Adblock support thread

Still not reproducible with your config ...

root@One:~# /etc/init.d/adblock query checkip.amazonaws.com
:::
::: domain 'checkip.amazonaws.com' in active blocklist
:::
  + checkip.amazonaws.com

:::
::: domain 'amazonaws.com' in active blocklist
:::
  + ads.amazonaws.com
  + logs.af-south-1.amazonaws.com
  + monitoring.af-south-1.amazonaws.com
  + monitoring.ap-east-1.amazonaws.com
  + anydesk17.s3.ap-east-1.amazonaws.com
  + aoracleclient.s3.ap-east-1.amazonaws.com
  + autilities.s3.ap-east-1.amazonaws.com
  + cryptngc.s3.ap-east-1.amazonaws.com
  + eapprovp.s3.ap-east-1.amazonaws.com
  + [...]

:::
::: domain 'com' in active blocklist
:::
  + 0--4.com
  + 0--d.com
  + adserver.0--x--0.com
  + 0-0-0checkmate.com
  + 0-0asia.com
  + 0-100mph.com
  + 0-31.com
  + 0-38.com
  + 0-578.com
  + [...]

:::
::: domain 'checkip.amazonaws.com' in backups and in local block-/allowlist
:::
  + adb_list.anti_ad.gz           checkip.amazonaws.com

ok thanks.. let me check on my test network and see if I can trace where my error is coming from

Hmmm might be something in my build.. it's happening on 2 different routers and on my test network..

i added a logger right on the first line of f_query and before the actual call in the /usr/lib/adblock.sh file... but the output was before that..

# query blocklist for certain (sub-)domains
#
f_query() {
	logger -t TestAdblock -s "Called f_query"
	local search result prefix suffix field query_start query_end query_timeout=30 domain="${1}" tld="${1#*.}"
f_load
case "${adb_action}" in
	.
	.
	.
	"query")
		logger -t TestAdblock -s "Calling f_query ${2}"
		f_query "${2}"
		;;
	.
	.
	.
esac

And the output is like this..

# /etc/init.d/adblock query checkip.amazonaws.com
sh: out of range
TestAdblock: Calling f_query checkip.amazonaws.com
TestAdblock: Called f_query
TestAdblock: Before While..
:::
::: domain 'checkip.amazonaws.com' in active blocklist
:::
  + checkip.amazonaws.com

Edit #1: Additional testing
I've drilled it down to the rc_procd function in /etc/rc.common but can't find what is triggering the error ahahaha

# /etc/rc.common
	rc_procd() {
		logger -t TestRCCommon -s "Called rc_prcd.."
		local method="set"
		[ -n "$2" ] && method="add"
		logger -t TestRCCommon -s "Running procd_open_service"
		procd_open_service "$(basename ${basescript:-$initscript})" "$initscript"
		logger -t TestRCCommon -s "Show @:: '$@'"
		"$@"
		logger -t TestRCCommon -s "Running procd_close_service '$method'"
		procd_close_service "$method"
	}
# /etc/init.d/adblock query checkip.amazonaws.com
TestAdblockInit: Before runtime checks...
TestAdblockInit: After runtime checks...
TestAdblockInit: init.d:: calling rc_procd '/usr/bin/adblock.sh' query 'checkip.amazonaws.com'
TestRCCommon: Called rc_prcd..
TestRCCommon: Running procd_open_service
TestRCCommon: Show @:: '/usr/bin/adblock.sh query checkip.amazonaws.com'
sh: out of range
TestAdblock: Calling f_query checkip.amazonaws.com
TestAdblock: Called f_query
TestAdblock: Before While..

no handmade debug prints, just set in line 1006 before the following statement a "set -x", e.g.:

set -x
query_start="$(date "+%s")"
[...]

and close this with with a "set +x" within the f_query function.

grep the (huge) result for the error ... :wink:

Thanks

Edit: For easier debugging you can narrow down the results directly with grep, e.g.:

/etc/init.d/adblock query www.heise.de 2>&1 | grep -C 5 "out of range"

this shows only 5 lines before/after the match

1 Like

Didn't help in tracing because the sh: out of range error is being triggered even before f_query was called.. i'll do more testing later and see if I can pinpoint when it's actually being triggered

1 Like

Ok, than its probably unrelated to adblock, maybe changes in rc.common or so ...

1 Like

Thanks again for the assistance.. found the culprit and entirely my fault.. I accidentally merged a test code on my builds which I though I have already removed last year

1 Like

I've had the same issue with 24.10.2. Resolved it with:

uci set adblock.global.adb_lookupdomain='google.com'
uci commit adblock
/etc/init.d/adblock restart

Now adblock is running like a charm again.

Update: I noticed it is because of my dnsmasq setup. I was using a resolv file per vlan. Now switched to noresolv and upstream dns servers per vlan, and after that change, localhost (f.e. localhost.vlan_domain) was resolvable again. Maybe useful additional info for anyone having this issue.

1 Like

Hello,

Since the last major update (version 4.4.x), I have encountered two significant issues:

  1. The option to bypass backups has been removed. This is a major concern for routers with limited RAM, as it can lead to performance problems. I (maybe a lot) would appreciate it if you could consider adding this option back.

  2. Occasionally, blocked domains are accessible despite the AdBlock service showing no errors and remaining in a 'running' status. Restarting the service does not resolve the issue; only rebooting the router restores functionality and re-establishes domain blocking. This behavior has not occurred in previous versions.

Thank you for your attention to these matters.

Hey again,

I wanted to follow up on my previous message regarding the issues I encountered after the last major update (version 4.4.x). Upon further investigation, I realized that the intermittent accessibility of blocked domains was due to Firefox's default secure DNS setting. When enabled, Firefox sometimes opts for encrypted DNS, which can bypass the AdBlock service. Interestingly, rebooting the router seems to prompt Firefox to revert to normal DNS temporarily, but it eventually switches back to encrypted DNS. Turning off "Enable DNS over HTTPS" resolves the issue.

That said, I would still appreciate it if you could consider adding the option to bypass backups. Currently, I am using /dev/null as the backup location, but this approach causes gzip to run, consuming unnecessary CPU and RAM resources.

Thank you for your attention to these matters.

Adding following domains in "Edit Blocklist" tab of Adblock UI will switch off DoH setting in Firefox and Safari (unless it is in Enforce mode). Those are so called "canary" domains:

use-application-dns.net
mask.icloud.com
mask-h2.icloud.com

... adding DoH blocklist in Adblock or BanIP works too.

1 Like

Openwrt 24.10.2, adblock 4.4.2-r3 and blocklists backup on USB stick.

Just realised my old chronjob /etc/init.d/adblock restart doesn't update blocklists anymore (same as manually executing the command). Intended or some bug?

Use /etc/init.d/adblock reload if you want to update your blocklist.

1 Like

Firefox utilizes Cloudflare's DNS over HTTPS (DoH). I've observed this in my DNS request captures, and in the about:networking#dns section, it shows that it uses the endpoint https://mozilla.cloudflare-dns.com/dns-query. However, managing and maintaining these domains isn't ideal, as users can simply toggle the feature off and on as needed. That said, I still hope the developers will consider adding an option to bypass the need for backups.

Hello,

I noticed an error in the feed entry for 'StevenBlack' that can be corrected using the custom feed editor. It should point to the following URL:

Correct URL: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

Currently, it incorrectly links to:

Incorrect URL: https://raw.githubusercontent.com/StevenBlack/hosts/master

Could you please update this at your earliest convenience?

Thanks in advance!

You need to choose one of the “StevenBlack List Selection” options to form the complete URL.