Adblock support thread

Check the log ("Log View" tab in LuCI) ... if it's empty, just reload ablock and check again.

Yes, it was empty and after restart (edit: I did a restart instead of a reload) it just contained the restart/download action. Any more logs to check related exclusively to adblock?

enable debug logging, but you won't see more cause errors will always be printed.

Ok, if it happens again I will look more detailed...Thank you!

In adblock info on the wiki it says that it binds to the first dnsmasq instance with multiple instances but in my case adblock seems to be active on both is there a way to enable or disable binding to a specific dnsmasq instace?

I see a config option option adb_dnsinstance '1' but it does not seem to work it is still bound to all instances.

I do use httpdns proxy and I have two rules to forward DNS queries are these rules is this creating an issue?.

config redirect
	option target 'DNAT'
	option name 'Adult_dns_53'
	option src_dport '53'
	option src 'Adults_Zone'

config redirect
	option target 'DNAT'
	option name 'Kids_dns_53'
	option src_dport '53'
	option src 'Kids_Zone'

As long as both instances are sharing the same dnsmasq "confdir" the blocklist will influence both instances. Just define an additional/separate "confdir" for the second instance and you're done.

I have set up a different config dir for each instance changed the adblock dns config dir to tmp/Kids_Lan and it still blocks add traffic on both instances.

My configs are as below before reboot after editing the dhcp file:

of note when I reboot openwrt the dhcp file
automatically changes the config dir to something I dont want and seems to use a shared config dir.
The below option confdir '/tmp/Adults_Lan/dnsmasq.d'
gets changes to option confdir '/tmp/Kids_Lan/dnsmasq.d'

it looks like addblock atutmatically alters the config directory based on the settings in the adblock config file so the setting option adb_dnsinstance '1' alters the dhcp file config for the second instance to update the confdir.

Is there a adblock config setting so that I may disable this auto updating of the dhcp config ?

I'm looking to script different rules for different interfaces alternativly I have 3 interfaces and set adb_dnsinstance '2' is that valid ?

config dnsmasq 'Adults_Dns'
	option localise_queries '1'
	option rebind_protection '0'
	option local '/Adults_Lan/'
	option domain 'Adults_Lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/Adults_Lan/dhcp.leases'
	option serversfile '/tmp/Adults_Lan/adb_list.overall'
	list interface 'Adults_Lan'
	option localservice '0'
	list server '127.0.0.1#5054'
	list server '127.0.0.1#5053'
	option noresolv '1'
	option doh_backup_noresolv '-1'
	list doh_backup_server '8.8.8.8'
	option confdir '/tmp/Adults_Lan/dnsmasq.d'

config dnsmasq 'Kids_Dns'
	option localise_queries '1'
	option rebind_protection '0'
	option local '/Kids_Lan/'
	option domain 'Kids_Lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/Kids_Lan/dhcp.leases'
	option confdir '/tmp/Kids_Lan/dnsmasq.d'
	option serversfile '/tmp/Kids_Lan/adb_list.overall'
	list interface 'Kids_Lan'
	list notinterface 'loopback'
	option localservice '0'
	list server '127.0.0.1#5054'
	list server '127.0.0.1#5053'
	option noresolv '1'
	option doh_backup_noresolv '-1'
	list doh_backup_server '8.8.8.8'

config dhcp 'Adults_Lan'
	option instance 'Adults_Dns'
	option interface 'Adults_Lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'

config dhcp 'Kids_Lan'
	option instance 'Kids_Dns'
	option interface 'Kids_Lan'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option force '1'

config dhcp 'Wan'
	option interface 'Wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config adblock 'global'
	option adb_enabled '1'
	option adb_debug '0'
	option adb_forcedns '0'
	option adb_dnsfilereset '0'
	option adb_mail '0'
	option adb_backup '1'
	option adb_maxqueue '4'
	list adb_sources 'adaway'
	list adb_sources 'adguard'
	list adb_sources 'disconnect'
	list adb_sources 'yoyo'
	option adb_dns 'dnsmasq'
	option adb_fetchutil 'uclient-fetch'
	option adb_safesearch '1'
	option adb_report '1'
	option adb_repiface 'any'
	list adb_safesearchlist 'google'
	option adb_trigger 'Wan'
	option adb_dnsdir '/tmp/Kids_Lan/dnsmasq.d'
	option adb_dnsflush '1'


If you're willing to script such iteration, you need three separate adblock configs. In each adblock config you have to change at least this pair of parameters: 'adb_dnsdir' and 'adb_dnsinstance'. The instance numbering starts with "0" for the first instance.

I'm not a great help here cause I'm using unbound, sorry.

1 Like

Heyo. Running Adblock on an Omnia and running into blocking ad issues.

Installed Adblock via the Turris OS admin packages dashboard, then switched to Luci web dashboard to start setting stuff up per the Turris community wiki:

Configure service via LuCI interface

Now, go to the LuCI web interface, Services → Adblock page and make the following changes from the 'default' pre-set:

  • make sure “Enable Adblock” is checked (required)
  • change “DNS Backend” to “kresd” (default for Turris Omnia)
  • change “Startup Trigger” to “timed”
  • change “Download utility” to “wget” (required for Turris Omnia)
  • check additional Blocklist Sources, e.g.,: adaway, adguard, blacklist, disconnect, ransomware, winspy, yoyo, zeus
  • you can check “Verbose Debug Logging” (if you would like to check everything is working fine)
  • [optional] check “Force Local DNS”

Finally, hit “Save & Apply” button to save all changes and start adblock processing.
[...]
Finally start adblock processing with:

/etc/init.d/adblock reload

There's at least one difference which I'm not sure if it's because of Adblock version differences since the wiki was written or something, but there is no "timed" trigger:

When I run the guide's healthcheck, nslookup securepubads.g.doubleclick.net localhost, I get:

Server:         localhost
Address:        ::1#53
** server can't find securepubads.g.doubleclick.net: NXDOMAIN
** server can't find securepubads.g.doubleclick.net: NXDOMAIN

instead of:

   nslookup securepubads.g.doubleclick.net localhost
   Server:    127.0.0.1
   Address 1: 127.0.0.1 localhost

   nslookup: can't resolve 'securepubads.g.doubleclick.net': Name does not resolve

The lack of ad blocking is further confirmed when I pull up mobile and look at a major US news outlets that are known for ads (e.g. CNN)

In case it helps:

root@turris:~# /etc/init.d/adblock status
::: adblock runtime information
  + adblock_status  : running
  + adblock_version : 4.0.7
  + blocked_domains : 0
  + active_sources  : adaway adguard android_tracking anti_ad disconnect firetv_tracking notracking smarttv_tracking winspy yoyo 
  + dns_backend     : kresd, /etc/kresd
  + run_utils       : -
  + run_ifaces      : trigger: timed, report: br-lan
  + run_directories : base: /tmp, backup: /tmp, report: /tmp, jail: /tmp
  + run_flags       : backup: 1, reset: 0, flush: 0, force: 1, search: 0, report: 1, mail: 0, jail: 0
  + last_run        : -
  + system          : Turris Omnia, TurrisOS 5.2.3 c88bdb8294a73e0eaa3cd86e843564a8244b333c

Also, despite having DNS Report enabled, hitting 'Save & Apply', the report is blank after refreshing:


Start Timestamp

-, -

End Timestamp

-, -

Total DNS Requests

-

Blocked DNS Requests

- (-)

I'm not sure if there's a CLI way to enable it since the web dash seems to be having set var issues?

Forget the turris wiki page - it's outdated. The status you've posted is "running", that means adblock is still running/processing your lists. Make sure that you'll get the final 'enabled' status before you're running checks you've mentioned above. In your case I would set the trigger interface to 'wan', reboot your router and check the adblock logs (Log View tab in LuCI) afterwards.

1 Like

Thanks for the quick response and solution. Waiting for enabled, setting trigger to wan, and rebooting (and refreshing DNS Report) seems to have done the trick! :slight_smile:

1 Like

Hi, Just wanted to hare some info on google safe search as enabled on adblock.
It appears that google.co.uk is not resolved as 216.239.38.120 as expected to the safe search VIP.
I have tried this on both 19.07.7 and 21.02rc3 with the same result. All other regional domains seem to work (at least the ones I have tried).
I may be wrong but it appears that google.co.uk is missing from the adblock SafeSearch list.
Has anyone else come across this ?

Nice finding. Clearly a bug in the dynamic domain preparation/regex for google. I'll fix this and come back to you.

Edit: Will be fixed in 4.1.3-3 with this PR https://github.com/openwrt/packages/pull/16226

Thanks
Just to add that google.co.nz is also broken

As said before, the regex prepare is the culprit ... all 2-dotted domains are broken ... :upside_down_face:

Hello, little help needed please :slight_smile:
just to understand if i'm taking the correct way..
I've been using adblock for a while on my "normal" lan, with full success.
I've then created a specific interface for iot clients, with very limited access, but now i'm facing the problem that in any case some cients need internet access to specific domains.
So i think i should act this way:

  • create a new dnsmasq instance for the iot network
  • create a .jail file with the whitelist of allowed domains
  • link the whitelist to the dnsmasq instance

and this should work: i should keep the blacklist approach on the first instance and the whitelist on the second.
It is not clear to me if i can manage this second whitelist with the luci adblock gui, and if so HOW?
is this correct? can this work?
Thanks

Adblock cant do that it will only operate on a single instance or have the same settings on instances that use the same confdir.

On my router I have seperate conf dir for each instance and setup adblock on one of them.
I have set up a cronjob in the second instance to copy adblock files into there along with white and black lists. from a non volitile location.

So I have a kids instance with adblock with aditional blocking of snapchat instragram etc...
The other adults instance only has adblocking without blocking of social media.

1 Like

Is there a way to only have the manually entered white and blacklists operate on a time scedule ?

I wish to use adblock all the time but I only want to block the aditional white and blacklists at night time to block social media for my children when they should be doing homework could this be implemented?.

it looks like i can suspend or resume but not suspend or resume specific lists

I think I'm missing something. I want to allow a site to show ads... Can I do this with adblock easily ? Whitelisting the site doesn't do anything because the ads are coming from different domains. Do I need to find out what those domains are and whitelist them? Is do-able but more work and would allow those ads to appear on other sites too...

The later, it's not reasonably possible with a DNS (router-) based adblocking solution.