Adblock support thread

Cool. Good tips. Thanks!

Hi all,
I'm new to adblock and I need help. It seems that adblock does not block blacklisted domains for my iphone safari browser.

The file /etc/adblock/adblock.blacklist contains the blacklisted domain. When I do an nslookup on the router (Netgear Nighthawk X4S R7800), it returns "NXDOMAIN" as desired. A blocklist query also shows a match. But if I type in the blacklisted domain in the safari browser of my iphone connected to the lan or guest wifi network, the website is not blocked. Why?

My adblock config is as follows

config adblock 'global'
        option adb_enabled '1'
        option adb_debug '1'
        option adb_forcedns '1'
        option adb_safesearch '0'
        option adb_dnsfilereset '0'
        option adb_mail '0'
        option adb_report '0'
        option adb_backup '1'
        option adb_dns 'dnsmasq'
        option adb_fetchutil 'wget'
        list adb_utc_sources 'adult'
        list adb_stb_sources 'alternates/porn/hosts'
        list adb_stb_sources 'alternates/gambling-porn/hosts'
        option adb_repiface 'br-lan'
        option adb_trigger 'wan'
        list adb_sources 'adaway'
        list adb_sources 'adguard'
        list adb_sources 'disconnect'
        list adb_sources 'openphish'
        list adb_sources 'phishing_army'
        list adb_sources 'yoyo'
        list adb_portlist '53'
        list adb_zonelist 'guest'
        list adb_zonelist 'lan'

I have a guest network zone (192.168.3.x) and a lan network zone (192.168.1.x).

My network config is

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option ula_prefix 'xxx'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan'
        list dns '192.168.1.1'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0.2'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'eth0.2'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0t'

config interface 'guest'
        option _orig_ifname 'wlan0-1'
        option _orig_bridge 'false'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'
        option device 'br-lan'
        list dns '192.168.3.1'

config interface 'vpnserver'
        option proto 'none'
        option auto '1'
        option device 'tun0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

The log shows:

Sun Jan 28 17:17:06 2024 user.info adblock-4.1.5[4031]: backup directory '/tmp/adblock-Backup' created
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_dns    ::: dns: dnsmasq, dns_dir: /tmp/dnsmasq.d, dns_file: adb_list.overall, dns_user: dnsmasq, dns_instance: 0, backup: 1, backup_dir: /tmp/adblock-Backup, jail_dir: /tmp
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_fetch  ::: fetch_util: /usr/bin/wget, fetch_parm:  --no-cache --no-cookies --max-redirect=0 --timeout=20 -O
Sun Jan 28 17:17:06 2024 user.info adblock-4.1.5[4031]: adblock instance started ::: action: start, priority: 0, pid: 4031
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_jsnup  ::: status: running, cnt: , mail: 0, mail_service: /etc/adblock/adblock.mail, mail_cnt: 0, mail_pid: -
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_uci    ::: config: dhcp, change:
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_uci    ::: config: firewall, change:
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_temp   ::: tmp_base: /tmp, tmp_dir: /tmp/tmp.fOCjpP, sort_options: --temporary-directory=/tmp/tmp.fOCjpP --compress-program=gzip --parallel=2, pid_file: /var/run/adblock.pid
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_main   ::: memory: 475/396/382, cores: 2, safe_search: 1, force_dns: 1, awk: /usr/bin/awk
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: iplist, mode: iplist, cnt: 0, in_rc: 0, out_rc: 0
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: bing, mode: safesearch, cnt: 0, in_rc: 0, out_rc: 1
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: blacklist, mode: blacklist, cnt: 2, in_rc: 0, out_rc: 0
Sun Jan 28 17:17:06 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: whitelist, mode: whitelist, cnt: 108, in_rc: 0, out_rc: 0
Sun Jan 28 17:17:12 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: google, mode: safesearch, cnt: 0, in_rc: 0, out_rc: 4
Sun Jan 28 17:17:12 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: duckduckgo, mode: safesearch, cnt: 0, in_rc: 0, out_rc: 1
Sun Jan 28 17:17:12 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: pixabay, mode: safesearch, cnt: 0, in_rc: 0, out_rc: 1
Sun Jan 28 17:17:12 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: youtube, mode: safesearch, cnt: 0, in_rc: 0, out_rc: 1
Sun Jan 28 17:17:12 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: yandex, mode: safesearch, cnt: 0, in_rc: 0, out_rc: 1
Sun Jan 28 17:17:12 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: adaway, mode: restore, cnt: 0, in_rc: 4, out_rc: 4
Sun Jan 28 17:17:12 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: adguard, mode: restore, cnt: 0, in_rc: 4, out_rc: 4
Sun Jan 28 17:17:20 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: adaway, mode: download, cnt: 6519, in_rc: 0, out_rc: 0
Sun Jan 28 17:17:20 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: adaway, mode: backup, cnt: 6519, in_rc: 0, out_rc: 0
Sun Jan 28 17:17:42 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: adguard, mode: download, cnt: 62618, in_rc: 0, out_rc: 0
Sun Jan 28 17:17:42 2024 user.debug adblock-4.1.5[4031]: f_list   ::: name: adguard, mode: backup, cnt: 62618, in_rc: 0, out_rc: 0
Sun Jan 28 17:20:33 2024 user.info adblock-4.1.5[5135]: Please enable the 'DNS Report' option to use the reporting feature
Sun Jan 28 17:20:39 2024 user.debug adblock-4.1.5[5231]: f_dns    ::: dns: dnsmasq, dns_dir: /tmp/dnsmasq.d, dns_file: adb_list.overall, dns_user: dnsmasq, dns_instance: 0, backup: 1, backup_dir: /tmp/adblock-Backup, jail_dir: /tmp
Sun Jan 28 17:20:39 2024 user.debug adblock-4.1.5[5231]: f_fetch  ::: fetch_util: /usr/bin/wget, fetch_parm:  --no-cache --no-cookies --max-redirect=0 --timeout=20 -O
Sun Jan 28 17:21:11 2024 user.info adblock-4.1.5[5519]: Please enable the 'DNS Report' option to use the reporting feature

Any idea how to solve this?

UPDATE: Actually, it works in the normal safari tab, but does not work in the "privacy" tab of the safari browser, which seems to use DoH (according to https://1.1.1.1/help).

UPDATE 2: It seems to work if I tick "force local DNS" with "forced ports" 853 and 5353.

I set to dnsmasq config dir to /etc/dnsmasq.d, like old OpenWRT, put some conf files in this dir.

uci set dhcp.@dnsmasq[-1].confdir="/etc/dnsmasq.d"
uci commit
service dnsmasq restart

But after install Adblock, if I use DNS backend to dnsmasq, the config dir change to /tmp/dnsmasq.d

How to make them work together?
x64 router

This is the recommended path (current default of dnsmasq) since it will be updated regularly by AdBlock due majority of users are using router systems which uses flash type memory for storing files which has limited number of maximum allowed write/re-write.

Is there a reason why you want it to be in /etc?

Please look in the readme and set 'adb_dnsdir' accordingly to your needs. In LuCI under "Advanced DNS Settings".

1 Like

I use x64 architecture machine, 4G memory, 1T SSD, I flash a rom with 1G ROOTFS_PARTSIZE(by use imagebuilder, change CONFIG_TARGET_ROOTFS_PARTSIZE=1000)
and
some conf file include configs, like:

address=
bogus-nxdomain=
server=/xxxxx.com/127.0.0.1#5053
nftset=/xxxxx.com/4#inet#fw4#mylist

Thanks. It works!
I'm too impatient. I will read readme.

I think it would be better to change some of the titles.
I use pi-hole before, they call "Domains of Adlists".

luci-app-adblock show:
1

but DNS report show queries blocked just 10 now.
2

"Blocked Domains" change to "Domains of Adlists"?

Blocked domains is the total number of domains that were loaded from your selected blocklists and are currently being blocked.

Blocked DNS Requests is from the time listed in your screenshot which in this case is the last 24 minutes and 15 seconds. In that time there was 201 DNS requests and 10 of those 201 were blocked.

The term "Blocked Domains" seems more accurate to me as Adblock can block more than just ads.

2 Likes

Of course I understand, I just think pi-hole's title is easier to understand:

And I use banIP too, this number is the total number of element (IP and MAC) that were loaded from my selected blocklists:

root@QWRT:/etc/adblock# cat /etc/adblock/adblock.blacklist

rosettastone.com
root@QWRT:/etc/adblock#


config adblock 'global'
	option adb_dns 'dnsmasq'
	option adb_trigger 'wan'
	option adb_fetchutil 'wget'
	option adb_enabled '1'

config adblock 'extra'
	option adb_forcesrt '0'
	option adb_forcedns '0'
	option adb_maxqueue '4'
	option adb_nice '0'
	option adb_debug '1'
	option adb_dnsflush '1'

config source 'Adaway'
	option adb_src 'https://adaway.org/hosts.txt'
	option adb_src_rset '/^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}'
	option adb_src_desc 'focus on mobile ads, infrequent updates, approx. 400 entries'
	option enabled '0'

config source 'AdGuardHome'
	option adb_src 'https://filters.adtidy.org/windows/filters/15.txt'
	option adb_src_rset 'BEGIN{FS=\"[/|^|\r]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+[\/\^\r]+$/{print tolower(\$3)}'
	option adb_src_desc 'combined AdGuard Home dns filter list, frequent updates, approx. 17.000 entries'
	option enabled '0'

config source 'NoBitcoin'
	option adb_src 'https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt'
	option adb_src_rset '/^0\.0\.0\.0[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}'
	option adb_src_desc 'focus on malicious bitcoin mining sites, infrequent updates, approx. 80 entries'
	option enabled '0'

config source 'Blacklist'
	option adb_src '/etc/adblock/adblock.blacklist'
	option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}'
	option adb_src_desc 'static local domain blacklist, always deny these domains'
	option enabled '1'

config source 'Disconnect'
	option adb_src 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt'
	option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}'
	option adb_src_desc 'mozilla driven blocklist, numerous updates on the same day, approx. 4.700 entries'
	option enabled '0'


Thu Feb  8 14:20:37 2024 user.debug adblock-4.1.5-8[24177]: f_main ::: name: Blacklist, url: /etc/adblock/adblock.blacklist, rc: 1, log: /etc/adblock/adblock.blacklist: Scheme missing.

Can you tell me why?

Where did you get that settings?? I don't even remember Adblock having that type of configuration. Delete that config and start over.

Yep, you've tried to run current adblock with an outdated 3.x config ... re-install adblock with a fresh config.

FYI to all that is using the antipopads feed. Please be informed that it will block all amazon.com domains as the root domain was somehow added to the list.

I was able to contact the maintainer and according to him, he hasn't been active with the feed for sometime already and due to some personal reasons, it might take him time to fix the data in the feed.

Below is his actual reply:
image

2 Likes

Is there an AdBlock encrypted DNS server that can be used with dnscrypt-proxy2 instead of the AdBlock package/program itself?

Maybe this?

How to install dnscrypt proxy with adblocker on Linux

adblock package is not a DNS Server. Simply put, it's a very great script that parses domains/subdomains from different sources and combines it to be used by a dns server like dnsmasq (which is the default used by openwrt).

In terms of dnscrypt, you can use and configure dnsmasq or unbound to use this type of setup. Both are supported by adblock.

This are actually the supported DNS servers by adblock:
image

2 Likes

See the Wiki. From my experience, it plays very well with Adblock.

1 Like

Whoa! I totally missed that FAQ. My idea is to completely offload 100% of the adblocking to the actual DNS itself without using the AdBlock scripts at all. Is there a DNS server that does all the work that AdBlock does? Does AdBlock maintain such a DNS server that you can connect to with dnscrypt-proxy2?

You can use a paid dns service like nextdns or adguard, with 300k free resolve, but they log your requests.
The best solution is:
adblock+dnsmasq+dnscrypt2(quad9) imo.

2 Likes

Great minds - that's exactly what I set up. Is there any advantage to using the dnsmasq-full package?