Installing sed and grep (instead of using busybox default) reduces my adblock reload time from 1.36s to 33s. I had read about those being faster in simple-adblock readme.
@AcidSlide Could you pls. see if you also get faster reload time with these?
I also wanted to try gawk, but after installing and restarting I get this error: dns backend restart with adblock blocklist failed and adblock doesn't start.
Uninstalling gawk fixes the issue.
PS: I'm in the latest snapshot in a x86 N5105 I have for tests.
This is not really new and it depends on how many entries are in your whitelist - adblock mainly uses awk. Anyway, great that you found a way to speedup things ...
Hi I'm wondering if an option to look up hostnames instead of showing the client id in luci could be added?
Also I'm not sure if adblock filtering works if a client is redirected to an instance with adblock enabled using dhcp options.
I have two instances (kids and adults) if a kids tagged device connects to the adblock free adults interface they are forced to the other kids instance/ dns.
I'm using the classification tag to force clients to a specific instance/dns but the IP addresses of the clients don't show up in the adblock report.
Adblock only lists the IP address under the interface of the adblock instance in the report so I don't know if redirected requests are working.
config tag 'Force_Dns'
option instance 'Kids_Dns'
dhcp_option "6,192.168.2.1"
config host
option instance 'Kids_Dns'
option dns '1'
option mac '50:ED:3C:93:FF:18'
option name 'Tayne-ph'
option tag 'Force_Dns'
config host
option instance 'Kids_Dns'
option dns '1'
option mac '24:75:3A:08:58:9B'
option name 'sophie-ph'
option tag 'Force_Dns'
The log output is truncated by dnsmasq when it has more than 5-10 or so entries in a list, so you see the first (or last? not sure) values, then one of those "NNN more" messages after that.
The log would overflow if it showed all 295,470-odd entries, but it wants to reassure you that it knows about them.
...
Wed Jun 7 04:09:15 2023 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Jun 7 04:09:15 2023 daemon.info dnsmasq[1]: using only locally-known addresses for src.org.zw
Wed Jun 7 04:09:15 2023 daemon.info dnsmasq[1]: using only locally-known addresses for limitless.org.zw
Wed Jun 7 04:09:15 2023 daemon.info dnsmasq[1]: using 295463 more local addresses
Yes, but in my log the word nameservers doesn't mean the number of DNS servers?
I don't have 33 DNS servers and that is why I wanted to know what that log entry means.
Wed Jun 7 02:21:00 2023 daemon.info dnsmasq[1]: using standard nameservers for www.msftncsi.com
Wed Jun 7 02:21:00 2023 daemon.info dnsmasq[1]: using standard nameservers for connectivitycheck.gstatic.com
Wed Jun 7 02:21:00 2023 daemon.info dnsmasq[1]: using standard nameservers for whatsapp.com
Wed Jun 7 02:21:00 2023 daemon.info dnsmasq[1]: using 817986 more local addresses
Wed Jun 7 02:21:00 2023 daemon.info dnsmasq[1]: using 33 more nameservers
Yes to using nameservers, no to count of them. What does your config file entry for, say, that msftncsi one look like? Something there apparently is saying it (and those others) should be served "normally", i.e., it's on your whitelist.
You should be able to find it with a recursive grep, something like this (note the # at the end of the config entry):
We should submit a patch to dnsmasq to clean up those messages
and 817986 more served from local addresses
and 33 more served from standard nameservers
or something like that. Of course that would break someone's workflow somewhere, as it's always the case that some weirdo is scraping the log file to do who in the world knows what with that information...
But what I don't understand is the number 33 here:
Wed Jun 7 02:21:00 2023 daemon.info dnsmasq[1]: using nameserver 127.0.0.1#5050
...
Wed Jun 7 02:21:00 2023 daemon.info dnsmasq[1]: using 33 more nameservers
It should be just the count of local= entries that are whitelisted. I'll bet you can see it with
$ grep -r '^local=.*#$' /var
... all of them ...
$ grep -r '^local=.*#$' /var | wc -l
33+the others that are shown in the log, so like 38-42 or something
Hi. I want to allow Internet access to all my devices only after AdBlock is up and running.
Sometimes I reboot the router and I got a time gap where I can visit any website. Even those that I want blocked.
How can I achieve this?
Thanks
If this is only happening after reboot, it means it's taking time for adblock to load the block list. This can be for any reason, some are below
your router cpu is slow
you router is just a single core
you have a lot of selected block list
By the way, what is your router? There are ways to optimize loading but give use details of your router first.
In one my router it originally takes more than 5 mins to finish loading all of my block list. This is a Quad Core overclocked to 1.1Ghz with 512mb of memory.
It's a xiaomi r4a gigabit edition
I was thinking about a script that pings (for example) www.blockedsite.com and only allows internet for everyone once it can't access said site. Would that be possible?
In my experience, that wouldn't work. Try doing a ping from the router itself from one of the blocked domains and you will see (by default) it will be able to ping the blocked domain. Right now, in Luci, how long does it take to load the blocklist? Adblock reports how long it took to load and restart dnsmasq.
Your router doesn't have a usb so that option is out. Adblock can save a backup of the blocklist in the usb drive and use that upon boot up of the router.
You might try installing (via opkg) the following to help in making the loading of the blocklist faster:
grep
sed
gawk <- this actually made my routers load the blocklist twice faster
+1 on adding gawk if space is available, so much faster than busybox-awk.
You should be able to make this work by being explicit about the server when you do the check. Find something in your block list (or add the aforementioned www.blockedsite.com to adblock's blacklist, then you have known test case, as I assume @anon43134599 was suggesting), try to look it up using the nslookup and check status.
I'll use doh.dns.apple.com for my example instead of www.blockedsite.com as I know it's on my current block list:
# Make sure it's on the block list:
$ grep doh.dns.apple.com /var/dnsmasq.d/adb_list.overall
local=/doh.dns.apple.com.v.aaplimg.com/
local=/doh.dns.apple.com/
# Explicitly use external DNS, we get a result:
$ nslookup doh.dns.apple.com 9.9.9.9
Server: 9.9.9.9
Address: 9.9.9.9:53
Non-authoritative answer:
doh.dns.apple.com canonical name = doh.dns.apple.com.v.aaplimg.com
Name: doh.dns.apple.com.v.aaplimg.com
Address: 17.253.82.115
blah blah blah for dozens of more addresses...
# Explicitly use our dnsmasq, it's blocked:
$ nslookup doh.dns.apple.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1:53
** server can't find doh.dns.apple.com: NXDOMAIN
** server can't find doh.dns.apple.com: NXDOMAIN
# How to make use of this in a script:
$ if nslookup doh.dns.apple.com 127.0.0.1 > /dev/null ; then
> echo "I can see you"
> else
> echo "That address is blocked"
> fi
That address is blocked
Adding the hooks in the right places and doing ifdown/ifup br-lan or whatever is left to the reader...
Thanks. I've installed gawk and the loading time is now less than a minute (it was 5 minutes before)?
But I still get this weird issue: I can still access the blocked website on edge and chrome (both using incognito mode). Just not on firefox or on any other device on my home. This happens only on my PC.
What measures do you take to redirect DNS? If you rely on just the DHCP advertisement, and allow your client machines and their applications to do whatever they please, then you've got a ton of leaks. For one, Chromium-based browsers are probably using DoH (DNS-over-HTTP) and thus bypassing the advertised DNS servers altogether.
Have you gone through all of the DNS Hijacking guide? If not, time to do that.
