I have made sure it uses local DNS ,so no chance it will bypass the router.
When you experience the issue, check on the router:
head -n -0 /etc/resolv.* /tmp/resolv.*
nslookup facebook.com localhost
nslookup www.facebook.com localhost
logread -e adblock
Have you tested by:
nslookup facebook.com <IP_of_OpenWrt>
Please provide the output of /etc/init.d/adblock query facebook.com
Please remember to refresh your blocklists after you've added/removed domains to your blacklist/whitelist.
To effectively block facebook, block the following domains at minimum:
facebook.com
facebook.net
facebook.co.in
facebook.co.uk
fbcdn.com
fbcdn.net
fbsbx.com
fb.me
fb.com
Hi All,
brief about the issue I am facing (just to make sure we are on same page of understanding about the issue):
"with the current configuration, most of the time when AP reboots and come up, Functionality of Adblock works fine - STA/Clients connects and are being blocked to use Facebook site. 70% of the time the functionality works fine.
But there are instances (20-30% of the time) when, after AP reboots, with the same configuration, Clients after connection to AP are able to access Facebook. At this point when we check the "/etc/init.d/adblock report", we see that the facebook sites (listed under Domain column of report), against those clients entries are marked "OK" instead of "NX" in the Answer Column of the report. When the AP is in this state, all clients connecting this AP at this time is able to access the facebook. This behavior will continue untill we restart the adblock or reboot the AP."
above are the Report and Query dump of adblock for facebook when this issue occurs.
#/etc/init.d/adblock report
:::
::: Adblock DNS-Query Report
:::
+ Start ::: 2019-10-08, 13:41:25
+ End ::: 2019-10-08, 13:41:38
+ Total ::: 13
+ Blocked ::: 0 (0.00 %)
:::
::: Top 10 Clients
:::
+ 13 ::: 192.168.2.165
:::
::: Top 10 Domains
:::
+ 1 ::: www.icloud.com
+ 1 ::: www.apple.com
+ 1 ::: static.xx.fbcdn.net
+ 1 ::: people-pa.googleapis.com
+ 1 ::: p55-keyvalueservice.icloud.com
+ 1 ::: oauthaccountmanager.googleapis.com
+ 1 ::: mtalk.google.com
+ 1 ::: m.facebook.com
+ 1 ::: lh6.googleusercontent.com
+ 1 ::: lh3.googleusercontent.com
:::
::: Top 10 Blocked Domains
:::
:::
::: Latest DNS Queries
:::
Date Time Client Domain Answer
2019-10-08 13:41:38 192.168.2.165 static.xx.fbcdn.net OK
2019-10-08 13:41:38 192.168.2.165 lh6.googleusercontent.com OK
2019-10-08 13:41:38 192.168.2.165 lh3.googleusercontent.com OK
2019-10-08 13:41:37 192.168.2.165 people-pa.googleapis.com OK
2019-10-08 13:41:37 192.168.2.165 mtalk.google.com OK
2019-10-08 13:41:37 192.168.2.165 m.facebook.com OK
2019-10-08 13:41:37 192.168.2.165 accounts.google.com OK
2019-10-08 13:41:36 192.168.2.165 oauthaccountmanager.googleapis.com OK
2019-10-08 13:41:29 192.168.2.165 45-courier.push.apple.com OK
2019-10-08 13:41:25 192.168.2.165 www.icloud.com OK
2019-10-08 13:41:25 192.168.2.165 www.apple.com OK
2019-10-08 13:41:25 192.168.2.165 p55-keyvalueservice.icloud.com OK
2019-10-08 13:41:25 192.168.2.165 apple.com OK
#################################################################################################################################################################################
# /etc/init.d/adblock query m.facebook.com
:::
::: results for domain 'm.facebook.com' in active blocklist
:::
- no match
:::
::: results for domain 'facebook.com' in active blocklist
:::
+ facebook.com
:::
::: results for domain 'm.facebook.com' in backups and black-/whitelist
:::
+ adblock.blacklist m.facebook.com
#################################################################################################################################################################################
# uci show adblock
adblock.global=adblock
adblock.global.adb_basever='3.8'
adblock.global.adb_dns='dnsmasq'
adblock.global.adb_fetchutil='wget'
adblock.global.adb_forcedns='1'
adblock.global.adb_report='1'
adblock.global.adb_dnsvariant='nxdomain'
adblock.global.adb_dnsinstance='1'
adblock.global.adb_enabled='1'
adblock.global.adb_trigger='timed'
adblock.extra=adblock
adblock.extra.adb_debug='0'
adblock.extra.adb_forcedns='1'
adblock.extra.adb_report='1'
adblock.extra.adb_maxqueue='4'
adblock.extra.adb_triggerdelay='2'
adblock.extra.adb_blacklist='/etc/adblock/adblock.blacklist'
adblock.extra.adb_rtfile='/tmp/adb_runtime.json'
adblock.extra.adb_nice='0'
adblock.extra.adb_dnsfilereset='false'
adblock.extra.adb_repdir='/tmp'
adblock.extra.adb_backupdir='/tmp'
#######################################################################################################################################################################
# nslookup m.facebook.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: m.facebook.com
Address 1: 2a03:2880:f12f:83:face:b00c:0:25de edge-star-mini6-shv-01-bom1.facebook.com
Address 2: 157.240.16.35 edge-star-mini-shv-01-bom1.facebook.com
###############################################################################################################################################################################
# nslookup facebook.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: facebook.com
Address 1: 2a03:2880:f12f:83:face:b00c:0:25de edge-star-mini6-shv-01-bom1.facebook.com
Address 2: 157.240.16.35 edge-star-mini-shv-01-bom1.facebook.com
############################################################################################################################################################################
kind regards
Just a few points to check:
- You're running multiple dnsmasq instances and adblock is only active on your second instance (
adblock.global.adb_dnsinstance='1'
). Please make sure that all clients use this instance during your tests. - The report engine use tcpdump data. By default tcpdump listens on port 53 and interface "br-lan", if your second dnsmasq instance use other parameters, change the report parameters ('adb_repiface', 'adb_replisten') as well, see online readme for details.
# head -n -0 /etc/resolv.* /tmp/resolv.*
==> /etc/resolv.conf <==
search st1
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search st1
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 8.8.8.8
###############################################################################
# nslookup facebook.com localhost
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: facebook.com
Address 1: 2a03:2880:f12f:83:face:b00c:0:25de edge-star-mini6-shv-01-bom1.facebook.com
Address 2: 157.240.16.35 edge-star-mini-shv-01-bom1.facebook.com
nslookup facebook.com 192.168.0.114
Server: 192.168.0.114
Address 1: 192.168.0.114
Name: facebook.com
Address 1: 2a03:2880:f12f:83:face:b00c:0:25de edge-star-mini6-shv-01-bom1.facebook.com
Address 2: 157.240.16.35 edge-star-mini-shv-01-bom1.facebook.com
I am not come out of this issue.
I am able to reproduce it ..
3/10 times facebook is not blocked
Possible to block whatsapp and instagram with adblcok ?