processing.
No local blocklist identified.

Starting raw blocklist part(s) download.

Downloading, checking and sanitizing raw blocklist part from: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt.
Successfully processed blocklist (source file size: 3.2 MiB, sanitized line count: 169,401).

Downloading, checking and sanitizing raw blocklist part from: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif-onlydomains.txt.
Successfully processed blocklist (source file size: 10.91 MiB, sanitized line count: 585,711).

Successfully generated preprocessed blocklist file with 755,112 entries.

Sorting and merging the blocklist parts into a single blocklist file.

Stopping dnsmasq.

Checking the resulting blocklist with 'dnsmasq --test'.
New blocklist file check passed.
Final list uncompressed file size: 13.42 MiB.

Successfully imported new compressed blocklist file for use by dnsmasq with size: 4.62 MiB.

Restarting dnsmasq.

Waiting for dnsmasq initialization.
Restart of dnsmasq completed.

Processing time for blocklist generation and import: 0m:17s.

Checking active blocklist.

Error: Lookup of the blocklist test domain failed with new blocklist.

Error: Active blocklist check failed with new blocklist file.

Restoring saved blocklist file.

Error: No previous blocklist file found.

Error: Failed to restore saved blocklist.

Stopping adblock-lean.
Removing any adblock-lean blocklist files in /tmp/dnsmasq.d.

Restarting dnsmasq.

Waiting for dnsmasq initialization.
Restart of dnsmasq completed.

Stopped adblock-lean.

I am on 23.05.5

The likely cause is insufficient memory. Please run this command: logread and look for OOM in the output.

logread did not have any out of memory OOM results. I use a flint 2 GL.iNet GL-MT6000 for adblock-lean. I guess the upgrade I recently to 23.05.5 has something to do with this? Should I try to uninstall adblock-lean and reinstall?

Can you normally lookup the test domains (amazon.com, google.com and microsoft.com)?

There could be something wrong with dnsmasq.
Please post the output of
cat /etc/config/dhcp

1 Like

In this case it fails to look up our proprietary test domain which is added to the list for verification.

Was adblock-lean working before the sysupgrade? If so, did you run service adblock-lean setup after sysupgrade? Also are you running the latest version of adblock-lean? Anyway, reinstalling adblock-lean definitely won't hurt. Just run these commands:

service adblock-lean stop
service adblock-lean disable
rm -rf /etc/adblock-lean
rm -f /etc/init.d/adblock-lean

Then follow the README on installing adblock-lean.

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        list addnmount '/bin/busybox'
        list server '0::1#5453'
        list server '127.0.0.1#5453'
        option noresolv '1'
        option strictorder '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'YYYYYYYYYYYYYYYY'
        list mac 'XXXXXXXXXXXXXX'
        option ip 'YYYYYYYYYYYYYYYY'
        option leasetime 'infinite'

config host
        option name 'YYYYYYYYYYYYYYYY'
        list mac 'YYYYYYYYYYYYYYYY'
        option ip '1YYYYYYYYYYYYYYYY'
        option leasetime 'infinite'

config host
        option name 'CCCCCCCCCCCCCC'
        option ip 'CCCCCCCCCCCCCC'
        option mac 'CCCCCCCCCCCCCC'

config host
        option name 'DDDDDDDDDDDDDDDDD'
        option ip 'DDDDDDDDDDDDD'
        option mac 'DDDDDDDDDDDDD'

I still encounter error when I go do the uninstall steps then reinstall steps from github

service adblock-lean stop
service adblock-lean disable
rm -rf /etc/adblock-lean
rm -f /etc/init.d/adblock-lean

My guess is I have Stubby installed to setup for a couple of DNS over TLS providers and it's acting up for some reason?

Please run the command logread, then post the portion from the line user.info adblock-lean: Started adblock-lean on. Maybe dnsmasq prints some errors in the log.

Also please answer this question:

1 Like

Yes, adblock-lean was working before sysupgrade (I used attended sysupgrade) to carry over stubby + did the github guide to preserve adblock-lean.

Pasting portion of logread:

Wed Oct  2 17:49:32 2024 user.info adblock-lean: Started adblock-lean.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: gawk detected so using gawk for fast (sub)domain match removal and entries packing.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: GNU sed detected so list processing will be fast.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: coreutils-sort detected so sort will be fast.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: No existing compressed or uncompressed blocklist identified.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: No local allowlist identified.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: Not using any allowlist for blocklist processing.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: No local blocklist identified.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: Starting raw blocklist part(s) download.
Wed Oct  2 17:49:32 2024 user.info adblock-lean: Downloading, checking and sanitizing raw blocklist part from: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt.
Wed Oct  2 17:49:33 2024 user.info adblock-lean: Successfully processed blocklist (source file size: 3.19 MiB, sanitized line count: 169,358).
Wed Oct  2 17:49:33 2024 user.info adblock-lean: Downloading, checking and sanitizing raw blocklist part from: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif-onlydomains.txt.
Wed Oct  2 17:49:38 2024 user.info adblock-lean: Successfully processed blocklist (source file size: 10.85 MiB, sanitized line count: 580,716).
Wed Oct  2 17:49:38 2024 user.info adblock-lean: Successfully generated preprocessed blocklist file with 750,074 entries.
Wed Oct  2 17:49:38 2024 user.info adblock-lean: Sorting and merging the blocklist parts into a single blocklist file.
Wed Oct  2 17:49:41 2024 user.info adblock-lean: Stopping dnsmasq.
Wed Oct  2 17:49:41 2024 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Wed Oct  2 17:49:41 2024 user.info adblock-lean: Checking the resulting blocklist with 'dnsmasq --test'.
Wed Oct  2 17:49:42 2024 user.info adblock-lean: New blocklist file check passed.
Wed Oct  2 17:49:42 2024 user.info adblock-lean: Final list uncompressed file size: 13.35 MiB.
Wed Oct  2 17:49:42 2024 user.info adblock-lean: Successfully imported new compressed blocklist file for use by dnsmasq with size: 4.6 MiB.
Wed Oct  2 17:49:42 2024 user.info adblock-lean: Restarting dnsmasq.
Wed Oct  2 17:49:46 2024 user.info adblock-lean: Waiting for dnsmasq initialization.
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: started, version 2.90 cachesize 1000
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using nameserver ::1#5453
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5453
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for zzzzzzzzzzzzzz.no-ip.biz
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using only locally-known addresses for zzzzzzzzzzzzz.com
Wed Oct  2 17:49:47 2024 daemon.info dnsmasq[1]: using 712301 more local addresses
Wed Oct  2 17:49:50 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Oct  2 17:49:50 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Wed Oct  2 17:49:50 2024 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 2 names
Wed Oct  2 17:49:50 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Wed Oct  2 17:49:50 2024 user.info adblock-lean: Restart of dnsmasq completed.
Wed Oct  2 17:49:50 2024 user.info adblock-lean: Processing time for blocklist generation and import: 0m:18s.
Wed Oct  2 17:49:50 2024 user.info adblock-lean: Checking active blocklist.
Wed Oct  2 17:49:51 2024 user.err adblock-lean: Error: Lookup of the blocklist test domain failed with new blocklist.
Wed Oct  2 17:49:51 2024 user.err adblock-lean: Error: Active blocklist check failed with new blocklist file.
Wed Oct  2 17:49:51 2024 user.info adblock-lean: Restoring saved blocklist file.
Wed Oct  2 17:49:51 2024 user.err adblock-lean: Error: No previous blocklist file found.
Wed Oct  2 17:49:51 2024 user.err adblock-lean: Error: Failed to restore saved blocklist.
Wed Oct  2 17:49:51 2024 user.info adblock-lean: Stopping adblock-lean.
Wed Oct  2 17:49:51 2024 user.info adblock-lean: Removing any adblock-lean blocklist files in /tmp/dnsmasq.d.
Wed Oct  2 17:49:51 2024 user.info adblock-lean: Restarting dnsmasq.
Wed Oct  2 17:49:51 2024 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Wed Oct  2 17:49:54 2024 user.info adblock-lean: Waiting for dnsmasq initialization.
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: started, version 2.90 cachesize 1000
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using nameserver ::1#5453
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5453
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 2 names
Wed Oct  2 17:49:54 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Wed Oct  2 17:49:54 2024 user.info adblock-lean: Restart of dnsmasq completed.
Wed Oct  2 17:49:54 2024 user.info adblock-lean: Stopped adblock-lean.
Wed Oct  2 17:49:56 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.1.111 ccccccccccc
Wed Oct  2 17:49:56 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.1.111 cccccccccccc NAME

I’m not sure the exact scenario since I’ve been away a bit. I would not spend time blocking some allowed subdomains in allow-only mode, if that’s the question.

1 Like

@dave14305 any idea why it doesn't work for @dpvb ? I'm struggling to find the cause, except maybe for the dnsmasq config, which I unfortunately do not understand so well.

1 Like

It appears that my DNS providers suck?

root@OpenWrt:~# nslookup adblocklean-test123.info localhost
Server:         localhost
Address:        [::1]:53

** server can't find adblocklean-test123.info: NXDOMAIN

** server can't find adblocklean-test123.info: NXDOMAIN

root@OpenWrt:~# nslookup github.com localhost
Server:         localhost
Address:        [::1]:53

Non-authoritative answer:
Name:   github.com
Address: 140.82.116.3

Non-authoritative answer:

Config from stubby:

# Upstream resolvers are specified using 'resolver' sections.
config resolver
       option address '9.9.9.9'
       option tls_auth_name 'dns.quad9.net'

config resolver
       option address '149.112.112.112'
       option tls_auth_name 'dns.quad9.net'

config resolver
       option address '76.76.2.0'
       option tls_auth_name 'p0.freedns.controld.com'

config resolver
       option address '76.76.10.0'
       option tls_auth_name 'p0.freedns.controld.com'

I don't mind switching DNS providers to something like cloudflare I guess?

That server doesn't exist, obviously. This is just a test entry which we add to the final blocklist file this way:

address=/adblocklean-test123.info/127.0.0.1

and which is supposed to resolve to 127.0.0.1. If it resolves, this proves that the blocklist was successfully loaded.

In your case it doesn't resolve, so adblock-lean errors out.

1 Like

I am going to uninstall and remove Stubby and try again... If that works I'm just going to switch to dns-https-proxy app instead since it has a luci app

Ideally we want adblock-lean to work with Stubby. Also AFAIK @Lynx is using this configuration. Perhaps he could advise about the correct config.

1 Like

Hmm yes should just work with stubby since requests still go via dnsmasq. Or should.

https://openwrt.org/docs/guide-user/services/dns/stubby

1 Like