Yes, seems to be a valid option (if its possible). I will route selected DHCP clients to adblock and leave the general audience (static or dhcp) to vanilla dns.
I guess it needs a little bit of work to be done though to run multiple dnsmasq instances.
Thanks!
Hello all,
today, i wanted to whitelist a german page www.bild.de, because if this site detects any adblocker, you will not see any content except the "do not use adblocker" message ...
So i performed a:
/etc/init.d/ adblock query bild.de
and got this:
:::
::: results for domain 'bild.de' in active blocklist
:::
+ spr.bild.de
:::
::: results for domain 'bild.de' in backups and black-/whitelist
:::
+ adb_list.adguard.gz spr.bild.de
+ adb_list.adguard.gz pixel.bild.de
+ adb_list.hphosts.gz bild.de.intellitxt.com
+ adb_list.hphosts.gz kinoprogramm.bild.de
+ adb_list.hphosts.gz pixel.bild.de
+ adb_list.hphosts.gz [...]
+ adb_list.reg_de.gz kinoprogramm.bild.de
+ adb_list.sysctl.gz bild.de.intellitxt.com
+ adb_list.winhelp.gz bild.de.intellitxt.com
It is a pitty that the query-tool does not show the complete list of domains but refers to further listings by showing the [...] ....
so i had to zcat /tmp/adb_list.hphosts.gz | grep bild and found the missing entries:
bild01.webtrekk.net
bildwl.mobile.de
rem-track.bild.de
Is is possible to show all needed whitelistings in the future when using adblock query????
Regards,
A.
Thank you for your input! Nonetheless at some point I get a nxdomain for internal hosts. Setup is working fine on 18.06.7. For now I will take a break from version hustling ;- )
Cheers
In case you use NX block list type, whitelisting of bild.de will remove all subdomains from adbock list.
1 Like
How to use this NX block list???
In my config, you can find this ...
config adblock 'global'
option adb_basever '3.8'
option adb_dns 'dnsmasq'
option adb_fetchutil 'uclient-fetch'
option adb_trigger 'wan'
option adb_dnsvariant 'nxdomain'
option adb_enabled '1'
I've opend a new thread for testing the new adblock 4 pre-releases, see here:
2 Likes
I'm trying to understand what kind of problem I have, and if I actually have a problem...
My wife was complaining about not being able to use Jabber (for webmeeting with audio) due to it apparently not connecting to her work (VPN) servers.
I did find that the URL's in question were showing up in the DNS Query Report page, with "NX sent" in the Answer column of Latest DNS Querys. Aha... seems like that's it! Simple fix, right?
Well, banging on the Action button to whitelist them did not fix the problem, even though the URL's showed up in the Whitelist.
Two odd things. They kept appearing in the Querys list with the NX response, and the whitelist button still available as the action to be taken, after they had been whitelisted and were in the whitelist file.
And, disabling Adblock altogether did not get my wife's Jabber working again. (OK, I did try that as my first step, actually)
So, now I'm confused. I did try SSH'ing into the router, reading the whitelist directly, (yep it's in there) and even tried nslookups on the suspect names as well as a few others.
Here's a "real" blocked URL:
root@Router:/etc/adblock# nslookup v10.events.data.microsoft.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: v10.events.data.microsoft.com
Address 1: 0.0.0.0
Address 2: ::
And here's the same when Adblock is off or paused:
root@Router:/etc/adblock# nslookup v10.events.data.microsoft.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: v10.events.data.microsoft.com
v10.events.data.microsoft.com canonical name = global.asimov.events.data.trafficmanager.net
Name: global.asimov.events.data.trafficmanager.net
global.asimov.events.data.trafficmanager.net canonical name = skypedataprdcolcus00.cloudapp.net
Name: skypedataprdcolcus00.cloudapp.net
Address 1: 40.122.160.14
v10.events.data.microsoft.com canonical name = global.asimov.events.data.trafficmanager.net
global.asimov.events.data.trafficmanager.net canonical name = skypedataprdcolase00.cloudapp.net
On or off, here's one of the work VPN site names in question:
root@Router:/etc/adblock# nslookup ccm-lvn-impp.XXXX.XXX
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find ccm-lvn-impp.XXXX.XXX: NXDOMAIN
** server can't find ccm-lvn-impp.XXXX:XXX: NXDOMAIN
So, what is this telling me? It seems like the server is responding to a nslookup with a NXDOMAIN itself? Maybe my test of nslookup isn't really a good test?
What this Jabber webmeeting app seems to need are addresses for the following, TFTP, CTI, CCMCIP and a generic "server" for IM's. They seem to get handed out somehow, thru the VPN tunnel (?) by her work, different names come up at different times, or URL's with a xxx01.xxx , xxx02.xxx, etc.
Is this possibly an Adblock problem?
It doesn't look like that.
Are you using "NULL" method to block domains?
Your first nslookp is showing this while your last nslookup shows NXDOMAIN response.
Seems like none of the DNS servers dnsmasq is querying can resolve this domain name.
Your wife establishes a connection over VPN and then launches the jabber app?
Ah... I am trying out NULL, rather than NXDOMAIN, at the moment...
And my wife tells me that she SHOULD be able to connect to Jabber without using the VPN to work, but has not been able to. Now she can, but only if she goes thru the VPN. The problem is that she can not make the connection without the VPN...
Did I say I'm confused? I don't think I'm any less, yet.... 
Today, she was trying to NOT use VPN, since there was a direction of her work for people to try to not use VPN if possible (increased people working at home due to Corona) so she was having the direct sign in problem.
No, the requested domain is simply not resolvable by your local dns (for whatever reason), "NX" or "NXDOMAIN" is nothing but Non-eXistent Internet or Intranet domain name.
OK, so NX is happening independent of Adblock... so not an Adblock problem.
Is there a way for Adblock to not show them as "blocked" and thereby able to be "whitelisted", when they can't? Sort of a minor issue, but confusing to users... I guess that's all Adblock would have to do with this condition
Anyone have an idea on why those domains aren't getting resolved, or what I could check/test for to figure that out?
No, adblock can't detect the reason for NX. I would always start with a query for the particular domain in question to make sure that this is an adblock issue (which you can fix with whitelisting).
1 Like
Ah well... didn't know if that could be easy or hard to deal with.
I think I now realize whats going on though... it dawned upon me that I'm using Quad 9 for DNS, and, they do their own DNS site screening! So, that probably is the source of the particular site getting blocked, before Adblock does, or doesn't do something with it. Haven't checked it yet, will try tomorrow, but I bet that's what's going on.
Do you have a real example domain for testing my dns upstream?
Hah... Just changed from 9.9.9.9 to my ISP's default DNS servers, and one of the addresses I had been testing now gets resolved, ( I think )
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: ccm-lvn-impp.broadcom.net
Address 1: 92.242.140.2
*** Can't find ccm-lvn-impp.broadcom.net: No answer
This is what I get now, with the SSH command line nslookup, either with Adblock active or paused. Wife is asleep, so no test of Jabber working correctly, but I'd guess it's resolving at least to the one IP, and not getting blocked in my >73K blocklist. Or, it is getting whitelisted out, if it is in there somewhere.
1 Like
Well, the issue goes on, sorry to belabor the thread with it, hope it's some direction for people trying to debug issues.
Checked with the app this morning, and it still doesn't work. Most of the accessed sites are not being blocked now, though there are a few that even using our local ISP's DNS servers are being blocked somehow. The test for this, like last night, accessing them with nslookup, and getting a NXDOMAIN.
So, it looks like this is not Adblock's issue. The confusing thing was the externally blocked sites coming up as NX in the list of DNS accesses, and looking like they were being blocked by Adblock. Hitting the button and putting them in the whitelist of course does nothing, despite being what you would normally do.
I assume that the 3 names that still do not return the lookup must be blocked by our lSP, and I'd need to take it up with them? Here's an example of one that doesn't work for me, maybe it works thru different DNS servers:
root@Router:~# nslookup ccm-lvn-sub01.broadcom.net
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find ccm-lvn-sub01.broadcom.net: NXDOMAIN
** server can't find ccm-lvn-sub01.broadcom.net: NXDOMAIN
Couple of questions for future reference. The Query window, it gives a lookup to what domains are in the current set of blocklists, correct? In this case none of the suspect sites were in there. One can do partial name searches in there, it looks like.
Second one, is there an easy way to block a full domain or must one always have each name listed separately?
Thanks again for all the hard work on Adblock... I'm sure I'm not the only one anxiously awaiting Adblock 4, and will try to give it some beta testing...
Not reachable from any ISP (two different ;- ) that I know....
is there a way to fix loading sites that call https://guce.advertising.com and then fail to load ( because that site is banned ) without obviously whitelisting the advertising.com website?
techcrunch.com is one example.
Yep, just whitelist 'guce.advertising.com' and refresh your blocklists afterwards. Adblock supports selective sub-domain whitelisting ...
I should have written "without obviously whitelisting the guce.advertising.com website"
The idea is still being able to access the site without having them collect information trough that host