Adblock-lean: set up adblock using dnsmasq blocklist

I suggest to try again without addnhosts. If the issue is still present, use the command service adblock-lean stop and check again.

Yeah, I was surprised as I thought DNS filtering is relatively light and shouldn't have much of an impact on the performance.
I could notice the delay immediately as I was browsing. Then I checked by opening browser's dev tools and going to the network tab. It shows the dns response time. There's also an extension named, Page load time. It does the same thing but easier to check.

addnhosts could be the culprit I guess. In the dnsmasq query log, there were entries that basically showed that this particular site is blocked because it's present in the addnhosts file.
Unlike adblock-lean, this addnhosts file is probably not loaded into the memory. I guess it's reading that file from the storage when devices are making dns query and ending up causing delays.
I'm not on my PC at the moment. I will try again tomorrow and let you know.

As I wrote above, IMO most likely there was a configuration issue. We can try and help you to troubleshoot it but you would need to install adblock-lean again and be a little patient.

Their geoblock on raw.githubusercontent.com probably hit my region last week. In my case, Accept-Language is either not sent (router's uclient-fetch) or is sent as en-US (desktop's browser), so it's likely based on geoip.
Tried downloading a simple LICENSE file from a repository as raw:

• Browser: 429
• wget -4 (virtually static non-CGNAT address): 429
• wget -6 (virtually static /64 prefix, /64 suffix is randomly generated as part of IPv6 privacy extensions): 429

I can git clone --recursive large repositories (like CPython's) without issues.
The above issue was opened half a year ago, they probably don't care.

Hi! I didn't have the time to install it today but I just remembered that I have this option in my dhcp config.
option nftset '1'. I am using dnsmasq-full.
I need nftset for Policy Based Routing (pbr).
Can this have any negative effect on adblock-lean?

I’m not sure what exactly that option does. If it adds each resolved IP address to some nft set then this may have negative effect on DNS resolution. I’m not saying that it necessarily will have negative effect but theoretically, it can. PBR may affect DNS resolution as well.

After you install adblock-lean, see if you still have the issue. If yes, post the output of commands:

nslookup -q=A example.com
nslookup -q=AAAA example.com
service adblock-lean print_log
logread | grep dnsmasq

Then try to isolate the cause. Stop adblock-lean:

service adblock-lean stop

Check if the issue is still present.

Start adblock-lean again:

service adblock-lean start

Stop PBR:

service pbr stop

Check if the issue is still present.

Do the same for any other non-standard things you have running.

Also please post your config:

cat /etc/config/dhcp
cat /etc/config/firewall

And the output of this command:

ubus call system board

Thanks. I installed it again yesterday and didn't notice any issues. No slowdowns. I didn't use an addnhosts file this time. Only used one upstream DNS in https-dns-proxy.
Maybe the addnhosts file was the issue. Don't want to try it again for the time being.
Thanks for your help!

I installed adblock-lean on a new OpenWRT device. The setup created the following cron job

0 5 * * * RANDOM_DELAY=1 /etc/init.d/adblock-lean start 1>/dev/null

Is this enough to guarantee that blocklists also get updated daily at 5.00 am or would I need to add something extra to it to achieve this?

Hi, the blocklist will be updated daily, some time between 5:00am and 6:00am since adblock-lean waits a random number of minutes (0-60) when called from this cron job.

Hi,
I am using adblock-lean with default medium config, and https-dns-proxy addon with Quad9, Cloudflare and Google in that order setup. I am not sure how to test if adblock-lean is working and not conflicting with https-dns-proxy, tried to test with this command but it should not even resolve the address with adblock-lean active right? How to test if adbl-lean is working (tried in browser with ublock turned off, ads still make it through but idk if that's because it's not working or because I don't have extra large preset blocklist) and if these two are in conflict? Thanks.

Screenshot 2025-11-01 185511454×206 4.86 KB

googleadservices.com is not included in the default lists for preset Medium (hagezi:pro, hagezi:tif.mini). You can test with a domain which is actually included, for example:

nslookup 0070tv.com

Run this on your router and then on a network client you’re using to browse the web.

Thank you. This works (or more like doesn't). I am fine with not having ultra complete ad block list but atleast I verified that the blocklist I have works.

EDIT: Btw so using adblock-lean and https-dns-proxy together is acceptable? I am not having that much experience with OpenWRT.

Default Hagezi lists are quite balanced in terms of blocked domains vs memory consumption vs services breakage. This is why they are included in our presets. If you prefer, more aggressive Hagezi lists are available, as well as lists by other authors. adblock-lean allows you to use a wide variety of lists (and even wider variety will be available with the upcoming adblock-lean update which will add support for hosts-format lists). That said, DNS-based adblockers have a fundamental limitation: they can only block domains, so certain types of ads can not be blocked this way (including in-video YouTube ads for example).

Personally I have no experience with https-dns-proxy, but other adblock-lean users are successfully employing similar solutions, so I don't see why not.

You can also use this website:

to test adblocking. With the Medium preset, it shows me 97% blocked. If you do not get anything close to this then your browser may be bypassing the OpenWrt DNS server.

Hi all, we have now merged a pull request implementing lots of changes intended for the next release of adblock-lean. A complete list of changes is available in the PR notes. The most important ones:

• Add support for hosts-format lists. Note that the support only covers lists which couple domains to block with the 0.0.0.0 IPv4 address or with :: for IPv6. The majority of hosts-format blocklists are compatible, a minority which uses the 127.0.0.1 address for blocked domains is incompatible. Also note that adblock-lean does not feed hosts lists as-is to dnsmasq. Instead, adblock-lean converts them into raw-domains format and then further processes them as usual. Subdomains compression for hosts-format lists has been also implemented, based on the code by @dibdot in adblock.
• Support short identifiers for Steven Black lists (e.g. hosts_block_lists=”stevenblack:base stevenblack:gambling”)
• Support specifying default mirror to use when downloading lists for given author (currently Hagezi, oisd, Steven Black), add config options hagezi_default_mirror, oisd_default_mirror, stevenblack_default_mirror. Allowed values for these options are listed in the config file comments, next to the options.
• When list download fails, adblock-lean will now automatically use another mirror when retrying.
• Several config options names were changed. When updating adblock-lean to this version, values of the old options will be automatically migrated.
• Add support for the new Hagezi social list.
• Many improvements to the console output messages.
• Reduce the number of messages sent to system log to minimum (adblock-lean still writes the complete log to its own log file which you can view by running service adblock-lean print_log).
• Various bugfixes
• README updates

We would appreciate anyone who can help testing this version before we make a new release.

To test:

service adblock-lean update -v snapshot

To go back to the current release:

service adblock-lean update -v release

Note that because of the changed config options, downgrade from this version to older ones will reset those options. So if you are planning on downgrading later on and would like to keep your current config, make sure to create a backup copy of the file /etc/adblock-lean/config.

I did not try any new features (yet) but the switch to snapshot seems to have worked properly as expected. :-)

```
root@R4S-wrt:~# service adblock-lean update -v snapshot

Downloading adblock-lean, commit 'ae23aef37652ad236979919e763da909d14e00cd' (update channel: 'snapshot').

Installing new files...
Warning: File '/etc/init.d/adblock-lean' was manually modified - overwriting.
Saved a backup copy of manually modified file to /tmp/abl_old_modified_files/adblock-lean
Copying file '/etc/init.d/adblock-lean'.
Copying file '/usr/lib/adblock-lean/abl-lib.sh'.
Copying file '/usr/lib/adblock-lean/abl-process.sh'.

NOTE: config format has changed from v10 to v11.

Unexpected keys in config: 'hosts_allow_lists'.
Corresponding config entries:
hosts_allow_lists=""

Missing keys in config: 'hagezi_default_mirror stevenblack_default_mirror oisd_default_mirror'.
Corresponding config entries:
hagezi_default_mirror="github"
stevenblack_default_mirror="github"
oisd_default_mirror="oisd"

Perform following automatic changes? (y|n)
1. Remove unexpected entries from the config
2. Re-add missing config entries with default values
y|n: y

Old config file was saved as /tmp/adblock-lean_config.old.
This will overwrite existing config. Proceed? (y|n)
y|n: y

Saving new config file to '/etc/adblock-lean/config'.

Checking dnsmasq instances.

adblock-lean has been updated to version 'ae23aef37652ad236979919e763da909d14e00cd'.

Start adblock-lean now? (y|n)
y

Starting adblock-lean, version ae23aef37652ad236979919e763da909d14e00cd.

gawk detected so using gawk for fast (sub)domain match removal and entries packing.
GNU sed detected so list processing will be fast.
coreutils-sort detected so sort will be fast.

Checking dnsmasq instances.

Creating uncompressed backup of existing blocklist.

Testing connectivity.

Downloading and processing blocklist parts (max parallel jobs: 4).
Not using any allowlist for blocklist processing.

Processing raw blocklist:     https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt
Processing raw blocklist:     https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif-onlydomains.txt
Processing raw blocklist:     /etc/adblock-lean/blocklist
Successfully processed list:  /etc/adblock-lean/blocklist            [ 414.00   B -       16 lines ]
Successfully processed list:  https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt [   3.34 MiB -  183,522 lines ]
Successfully processed list:  https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif-onlydomains.txt [   9.10 MiB -  548,115 lines ]

Successfully generated preprocessed blocklist file with 731,653 entries.

Sorting and merging the blocklist parts into a single blocklist file.

Stopping dnsmasq.

Checking the resulting blocklist with 'dnsmasq --test'.
New blocklist file check passed.
Final list uncompressed file size: 11.45 MiB

Importing the blocklist file.

Restarting dnsmasq.

Waiting for dnsmasq initialization.
Restart of dnsmasq completed.
Successfully imported new blocklist file for use by dnsmasq with size: 11.45 MiB

Processing time for blocklist generation and import: 0m:26s.

Checking the active blocklist.

Checking dnsmasq instances.

Using following nameservers for DNS resolution verification: 127.0.0.1, ::1
Testing adblocking.
Testing DNS resolution.

Active blocklist check passed with the new blocklist.
New blocklist installed with entries count: 672,703

Checking for adblock-lean updates.
The locally installed adblock-lean is the latest version.
root@R4S-wrt:~# 
```

Fri Nov  7 10:37:29 2025 user.info adblock-lean: Downloading adblock-lean, commit 'ae23aef37652ad236979919e763da909d14e00cd' (update channel: 'snapshot').
Fri Nov  7 10:37:30 2025 user.info abl-install: Installing new files...
Fri Nov  7 10:37:30 2025 user.info abl-install: Warning: File '/etc/init.d/adblock-lean' was manually modified - overwriting.
Fri Nov  7 10:37:30 2025 user.info abl-install: Saved a backup copy of manually modified file to /tmp/abl_old_modified_files/adblock-lean
Fri Nov  7 10:37:30 2025 user.info abl-install: Copying file '/etc/init.d/adblock-lean'.
Fri Nov  7 10:37:30 2025 user.info abl-install: Copying file '/usr/lib/adblock-lean/abl-lib.sh'.
Fri Nov  7 10:37:30 2025 user.info abl-install: Copying file '/usr/lib/adblock-lean/abl-process.sh'.
Fri Nov  7 10:37:30 2025 user.notice adblock-lean:  NOTE: config format has changed from v10 to v11.
Fri Nov  7 10:37:30 2025 user.info adblock-lean: Unexpected keys in config: 'hosts_allow_lists'.
Fri Nov  7 10:37:30 2025 user.info adblock-lean: Missing keys in config: 'hagezi_default_mirror stevenblack_default_mirror oisd_default_mirror'.
Fri Nov  7 10:38:18 2025 user.info adblock-lean: adblock-lean has been updated to version 'ae23aef37652ad236979919e763da909d14e00cd'.
Fri Nov  7 10:38:26 2025 user.info adblock-lean: Starting adblock-lean, version ae23aef37652ad236979919e763da909d14e00cd.
Fri Nov  7 10:38:26 2025 user.info adblock-lean: Downloading and processing blocklist parts (max parallel jobs: 4).
Fri Nov  7 10:38:52 2025 user.info adblock-lean: New blocklist installed with entries count: 672,703
```

Edited 2025-11-07 17:39 UTC to adjust formatting and added logged info in addition to the command output..

Thank you for testing!

The console output formatting looks kinda broken but I'm assuming that this is because of a mistake in your post formatting.

I adjusted it. I might be remembering incorrectly but it seems like the process of getting fixed width font in a “hidden text” block changed. It looks like it is now a proportional font but otherwise a readable format.

Edit: @antonk I was trying to do that but when I pasted multiple lines, only the first line would format as a ‘code block’. I got it to work with Ctrl-e for the paste as the pop-up suggestion showed me.

I think I used to be able to prepend and append pasted test with three back ticks “`” to do that and the formatting occurred for all text. Now it seems to process each line separately that way. The new way works fine. I’ll just have to remember it.

I don't think I've ever used the ‘hidden text' block on this forum so I can not compare. Anyway, if you want to have a monospaced font then you could use a ‘code block’ inside the ‘hidden text' block.

Hello from monospaced font