Adblock support thread

Hello, struggling with whitelist ... The only site I regularly use that I'd like to whitelist is:

I've added that to the whitelist but links are still being blocked ... Help please !

hotukdeals.com is not in one of the default blacklists, therefore there is nothing to "whitelist". To proof that please post the output of ...

/etc/init.d/adblock query hotukdeals.com

Just a rough guess: The "Get deals" button doesn't always work on this site? If so, you have to whitelist the target links/sites like "tradedoubler.com" or "mookie1.com" (probably there are even more).

So you need to whitelist every link ? I've seen lots of trackers pop up during he handover, so this looks like a royal pain in the butt :frowning:

I'll abandon all hope..

Thanks anyway

Hello, I've installed adblock, and I can't seem to make manual lists work.
I've added a txt url to test site and added it to one of the config to test a ip block, but it always loads!
I've also tried to add the domain to advanced /edit blacklist
What am I doing wrong

You need to enable local blocklists, either via luci or:

config source 'blacklist'
        option enabled '1'
        option adb_src '/etc/adblock/adblock.blacklist'
        option adb_src_rset '\$0~/^([[:alnum:]_-]+\.){1,}[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}'
        option adb_src_desc 'static local domain blacklist, always deny these domains'

Yes I've done that already..
Also I'm getting always the same result in viewlog "ck-[2.6.2] info : block lists with overall 1143 domains"
even if no lists or only 1/2 are enabled

ps: solved it-was missing the package libustream-mbedtls

Is this correct: trigger interfaces "wan WAN WAN6 LAN" (I added all I have under interfaces)

Blacklist feature is still a hit and miss for me.
It's working fine on my smartphone. But macbook is always able to bypass it.
nslookup is able to resolve blacklisted domains.
I tried clear dns cache and also restarted the laptop.
I tried with and without "force local dns" option.
I am running DD with latest adblock package.
I faced some issues with wifi for my router with lede trunk so I had to go back to my openwrt tested build.
Since it's working perfectly fine on one device(smartphone) and not working on another(macbook), wonder what could be the issue here.

::: adblock runtime information

  • adblock_status : enabled
  • adblock_version : 3.1.1
  • overall_domains : 9
  • fetch_utility : uclient-fetch (-)
  • dns_backend : dnsmasq (/tmp/dnsmasq.d)
  • last_rundate : 25.12.2017 22:46:19
  • system_release : TP-Link TL-WR1043N/ND v3, OpenWrt Designated Driver 12009

No, please only specify one interface! Most probably "wan" will do the job ...

As I said before, check why your apple device does not use your local (adblock enabled) dns resolver. Maybe an IPv6 issue ...

I have disabled ipv6 on my router in network config "option ivp6 0" on wan & lan.
Also it's not just apple device.
I have facebook.com in blacklist for testing.
device 1: android smartphone, the website doesn't load in chrome browser (dns_probe_finished_nxdomain). So it works!
device 2: macbook, over wifi, chrome browser, the website loads.
device 3: ubuntu pc connected over lan cable. chrome browser, the website loads.
(same results with other websites too)

nslookup output from macbook:
$ nslookup facebook.com
Server: 192.168.7.1
Address: 192.168.7.1#53
Non-authoritative answer:
Name: facebook.com
Address: 157.240.16.35

$ nslookup facebook.com 192.168.7.1
Server: 192.168.7.1
Address: 192.168.7.1#53
Non-authoritative answer:
Name: facebook.com
Address: 157.240.16.35

nslookup output from Ubuntu PC:
$ nslookup facebook.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: facebook.com
Address: 157.240.13.35

$ nslookup facebook.com 192.168.7.1
Server: 192.168.7.1
Address: 192.168.7.1#53
** server can't find facebook.com: NXDOMAIN

Send me the following config files to my maintainer email address (see online doc) and I'll have a look:

/etc/config/dhcp
/etc/config/network
/etc/config/firewall
/etc/config/adblock

Done. Thanks. Appreciate your help.

Update on this issue in case it helps someone.
dibdot helped me find the rootcause why blacklist was not working on certain devices.

  1. The linux device had wrong /etc/resolve.conf, it's pointing to localhost for dns instead of the router.
  2. The macbook had dnscrypt running, possibly it's encrypting dns queries so adblock is not able to filter it.
    @dibdot Many thanks!

just a few additional information regarding latest adblock 3.4.0 release:

  • preserve DNS cache after adblock processing,
    • 'unbound' and 'named' support this (please check readme)
      => for unbound you need the package "unbound-control" without further configuration
      => for named you need a fully configured package "bind-rdnc", contact me by email if you need an example configuration

    • 'dnsmasq' now uses the 'servers-file' directive to minimize the reload disruption,
      even though the dns cache will be cleared after SIGHUP
      => the new "serversfile" directive will be automatically handled by adblock. Additionally you can configure this per instance via experimental adblock option "adb_dnsinstance" (default "0"). This is untested and therefore not available in LuCI frontend yet.

  • to get back the old restart behaviour set "adb_dnsflush" to "1"

  • email notification in case of an error or domain count < n (default 0, check readme)
    => play with the domain count trigger to receive notification emails if the overall count is below a certain threshold, e.g. if you set "adb_notifycnt" to 150000 you'll receive a (daily) status email ...
    => the email is widely configurable, feel free to customize email content in /etc/adblock/adblock.notify

Screenshots:

4

email-adblock

Have fun & best wishes for 2018!
Dirk

5 Likes

Is there no way to force DNS lookups to be only handled by the routers DNS service (e.g. dnsmasq) ?

@dibdot
Thanks for the new release !

I had enabled this option in adblock config. Somehow that didn't work for this machine.
This is an old machine, running ubuntu 12.04. dibdot said it's 'misconfigured' so I left it at that.
It appears to be working on many other PCs (most of them windows OS) so i am good for now.

"Usual" setups will be blocked/redirected by this rule. Anyway special setups with dnscrypt running on the client can't be blocked this way ... the default port used by the DNSCrypt protocol is 443.

Noted. This is the macbook running dnscrypt-proxy as i saw in ps output. This is an 'unusual' setup.

The ubuntu 12.04 pc should be an usual setup.
It's a wired dhcp client to the router running adblock.

To verify if it's a linux issue, I checked from a linux mint VM, blacklist works. (Host machine is a WiFi client of same router).
I have verified ifconfig outputs, IPs on both machines are as expected.

Linux mint VM:

@osboxes:~ > nslookup facebook.com
Server: 127.0.1.1
Address: 127.0.1.1#53

** server can't find facebook.com: NXDOMAIN

@osboxes:~ > cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search lan

Linux ubuntu 12.04 pc:

1204-desktop:~$ nslookup facebook.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: facebook.com
Address: 157.240.13.35

1204-desktop:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

So if i got it right Adblock's blacklist isn't "bulletproof" if a client is using some sort of dns encryption by itself ?

@dibdot
Is there no way to make it work if your not in direct control of the client (e.g. in a Guest network or public hotspot) ?

dns hijack is not possible if dns query is encrypted. That's what I have read.