Adblock support thread

It was
option adb_repiface 'any'

Post was #1277

(to me, actually) :slight_smile:

Short question. What is this "Trigger delay" in "Additional settings" tab? Additional time spent in waiting after interface brought up before adblock starts downloading or something different?

Looks like it's to delay access to the temp file system on initial startup, see /usr/bin/adblock.sh at line 431:

 f_log "err" "the temp base directory '${adb_tmpbase}' does not exist/is not mounted yet, please create the directory or raise the 'adb_triggerdelay' to defer the adblock start"

... OK, thank you. Then I will switch to wan6 as my trigger interface. It is not often when I reboot my router but today I noticed that some parts of my list were not properly loaded after reboot. First idea was to add some delay but later I found that those lists which failed were all resolved as IPv6 addresses. And wan6 takes 2-3 seconds more to bring up (DHCPv6).

@dibdot can you add Yandex DNS to your doh_blocklist?

Addresses and IPs are at very bottom of https://en.wikipedia.org/wiki/Public_recursive_name_server

I'm wanting to run different block lists on different dnsmasq instances I'm wondering on a method to do this.
I was thinking I could clone adblock and the luci app rename the init scripts and config files etc would I be able to run two instances of adblock?

After updating I noticed that StevenBlack blocklist is not working properly. Something is downloaded but that is definitely not the current blocklist. I checked URL in sources and changed it to the correct one.
Instead of https://raw.githubusercontent.com/StevenBlack/hosts/master/ it should be https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/.
But after the change I get an download error. I want blocklist fakenews-gambling-porn-social so I toggled in UI fakenews-gambling-porn-social and standard. Generated download URL is now https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/hosts which is wrong as it supposed to be https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts
Any ideas how to fix this?

The correct url path get added from the /etc/adblock/adblock.categories list.

I see, the path for fakenews-gambling-porn-social points to fakenews-porn-social.

Hello,
Adblock is blocking all my corporate computer DNS requests. It is leading to issue / disconnection.
DNS requests are mostly under :

      *.corp.capgemini.com 
      wpad.corp.capgemini.com

image

In the whitelist I added

corp.capgemini.com
wpad.corp.capgemini.com

I do not understand why all is blocked. Could it be part of a "blacklist"?
If I configure " capgemini.com " inside the whitelist. Does it include all " *.capgemini.com "

When I use "Blocklist Query" toolbox all seems ok:

image

So why does I have all block in block domains:
image

Thanks for clarification.

It may not be a block, but a valid NXDOMAIN. Sometimes phony DNS requests are made by corporate clients to determine if they are on the corp VPN or public internet. Do you expect these names to resolve to a real IP? The names look somewhat random.

1 Like

Hello,

is it possible to use the Adblock DNS-Report with stubby (encrypted DNS)?
When I press "Refresh" there are no results.

I've configured Luci-> Network -> DHCP and DNS -> DNS forwardings -> 127.0.0.1#5453
Using Luci-> Network -> DHCP and DNS -> DNS forwardings -> 1.1.1.1 or 8.8.8.8 everything works fine, but DNS wouldn't be encrypted anymore.

The "Report Ports" for TCPdump are 53 853 5353 5453, because I haven't figured out which one is right for using 127.0.0.1#5453.

Is there a solution for this issue?

I assume you are using dnsmasq as the backend for adblock? In that case, you need not do anything to get reporting to work. Here's how my config looks, with adblock on top of dnsmasq on top of stubby. (I have rules that block both DoT and DoH from clients, and also rules that redirect all port 53 DNS to the the router, so I don't have to configure any clients, they just get their DNS hijacked.)

In /etc/config/dhcp, trimmed for clarity:

config dnsmasq
...
        list server '127.0.0.1#5453'
        list server '::1#5453'
...

In /etc/config/stubby:

config stubby 'global'
        option manual '0'
...
        list listen_address '127.0.0.1@5453'
        list listen_address '0::1@5453'

config resolver
        option address '9.9.9.9'
        option tls_auth_name "dns.quad9.net"
config resolver
        option address 2620:fe::9
        option tls_auth_name "dns.quad9.net"

And in /etc/config/adblock:

config adblock 'global'
...
        option adb_dns 'dnsmasq'
        option adb_report '1'
...

Yes reg_kr should be changed to that. It's not working currently with 404 error.

And the reg_jp also should be updated. It's using outdated source.

Even this link in README pointing to 3rd_domains.txt

Or https://easylist-downloads.adblockplus.org/koreanlist+easylist.txt this link can be used.
Example:

"reg_kr": {
         "url": "https://easylist-downloads.adblockplus.org/koreanlist+easylist.txt",
         "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+\\^(\\$third-party)?    $/{print tolower($3)}",
         "size": "S",
         "focus": "reg_korea",
         "descurl": "https://adblockplus.org/ko/subscriptions"  
},

Source (In Korean): https://qquack.org/openwrt/adblock/

Thank you for your advice/ help.

Yes I use dnsmasq.
Although I've used almost the same settings it hasn't worked out. Maybe there were some issues with the firewall.

That's why I've installed Adguard Home which doesn't need Stubby. It works fine now.

Hmm, could be. In addition to redirecting all port 53 to the router, I have manual rules to completely block 853 and a homemade solution to block specific IPs (both v4 and v6) on port 443. The latter uses various sources, but more sane people would just use banip and its DoH list (banIP support thread).

Hello,
on my router something goes wrong with adblock and it's dns-report. I hope you can give me a helping hand:
When I do a dns-report about interface "any" (watch to all interfaces) I get no result, the dns-report tab in luci-adblock stays blank, no datas :roll_eyes:
When I do a dns-report about the interface "br-lan" I get a result, the dns-report tab in luci adblock ist correctly filled with datas.

I noticed: When I start building a dns-report, the file adb_report.json stays empty (0 byte) by interface choice "any":

root@wrouter:~# ll /tmp/adblockReportProd/
drwxr-xr-x 2 root root 180 Nov 14 19:35 ./
drwxrwxrwt 19 root root 560 Nov 14 19:35 ../
-rw-r--r-- 1 root root 0 Nov 14 19:35 adb_mailreport.txt
-rw-r--r-- 1 root root 0 Nov 14 19:35 adb_report.json
-rw-r--r-- 1 root root 1000150 Nov 14 17:35 adb_report.pcap0
-rw-r--r-- 1 root root 1000051 Nov 14 19:19 adb_report.pcap1
-rw-r--r-- 1 root root 255778 Nov 14 19:35 adb_report.pcap2
-rw-r--r-- 1 root root 0 Nov 14 19:35 adb_report.srt

The tcpdump file includes datas, this files looks ok. When I build a report about interface br-lan, the file adb_report.json includes datas, the report is showing ok!
Any ideas why the dns-report, the file adb_report.json, about all interfaces ("any") will no be created?

Some more infomation about my router and it's openwrt:

root@wrouter:~# /etc/init.d/adblock status
::: adblock runtime information

  • adblock_status : enabled
  • adblock_version : 4.1.5
  • blocked_domains : 104436
  • active_sources : adaway, adguard, adguard_tracking, disconnect, reg_de, smarttv_tracking, spam404, whocares, winspy, yoyo
  • dns_backend : dnsmasq (-), /tmp/dnsmasq.d
  • run_utils : download: /bin/uclient-fetch, sort: /usr/libexec/sort-coreutils, awk: /bin/busybox
  • run_ifaces : trigger: wan, report: any
  • run_directories : base: /tmp, backup: /tmp/adblock-Backup, report: /tmp/adblockReportProd, jail: /tmp
  • run_flags : backup: :heavy_check_mark:, flush: ✘, force: ✘, search: ✘, report: :heavy_check_mark:, mail: ✘, jail: ✘
  • last_run : reload, 0m 49s, 248/107/92, 2023-11-14T04:10:50+01:00
  • system : AVM FRITZ!Box 4040, OpenWrt 23.05.0 r23497-6637af95aa
    root@wrouter:~#

root@wrouter:~# cat /etc/config/adblock
config adblock 'global'
option adb_enabled '1'
option adb_debug '0'
option adb_forcedns '0'
option adb_safesearch '0'
option adb_dnsfilereset '0'
option adb_mail '0'
option adb_report '1'
option adb_backup '1'
option adb_dns 'dnsmasq'
option adb_fetchutil 'uclient-fetch'
option adb_repiface 'any'
option adb_trigger 'wan'
option adb_triggerdelay '5'
option adb_lookupdomain 'openwrt.org'
list adb_sources 'adaway'
list adb_sources 'adguard'
list adb_sources 'adguard_tracking'
list adb_sources 'disconnect'
list adb_sources 'reg_de'
list adb_sources 'smarttv_tracking'
list adb_sources 'spam404'
list adb_sources 'whocares'
list adb_sources 'winspy'
list adb_sources 'yoyo'
option adb_reportdir '/tmp/adblockReportProd'

Modell AVM FRITZ!Box 4040
Architektur ARMv7 Processor rev 5 (v7l)
Platform ipq40xx/generic
Firmware-Version OpenWrt 23.05.0 r23497-6637af95aa / LuCI openwrt-23.05 branch git-23.292.78378-27fb6e5
Kernel-Version 5.15.134

adblock 4.1.5-8
luci-app-adblock git-23.189.72983-3072876
luci-i18n-adblock-de git-23.306.39943-3d6a174

Thank you very much! :slightly_smiling_face:
mawe

Unfortunately, I have a similar problem. But it doesn't work for me either if I restrict it to BR-LAN. I always get a blank page and sometimes this error message, see picture. After clicking back and forth or refreshing several times, a report appears at some point.

Does anyone have any ideas?

Most probably a LuCI timeout issue. Try the report engine on the CLI, e.g.:

/etc/init.d/adblock report cli

To mitigate the above LuCI timeout you can untick "Resolve IPs" under the "Advanced Report Settings" tab ...

Thank you very much! Yes it works if you disable the IP resolution but that's a great pity. Is there no way for Luci to solve the timeout problem? Otherwise I can also manage with the shell.

I did

/etc/init.d/adblock report cli

works with interface br-lan, but not with interface any (no report at cli)
any helpfull ideas?
thx! :slightly_smiling_face: