Adblock support thread

That's a totally outdated config and the startup trigger entry is missing (adb_iface). Please start with a fresh config from main package repo and try again.

Very good, thanks for the hint

I'm receiving the following in the logs, attempting to bring up adblock v2.6.2-1:

Wed Aug 23 16:28:25 2017 user.notice adblock-[2.6.2] error: no active/supported DNS backend found
Wed Aug 23 16:28:25 2017 user.notice adblock-[2.6.2] error: Please check 'https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md' (LEDE Reboot 17.01.2 r3435-65eec8bd5f)

I've removed Dnsmasq and replaced it with bind. Looking in the sources, it runs the following command:

ubus -S call service list

Here is the output from that command:

{"adblock":{"instances":{"adblock":{"running":false,"command":["\/usr\/bin\/adblock.sh"],"term_timeout":5}}},"collectd":{"instances":{"instance1":{"running":true,"pid":1686,"command":["\/usr\/sbin\/collectd","-f"],"term_timeout":5}}},"cron":{"instances":{"instance1":{"running":true,"pid":1601,"command":["\/usr\/sbin\/crond","-f","-c","\/etc\/crontabs","-l","8"],"term_timeout":5}}},"dnsmasq":{"instances":{"cfg02411c":{"running":false,"command":["\/usr\/sbin\/dnsmasq","-C","\/var\/etc\/dnsmasq.conf.cfg02411c","-k","-x","\/var\/run\/dnsmasq\/dnsmasq.cfg02411c.pid"],"term_timeout":5}}},"dropbear":{"instances":{"instance1":{"running":true,"pid":1621,"command":["\/usr\/sbin\/dropbear","-F","-P","\/var\/run\/dropbear.1.pid","-p","192.168.1.1:22","-p","fdda:5e85:487::1:22","-K","300"],"term_timeout":5,"data":{"mdns":{"ssh_22":{"service":"_ssh._tcp.local","port":22,"txt":["daemon=dropbear"]}}},"respawn":{"threshold":3600,"timeout":5,"retry":5}}}},"firewall":{},"gpio_switch":{},"log":{"instances":{"instance1":{"running":true,"pid":1145,"command":["\/sbin\/logd","-S","64"],"term_timeout":5,"respawn":{"threshold":3600,"timeout":5,"retry":5}}}},"named":{"instances":{"instance1":{"running":true,"pid":7144,"command":["\/usr\/sbin\/named","-u","bind","-f","-c","\/etc\/bind\/named.conf"],"term_timeout":5,"respawn":{"threshold":3600,"timeout":5,"retry":5}}}},"network":{"instances":{"instance1":{"running":true,"pid":1216,"command":["\/sbin\/netifd"],"term_timeout":5,"limits":{"core":"unlimited"},"respawn":{"threshold":3600,"timeout":5,"retry":5}}}},"odhcpd":{"instances":{"instance1":{"running":true,"pid":1232,"command":["\/usr\/sbin\/odhcpd"],"term_timeout":5,"respawn":{"threshold":3600,"timeout":5,"retry":5}}}},"rpcd":{"instances":{"instance1":{"running":true,"pid":1154,"command":["\/sbin\/rpcd"],"term_timeout":5}}},"sysntpd":{"instances":{"instance1":{"running":true,"pid":1769,"command":["\/usr\/sbin\/ntpd","-n","-N","-S","\/usr\/sbin\/ntpd-hotplug","-p","0.lede.pool.ntp.org","-p","1.lede.pool.ntp.org","-p","2.lede.pool.ntp.org","-p","3.lede.pool.ntp.org"],"term_timeout":5,"respawn":{"threshold":3600,"timeout":5,"retry":5}}}},"system":{},"tor":{"instances":{"instance1":{"running":true,"pid":1637,"command":["\/usr\/sbin\/tor","--runasdaemon","0"],"term_timeout":5}}},"ubus":{"instances":{"instance1":{"running":true,"pid":902,"command":["\/sbin\/ubusd"],"term_timeout":5,"respawn":{"threshold":3600,"timeout":1,"retry":0}}}},"uhttpd":{"instances":{"instance1":{"running":true,"pid":1658,"command":["\/usr\/sbin\/uhttpd","-f","-h","\/www","-r","LEDE","-x","\/cgi-bin","-u","\/ubus","-t","60","-T","30","-k","20","-A","1","-n","3","-N","100","-R","-p","0.0.0.0:80","-p","[::]:80","-q"],"term_timeout":5,"respawn":{"threshold":3600,"timeout":5,"retry":5}}}},"urandom_seed":{"instances":{"urandom_seed":{"running":false,"command":["\/sbin\/urandom_seed"],"term_timeout":5}}}}

Digging through the list, I do see the following:

"named":{"instances":{"instance1":{"running":true,"pid":7144,"command":["\/usr\/sbin\/named","-u","bind","-f","-c","\/etc\/bind\/named.conf"]

It looks like the code does support this; am I missing something here?

Thanks,

Brett

Same result as before. Im running default settings on everything except on dnscrypt where im using three resolvers.
Just enabled "Force local DNS" and "Force Overall Sort" but nothing. Restarting adblock didnt help so far either.

Hi,

bind support has been added in 2.8.x release series, so please take the latest adblock snapshot release and read the online documentation regarding bind integration (both links are in the first post of this thread).

Then you've borked your dnsmasq configuration ... in the other thread you've mentioned that all works quite well - try to remember what you have changed afterwards and revert it ...

hey there,

i'm trying to work on turris omnia with latest 2.8.5 and kresd (default) but it seems that it's somehow not parsing the lists:
log below

2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: info : start adblock processing ...
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: action: , manual_mode:0, backup: 0, dns: dnsmasq, fetch: busybox (-), mem_total: 1031, force_srt/_dns: 0/1
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: adaway, enabled: 1, url: https://adaway.org/hosts.txt, rset: $0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: adaway, mode: restore, count: 0, in_rc: 127, out_rc: 127
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: adaway, mode: remove, count: 0, in_rc: 127, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: adguard, enabled: 0, url: https://raw.githubusercontent.com/AdguardTeam/AdguardDNS/master/Filters/filter.txt, rset: {FS="[|^]"} $0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower($3)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: adguard, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: blacklist, enabled: 0, url: /etc/adblock/adblock.blacklist, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: blacklist, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: disconnect, enabled: 1, url: https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: disconnect, mode: restore, count: 0, in_rc: 127, out_rc: 127
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: disconnect, mode: remove, count: 0, in_rc: 127, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: dshield, enabled: 0, url: https://www.dshield.org/feeds/suspiciousdomains_Low.txt, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: dshield, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: feodo, enabled: 0, url: https://feodotracker.abuse.ch/blocklist/?download=domainblocklist, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: feodo, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: hphosts, enabled: 0, url: https://hosts-file.net/ad_servers.txt, rset: $0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: hphosts, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: malware, enabled: 0, url: https://mirror.cedia.org.ec/malwaredomains/justdomains, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: malware, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: malwarelist, enabled: 0, url: http://www.malwaredomainlist.com/hostslist/hosts.txt, rset: $0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: malwarelist, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: openphish, enabled: 0, url: https://openphish.com/feed.txt, rset: {FS="/"} $3 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($3)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: openphish, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: palevo, enabled: 0, url: https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: palevo, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: ransomware, enabled: 0, url: https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: ransomware, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_cn, enabled: 0, url: https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt, rset: {FS="[|^]"} $0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower($3)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_cn, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_pl, enabled: 0, url: http://adblocklist.org/adblock-pxf-polish.txt, rset: {FS="[|^]"} $0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower($3)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_pl, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_ro, enabled: 0, url: https://easylist-downloads.adblockplus.org/rolist+easylist.txt, rset: {FS="[|^]"} $0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower($3)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_ro, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_ru, enabled: 0, url: https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt, rset: {FS="[|^]"} $0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower($3)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: reg_ru, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: securemecca, enabled: 0, url: http://securemecca.com/Downloads/hosts.txt, rset: $0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: securemecca, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: shalla, enabled: 0, url: http://www.shallalist.de/Downloads/shallalist.tar.gz, rset: {FS="/"} $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: shalla, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: spam404, enabled: 0, url: https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: spam404, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: sysctl, enabled: 0, url: http://sysctl.org/cameleon/hosts, rset: $0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: sysctl, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: whocares, enabled: 0, url: http://someonewhocares.org/hosts/hosts, rset: $0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: whocares, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: winspy, enabled: 0, url: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt, rset: $0 ~/^0\.0\.0\.0[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: winspy, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: winhelp, enabled: 0, url: http://winhelp2002.mvps.org/hosts.txt, rset: $0 ~/^0\.0\.0\.0[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($2)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: winhelp, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: yoyo, enabled: 1, url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: yoyo, mode: restore, count: 0, in_rc: 127, out_rc: 127
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: yoyo, mode: remove, count: 0, in_rc: 127, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: zeus, enabled: 0, url: https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist, rset: $1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower($1)}
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: debug: name: zeus, mode: remove, count: 0, in_rc: 4, out_rc: 0
2017-08-24T12:58:53+03:00 notice adblock-[2.8.5]: info : block list with overall 0 domains loaded successfully (OpenWrt omnia 15.05)

Hi,
you're are my first turris omnia volunteer - welcome! :wink:
At a first glance two problems here in the log:

  1. adblock detects "dnsmasq" as dns backend. Probably kresd & dnsmasq are running in parallel and dnsmasq comes first in the detection procedure. To overwrite the default, please set in the global section of adblock.conf:
    option adb_dnslist 'kresd'

  2. You are using busybox wget applet without SSL support for your downloads, therefore you can't download any list from SSL download sites. Please install full wget package with SSL support.

Also please check the online documentation for further kresd integration ... but as I said before, this is completely untested ... good luck! :wink:

hi,

1 is done.
for 2 i've just commented the fetch_client validation part and it worked:

  • ssl_lib="-"
  • if [ -x "${adb_fetch}" ]
  • then
  •    if [ "$(readlink -fn "${adb_fetch}")" = "/usr/bin/wget-nossl" ]
    
  •    then
    
  •        adb_fetchparm="--no-config --quiet --no-cache --no-cookies --max-redirect=0 --timeout=10 -O"
    
  •    elif [ "$(readlink -fn "/bin/wget")" = "/bin/busybox" ] || [ "$(readlink -fn "${adb_fetch}")" = "/bin/busybox" ]
    
  •    then
    
  •        adb_fetch="/bin/busybox"
    
  •        adb_fetchparm="-q -O"
    
  •    else
    
  •        ssl_lib="built-in"
    
  •    fi
    
  • fi

and got 2017-08-24T14:09:18+03:00 notice adblock-[2.8.5]: info : block list with overall 9814 domains loaded successfully (OpenWrt omnia 15.05)

but checking a ad domain returns the IP :frowning:
root@turris:/tmp# nslookup zmt100.com localhost
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost

Name: zmt100.com
Address 1: 162.221.6.13

the list is populated correctly i think
root@turris:/tmp# grep -m 5 .co /tmp/kresd/adb_list.overall
0001.2waky.com CNAME .
*.0001.2waky.com CNAME .
001wen.com CNAME .
*.001wen.com CNAME .
009blog.com CNAME .
...

I've send you a PM for further analysis.

I am using adblock version 2.6.2 from the latest stable release. I notice the same bug as AdBlock: Whitelist not working? #4534

In addition, clients in LAN and guest network are able to change system DNS entry and bypass adblock although I have checked force DNS.

I have rebooted the router and confirmed that the whitelist and force DNS setting are saved.

I am looking for snapshot version but cannot find it for ar71xx architecture. I have TP-Link TL-WDR3600 v1

This package is architecture independent - just use the download links from the first post.

Is your router configured as an AP in your LAN? If so, than this firewall rule can't work, of course ... it only makes sense in "classic" router mode.

@dibdot Thanks for the quick reply. I upgraded to the latest version 2.8.5. Now the whitelist works fine. I did not know that there are platform independent packages.

The router is in classic standalone router mode. One WAN, One home LAN, and One Guest network on a separate subnet. Wfi radio is only connected to the guest network and home LAN has a separate AP.

Guests only get IPV4 addresses. home LAN has both IPV6 and IPV4.

Even after using "Force local DNS" option guests are able to use their own dns server. I am thinking of adding a custom firewall rule for guest network 192.168.2.0

iptables -t nat -A PREROUTING -s 192.168.2.0/24 -p udp --dport 53 -j DNAT --to 192.168.1.1
Will this work?

I have 128 MB RAM so I enabled most of the lists except region specific lists. (I am assuming that the lists stay in the memory and do not create excessive flash writes). The router seems to handle it ok and I still have ~60% RAM free.

if the guests are coming from a different subnet/zone the rule doesn't work, at this stage it's hardcoded to 'lan' zone. In your /etc/config/firewall you should find something like this:

config redirect 'adblock_dns'
option name 'Adblock DNS'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'

Simply change the src-option, restart the firewall and it should work ...

It is still not working on the guest network. I copied adblockDNS and added my own. (Through LUCI firewall GUI). Here is what it added to the /etc/config/firewall. My guest network is 192.168.2.1
config redirect
option target 'DNAT'
option src 'guest'
option dest 'guest'
option proto 'tcp udp'
option src_dport '53'
option dest_ip '192.168.2.1'
option dest_port '53'
option name 'AdblockDNSGuest'
option src_port '53'

I use opendns on my router. They have a nice site www.opendns.com/welcome that tells me if I am using opendns. Here are my test scenarios. I was loading a new private browser window every time to make sure there was no caching. Here are the test results.

1.LAN connection. Get DNS server from my home router in DHCP for the client.
Test: Go to welcome site. Confirm that it is using opendns. Works as expected. PASS.
Test: Go to a known ad serving site. No ads. Works as expected. PASS.

2.LAN connection. Hard code ISP dns server in the client.
Test: Go to welcome site. Confirm that it is still using opendns. Works as expected. PASS.
Test: Go to a known ad serving site. No ads. Works as expected. PASS.

3.Guest connection. Get DNS server from my home router in DHCP for the client.
Test: Go to welcome site. Confirm that it is still using opendns. PASS.
Test: Go to a known ad serving site. No ads. Works as expected. PASS.

2.Guest connection. Hard code ISP dns server in the client.
Test: Go to welcome site. Confirm that it is still using opendns. FAIL
Test: Go to a known ad serving site. Lot of ads. FAIL

hi
i've just installed my first lede trunk (r4751) with the latest adblock 2.8.5.
i have a tp link w8970 (8MB flash, 64MB ram)
I've noticed three problems with the adblock:

  1. if adblock is running i can't search through the software packets installer, both in luci (gives me blank results) and in opkg console (throws a running out memory error). If i suspend adblock, opkg will return to work.
  2. if i use big lists, like the malware (16k entries), i obtain a process killed in the verbose log and the list will not be considered.
  3. if i use the option "Force Overall Sort", my router will freeze for 30 sec and the sort process will be killed at the end. Another out of memory reason in the log.

The ram free memory available is around 20MB, so i don't know why the processes are killed.

thank you for your help

I would prefer it if possible dnsmasq wasn't restarted as a result of period updates. This is achievable in principle, use the server=// directive instead of local=// in the files (not even sure this step is necessary), and then load all the files using the servers-file= directive.

In this case kill -HUP will reload the configuration files just fine - this will also preserve long term history about dnsmasq caching and DNS failures.

Hi @dibdot, i installed adblock and luci-app-adblock on my TP-Link WR741ND V2 (LEDE Reboot 17.01.2). Everything seems working fine

root@LEDE:~# /etc/init.d/adblock status
::: adblock runtime information
 status          : active
 adblock_version : 2.6.2
 blocked_domains : 5747
 fetch_info      : uclient-fetch (libustream-ssl)
 dns_backend     : dnsmasq
 last_rundate    : 07.09.2017 22:24:16
 system          : LEDE Reboot 17.01.2 r3435-65eec8bd5f

However the ads are still on the page when i am using https://ads-blocker.com/testing/ to evaluate. The 'doubleclick.net' is blocked as the query result shows

root@LEDE:~# /etc/init.d/adblock query 'doubleclick.net'
::: distinct results for domain 'doubleclick.net'
 adb_list.Easylist    : survey.g.doubleclick.net
 adb_list.Easylist_China : survey.g.doubleclick.net
 adb_list.adaway      : doubleclick.net
 adb_list.yoyo        : doubleclick.net

Yet here is the nslookup result on router

root@LEDE:~# nslookup doubleclick.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      doubleclick.net
Address 1: 216.58.200.46
Address 2: 2404:6800:4008:800::200e

Client side

PS C:\Users\Connor> nslookup doubleclick.net
服务器:  LEDE.lan
Address:  192.168.1.1

非权威应答:
名称:    doubleclick.net
Addresses:  2404:6800:4008:800::200e
          216.58.200.46

My /etc/config/adblock config file

root@LEDE:~# cat /etc/config/adblock

config adblock 'global'
        option adb_enabled '1'
        option adb_debug '0'
        option adb_forcesrt '0'
        option adb_iface 'wan'
        option adb_triggerdelay '2'
        option adb_whitelist '/etc/adblock/adblock.whitelist'
        option adb_whitelist_rset '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}'
        option adb_backup '0'
        option adb_backupdir '/mnt'
        option adb_rtfile '/tmp/adb_runtime.json'
        option adb_forcedns '0'

So where's the problem?

@dibdot I've been following and using your Adblock releases since you first started. Anyway, just a brief question.

With many modern routers having dual core processors and tri band wireless chips, it has got me thinking. Would it be beneficial for these devices, from a performance perspective, to have multiple instances of dnsmasq running and therefore multiple instances of filtering from your Adblock filter rules? I am thinking of home networks with multiple iPads, multiple iPhones, laptops, etc.

What are your thoughts on this?

Another thought here is having separate DNS and filtering rule sets for different networks. Example: main wireless network for the adults in the house, while a separate wireless network for the kids devices with stronger filtering rules and perhaps forcing Google Safe Search or similar.

Thank you for your time.

It's the conflict between dnsmasq confdir setting in /etc/config/dhcp (list confdir '/etc/dnsmasq.d') with adblock shell, which take /tmp/dnsmasq.d as dnsmasq confdir. This do explain why many adblock users complain that dnscrypt is incompatible with adblock.

I solved this issue by using conf-file option in /etc/dnsmasq.conf to include /etc/dnsmasq.d/*.conf files to avoid conflict.

root@LEDE:~# nslookup doubleclick.net
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find doubleclick.net: NXDOMAIN
** server can't find doubleclick.net: NXDOMAIN