Adblock support thread

Still not reproducible with your config ...

root@One:~# /etc/init.d/adblock query checkip.amazonaws.com
:::
::: domain 'checkip.amazonaws.com' in active blocklist
:::
  + checkip.amazonaws.com

:::
::: domain 'amazonaws.com' in active blocklist
:::
  + ads.amazonaws.com
  + logs.af-south-1.amazonaws.com
  + monitoring.af-south-1.amazonaws.com
  + monitoring.ap-east-1.amazonaws.com
  + anydesk17.s3.ap-east-1.amazonaws.com
  + aoracleclient.s3.ap-east-1.amazonaws.com
  + autilities.s3.ap-east-1.amazonaws.com
  + cryptngc.s3.ap-east-1.amazonaws.com
  + eapprovp.s3.ap-east-1.amazonaws.com
  + [...]

:::
::: domain 'com' in active blocklist
:::
  + 0--4.com
  + 0--d.com
  + adserver.0--x--0.com
  + 0-0-0checkmate.com
  + 0-0asia.com
  + 0-100mph.com
  + 0-31.com
  + 0-38.com
  + 0-578.com
  + [...]

:::
::: domain 'checkip.amazonaws.com' in backups and in local block-/allowlist
:::
  + adb_list.anti_ad.gz           checkip.amazonaws.com

ok thanks.. let me check on my test network and see if I can trace where my error is coming from

Hmmm might be something in my build.. it's happening on 2 different routers and on my test network..

i added a logger right on the first line of f_query and before the actual call in the /usr/lib/adblock.sh file... but the output was before that..

# query blocklist for certain (sub-)domains
#
f_query() {
	logger -t TestAdblock -s "Called f_query"
	local search result prefix suffix field query_start query_end query_timeout=30 domain="${1}" tld="${1#*.}"

f_load
case "${adb_action}" in
	.
	.
	.
	"query")
		logger -t TestAdblock -s "Calling f_query ${2}"
		f_query "${2}"
		;;
	.
	.
	.
esac

And the output is like this..

# /etc/init.d/adblock query checkip.amazonaws.com
sh: out of range
TestAdblock: Calling f_query checkip.amazonaws.com
TestAdblock: Called f_query
TestAdblock: Before While..
:::
::: domain 'checkip.amazonaws.com' in active blocklist
:::
  + checkip.amazonaws.com

Edit #1: Additional testing
I've drilled it down to the rc_procd function in /etc/rc.common but can't find what is triggering the error ahahaha

# /etc/rc.common
	rc_procd() {
		logger -t TestRCCommon -s "Called rc_prcd.."
		local method="set"
		[ -n "$2" ] && method="add"
		logger -t TestRCCommon -s "Running procd_open_service"
		procd_open_service "$(basename ${basescript:-$initscript})" "$initscript"
		logger -t TestRCCommon -s "Show @:: '$@'"
		"$@"
		logger -t TestRCCommon -s "Running procd_close_service '$method'"
		procd_close_service "$method"
	}

# /etc/init.d/adblock query checkip.amazonaws.com
TestAdblockInit: Before runtime checks...
TestAdblockInit: After runtime checks...
TestAdblockInit: init.d:: calling rc_procd '/usr/bin/adblock.sh' query 'checkip.amazonaws.com'
TestRCCommon: Called rc_prcd..
TestRCCommon: Running procd_open_service
TestRCCommon: Show @:: '/usr/bin/adblock.sh query checkip.amazonaws.com'
sh: out of range
TestAdblock: Calling f_query checkip.amazonaws.com
TestAdblock: Called f_query
TestAdblock: Before While..

no handmade debug prints, just set in line 1006 before the following statement a "set -x", e.g.:

set -x
query_start="$(date "+%s")"
[...]

and close this with with a "set +x" within the f_query function.

grep the (huge) result for the error ...

Thanks

Edit: For easier debugging you can narrow down the results directly with grep, e.g.:

/etc/init.d/adblock query www.heise.de 2>&1 | grep -C 5 "out of range"

this shows only 5 lines before/after the match

Didn't help in tracing because the sh: out of range error is being triggered even before f_query was called.. i'll do more testing later and see if I can pinpoint when it's actually being triggered

Ok, than its probably unrelated to adblock, maybe changes in rc.common or so ...

Thanks again for the assistance.. found the culprit and entirely my fault.. I accidentally merged a test code on my builds which I though I have already removed last year

I've had the same issue with 24.10.2. Resolved it with:

uci set adblock.global.adb_lookupdomain='google.com'
uci commit adblock
/etc/init.d/adblock restart

Now adblock is running like a charm again.

Update: I noticed it is because of my dnsmasq setup. I was using a resolv file per vlan. Now switched to noresolv and upstream dns servers per vlan, and after that change, localhost (f.e. localhost.vlan_domain) was resolvable again. Maybe useful additional info for anyone having this issue.

Hello,

Since the last major update (version 4.4.x), I have encountered two significant issues:

1. The option to bypass backups has been removed. This is a major concern for routers with limited RAM, as it can lead to performance problems. I (maybe a lot) would appreciate it if you could consider adding this option back.

2. Occasionally, blocked domains are accessible despite the AdBlock service showing no errors and remaining in a 'running' status. Restarting the service does not resolve the issue; only rebooting the router restores functionality and re-establishes domain blocking. This behavior has not occurred in previous versions.

Thank you for your attention to these matters.

Hey again,

I wanted to follow up on my previous message regarding the issues I encountered after the last major update (version 4.4.x). Upon further investigation, I realized that the intermittent accessibility of blocked domains was due to Firefox's default secure DNS setting. When enabled, Firefox sometimes opts for encrypted DNS, which can bypass the AdBlock service. Interestingly, rebooting the router seems to prompt Firefox to revert to normal DNS temporarily, but it eventually switches back to encrypted DNS. Turning off "Enable DNS over HTTPS" resolves the issue.

That said, I would still appreciate it if you could consider adding the option to bypass backups. Currently, I am using /dev/null as the backup location, but this approach causes gzip to run, consuming unnecessary CPU and RAM resources.

Thank you for your attention to these matters.

Adding following domains in "Edit Blocklist" tab of Adblock UI will switch off DoH setting in Firefox and Safari (unless it is in Enforce mode). Those are so called "canary" domains:

use-application-dns.net
mask.icloud.com
mask-h2.icloud.com

... adding DoH blocklist in Adblock or BanIP works too.

Openwrt 24.10.2, adblock 4.4.2-r3 and blocklists backup on USB stick.

Just realised my old chronjob /etc/init.d/adblock restart doesn't update blocklists anymore (same as manually executing the command). Intended or some bug?

Use /etc/init.d/adblock reload if you want to update your blocklist.

Firefox utilizes Cloudflare's DNS over HTTPS (DoH). I've observed this in my DNS request captures, and in the about:networking#dns section, it shows that it uses the endpoint https://mozilla.cloudflare-dns.com/dns-query. However, managing and maintaining these domains isn't ideal, as users can simply toggle the feature off and on as needed. That said, I still hope the developers will consider adding an option to bypass the need for backups.

Hello,

I noticed an error in the feed entry for 'StevenBlack' that can be corrected using the custom feed editor. It should point to the following URL:

Correct URL: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

Currently, it incorrectly links to:

Incorrect URL: https://raw.githubusercontent.com/StevenBlack/hosts/master

Could you please update this at your earliest convenience?

Thanks in advance!

You need to choose one of the “StevenBlack List Selection” options to form the complete URL.

Hello. Whenever I install AdBlock it works great for a few days, but then more and more ads that were previously blocked start to slip through. I tried restarting/reloading it, changing the startup trigger interface and trigger delay to 90 seconds (since I'm on a PPPoE connection) but nothing seems to solve the issue.

UPDATE: Even a clean openwrt install and an adblock install following the documentation exactly (not even changing the DNS backend) didn't solve the issue and it doesn't work at all now. I am running OpenWrt 24.10.2, r28739-d9340319c6 (on a Gl.iNet Flint 2)

Your issue might not be related to adblock specifically. I've got it running on different routers including a MT6000 (flint 2) and works flawlessly.

There is a chance that your device/client is bypassing the DNS of the router (by default dnsmasq). Check and research about DNS hijacking with openwrt.

adblock has also a feature for this called 'Forced Local DNS' but this doesn't handle devices/browsers that uses DoH (DNS-over-HTTPS or DNS-over-TLS) scenarios. You can add 'doh_blocklist' which helps a lot in blocking those known DoH services but not all DoH use case is handled.

You can also add banip (from same developer of adblock) package and also enable the doh blocklist there. Just a note when using doh on banip, there are few DoH domains that uses cdn type services (like cloudflare) which means their IP(s) are shared or also used by some regular sites (example of this is the tailscale.com site).

There is a chance that your device/client is bypassing the DNS of the router (by default dnsmasq). Check and research about DNS hijacking with openwrt.

I do think it might be something like this, but since it used to work and I unsuccessfully tried DNS hijacking I don't know what to think anymore... My devices use the router's IP as the DNS server, alongside an IPv6 address, which I thought was the cause, but the static config I tried (with both DNS servers set to my router's IP) didn't work either.

You can also add banip (from same developer of adblock) package and also enable the doh blocklist there.

I used to have this set up and I guess I'll try it again... Worst case scenario I'll possibly re-flash the stock firmware and try again or use AdGuard Home...

DNS Hijacking only works for standard DNS port. If your browser or device or application or computer switches to DoH, then it will bypass those. This is where banip can help in blocking DoH requests.

How are you testing it? What apps/browsers are you using?