Could you edit the crontab manually? Please post the content of this file.
Can u guide me how can I do that from mobile? I use ConnectBot.
Thanks!
Nope, sorry. 
Ok, I will try myself.
Thanks!
LE: I was already knows how to do that in the LuCI interface, but cannot accessible on that moment, only SSH access. Done from LuCI.
Hi, should it be somehow possible to have adblock active at the same time when lan connection gets available?
Just tested that, there is a window on boot up, during which the router provides normal dns services without blocking sites setup in adblock.
This behavior is not nice with regard to blocking spyware (like win10 for example) to phone home.
I have adblock set up to use blocklist backup on usb flash storage, so it should not be needed to start dnsmasq first in order to download the blocklists on boot up - so it should be possible to provide blocking setup to dnsmasq even before starting dnsmasq, should not be?
Thank you.
--edit--
running openwrt 19.07.4, all normally available packages
One more thing: the Force Local DNS option sets up firewall rules to redirect 53, 853 and 5353 ports to the same ports of the router. Is that really desired? Or should all the ports considered for dns be redirected to 53 port of the router?
@didot today, in a short time after AdBlock reloaded (aprox. 1 hour), i got an OOM.
It could be AdBlock related? I guess...i don't have many adresses blocked, aprox. 43.000
Mon Oct 12 07:16:16 2020 kern.warn kernel: [245805.233352] kthreadd invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=1, oom_score_adj=0
Here it is kernel crashlog.
root@OpenWrt:~# cat /sys/kernel/debug/crashlog
Time: 1602230350.177068
Modules: pppoe@86c7c000+2450 ppp_async@86c7a000+1be0 pppox@86f32000+58a ppp_generic@870e0000+5b42 nf_conntrack_ipv6@8777a000+15e0 mt76x2e@86ebc000+2850 mt76x2_common@86ec8000+2d48 mt76x02_lib@86de0000+a4eb mt7603e@86ef0000+982c mt76@86c20000+83cc mac80211@86d00000+72468 iptable_nat@86ee3000+310 ipt_REJECT@86f48000+410 ipt_MASQUERADE@8775b000+2f0 cfg80211@86c40000+396a4 xt_time@86eb1000+730 xt_tcpudp@86ea9000+750 xt_state@86ea6000+310 xt_nat@86ea2000+650 xt_multiport@86e9c000+550 xt_mark@86e98000+2f0 xt_mac@86e8d000+2b0 xt_limit@86e8a000+4f0 xt_conntrack@86e88000+950 xt_comment@86e80000+230 xt_TCPMSS@86e5b000+b30 xt_REDIRECT@86e53000+310 xt_LOG@86e7f000+350 xt_FLOWOFFLOAD@86e7d000+c60 xt_CT@86e57000+ab0 wireguard@86e60000+17814 slhc@86f14000+14db nf_reject_ipv4@86e17000+883 nf_nat_redirect@86fe0000+5fb nf_nat_masquerade_ipv4@86e19000+71c nf_conntrack_ipv4@86e38000+1470 nf_nat_ipv4@86e2a000+1031 nf_nat@86e24000+3abc nf_log_ipv4@877c2000+db0 nf_flow_table_hw@877d4000+940 nf_flow_table@877f8000+363f nf_defrag_ipv6@877f4000+137e nf_defrag_ipv4@877d6000+476 nf_conntrack_rtcache@877d9000+af0 nf_conntrack@86e00000+116be iptable_mangle@877c5000+3d0 iptable_filter@86f29000+2d0 ip_tables@86f34000+294d crc_ccitt@86f4b000+42b compat@86f30000+19b7 nf_log_ipv6@86f2c000+1070 nf_log_common@86f1e000+acf ip6table_mangle@86f47000+4f0 ip6table_filter@86f08000+2d0 ip6_tables@86f4c000+2841 ip6t_REJECT@877a9000+450 x_tables@8774c000+37ef nf_reject_ipv6@877b8000+a48 ip6_udp_tunnel@86f02000+6b7 udp_tunnel@86fe8000+b0f leds_gpio@87730000+bb0 gpio_button_hotplug@87734000+1b10
<6>[ 2.409860] squashfs: version 4.0 (2009/01/31) Phillip Lougher
<6>[ 2.415681] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
<5>[ 2.427384] random: fast init done
<6>[ 2.432223] io scheduler noop registered
<6>[ 2.436086] io scheduler deadline registered (default)
<6>[ 2.442097] Serial: 8250/16550 driver, 3 ports, IRQ sharing disabled
<6>[ 2.449755] console [ttyS0] disabled
<6>[ 2.453300] 1e000c00.uartlite: ttyS0 at MMIO 0x1e000c00 (irq = 19, base_baud = 3125000) is a 16550A
<6>[ 2.462340] console [ttyS0] enabled
<6>[ 2.469266] bootconsole [early0] disabled
<4>[ 2.479354] MediaTek Nand driver init, version v2.1 Fix AHB virt2phys error
<6>[ 2.486734] spi-mt7621 1e000b00.spi: sys_freq: 220000000
<6>[ 2.494658] m25p80 spi0.0: gd25q128 (16384 Kbytes)
<5>[ 2.499500] 8 fixed-partitions partitions found on MTD device spi0.0
<5>[ 2.505856] Creating 8 MTD partitions on "spi0.0":
<5>[ 2.510632] 0x000000000000-0x000000030000 : "u-boot"
<5>[ 2.516736] 0x000000030000-0x000000040000 : "u-boot-env"
<5>[ 2.523056] 0x000000040000-0x000000050000 : "Bdata"
<5>[ 2.529018] 0x000000050000-0x000000060000 : "factory"
<5>[ 2.535131] 0x000000060000-0x000000070000 : "crash"
<5>[ 2.541035] 0x000000070000-0x000000080000 : "cfg_bak"
<5>[ 2.547181] 0x000000080000-0x000000180000 : "overlay"
<5>[ 2.553262] 0x000000180000-0x000001000000 : "firmware"
<5>[ 2.559640] 2 uimage-fw partitions found on MTD device firmware
<5>[ 2.565568] Creating 2 MTD partitions on "firmware":
<5>[ 2.570518] 0x000000000000-0x0000001de41f : "kernel"
<5>[ 2.576533] 0x0000001de41f-0x000000e80000 : "rootfs"
<5>[ 2.582481] mtd: device 9 (rootfs) set to be root filesystem
<5>[ 2.588242] 1 squashfs-split partitions found on MTD device rootfs
<5>[ 2.594403] 0x000000540000-0x000000e80000 : "rootfs_data"
<6>[ 2.601562] libphy: Fixed MDIO Bus: probed
<6>[ 2.676516] libphy: mdio: probed
<6>[ 4.079482] mtk_soc_eth 1e100000.ethernet: loaded mt7530 driver
<6>[ 4.086156] mtk_soc_eth 1e100000.ethernet eth0: mediatek frame engine at 0xbe100000, irq 21
<6>[ 4.097156] NET: Registered protocol family 10
<6>[ 4.103148] Segment Routing with IPv6
<6>[ 4.106971] NET: Registered protocol family 17
<6>[ 4.111454] 8021q: 802.1Q VLAN Support v1.8
<6>[ 4.118100] hctosys: unable to open rtc device (rtc0)
<6>[ 4.127922] VFS: Mounted root (squashfs filesystem) readonly on device 31:9.
<6>[ 4.139157] Freeing unused kernel memory: 1260K
<4>[ 4.143681] This architecture does not have kernel memory protection.
<14>[ 4.554371] init: Console is alive
<14>[ 4.558122] init: - watchdog -
<14>[ 5.179646] kmodloader: loading kernel modules from /etc/modules-boot.d/*
<14>[ 5.301950] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
<14>[ 5.314793] init: - preinit -
<6>[ 5.697771] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[ 6.004993] mtk_soc_eth 1e100000.ethernet eth0: port 4 link up
<6>[ 6.253650] mtk_soc_eth 1e100000.ethernet: PPE started
<5>[ 6.326047] random: procd: uninitialized urandom read (4 bytes read)
<13>[ 9.491645] mount_root: jffs2 not ready yet, using temporary tmpfs overlay
<12>[ 9.513886] urandom-seed: Seed file not found (/etc/urandom.seed)
<6>[ 9.608435] mtk_soc_eth 1e100000.ethernet: 0x100 = 0x6060000c, 0x10c = 0x80818
<14>[ 9.623240] procd: - early -
<14>[ 9.626258] procd: - watchdog -
<14>[ 10.294606] procd: - watchdog -
<14>[ 10.298099] procd: - ubus -
<5>[ 10.370492] random: ubusd: uninitialized urandom read (4 bytes read)
<5>[ 10.452421] random: ubusd: uninitialized urandom read (4 bytes read)
<5>[ 10.459292] random: ubusd: uninitialized urandom read (4 bytes read)
<14>[ 10.466538] procd: - init -
<14>[ 11.067614] kmodloader: loading kernel modules from /etc/modules.d/*
<6>[ 11.152580] ip6_tables: (C) 2000-2006 Netfilter Core Team
<6>[ 11.164335] Loading modules backported from Linux version v4.19.137-0-gc076c79e03c6
<6>[ 11.172060] Backport generated by backports.git v4.19.137-1-0-g60c3a249
<6>[ 11.180504] ip_tables: (C) 2000-2006 Netfilter Core Team
<6>[ 11.192312] nf_conntrack version 0.5.0 (2048 buckets, 8192 max)
<6>[ 11.231279] wireguard: WireGuard 1.0.20200611 loaded. See www.wireguard.com for information.
<6>[ 11.239743] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
<6>[ 11.261062] xt_time: kernel timezone is -0000
<14>[ 11.268583] urngd: v1.0.2 started.
<4>[ 11.323360] bus=0x2, slot = 0x1, irq=0xff
<6>[ 11.327653] mt7603e 0000:02:00.0: ASIC revision: 76030010
<5>[ 11.425126] random: crng init done
<5>[ 11.428532] random: 6 urandom warning(s) missed due to ratelimiting
<6>[ 12.365776] mt7603e 0000:02:00.0: Firmware Version: ap_pcie
<6>[ 12.371346] mt7603e 0000:02:00.0: Build Time: 20160107100755
<6>[ 12.414472] mt7603e 0000:02:00.0: firmware init done
<7>[ 12.590306] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
<4>[ 12.603712] bus=0x1, slot = 0x0, irq=0xff
<6>[ 12.608018] mt76x2e 0000:01:00.0: ASIC revision: 76120044
<6>[ 13.340372] mt76x2e 0000:01:00.0: ROM patch build: 20141115060606a
<6>[ 13.350048] mt76x2e 0000:01:00.0: Firmware Version: 0.0.00
<6>[ 13.355559] mt76x2e 0000:01:00.0: Build: 1
<6>[ 13.359635] mt76x2e 0000:01:00.0: Build Time: 201507311614____
<6>[ 13.384481] mt76x2e 0000:01:00.0: Firmware running!
<7>[ 13.392149] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
<6>[ 13.400688] PPP generic driver version 2.4.2
<6>[ 13.406507] NET: Registered protocol family 24
<14>[ 13.413965] kmodloader: done loading kernel modules from /etc/modules.d/*
<6>[ 25.549993] mtk_soc_eth 1e100000.ethernet: PPE started
<6>[ 25.564061] br-lan: port 1(eth0.1) entered blocking state
<6>[ 25.569522] br-lan: port 1(eth0.1) entered disabled state
<6>[ 25.575588] device eth0.1 entered promiscuous mode
<6>[ 25.580419] device eth0 entered promiscuous mode
<6>[ 25.591135] br-lan: port 1(eth0.1) entered blocking state
<6>[ 25.596593] br-lan: port 1(eth0.1) entered forwarding state
<6>[ 25.602622] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
<4>[ 26.085472] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
<4>[ 26.092475] jffs2_build_filesystem(): unlocking the mtd device...
<4>[ 26.092566] done.
<4>[ 26.100840] jffs2_build_filesystem(): erasing all blocks after the end marker...
<6>[ 26.595771] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
<4>[ 36.390883] done.
<5>[ 36.392852] jffs2: notice: (1616) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
<4>[ 36.568356] overlayfs: upper fs does not support tmpfile.
<6>[ 214.585011] pppoe-wan: renamed from ppp0
<6>[ 255.239229] br-lan: port 1(eth0.1) entered disabled state
<6>[ 255.252953] device eth0.1 left promiscuous mode
<6>[ 255.258034] br-lan: port 1(eth0.1) entered disabled state
<6>[ 255.338479] IPv6: ADDRCONF(NETDEV_UP): eth0.1: link is not ready
<6>[ 255.603540] br-lan: port 1(eth0.1) entered blocking state
<6>[ 255.608990] br-lan: port 1(eth0.1) entered disabled state
<6>[ 255.615113] device eth0.1 entered promiscuous mode
<6>[ 255.623367] br-lan: port 1(eth0.1) entered blocking state
<6>[ 255.628887] br-lan: port 1(eth0.1) entered forwarding state
<6>[ 447.378422] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
<6>[ 447.390179] br-lan: port 2(wlan0) entered blocking state
<6>[ 447.395583] br-lan: port 2(wlan0) entered disabled state
<6>[ 447.401585] device wlan0 entered promiscuous mode
<6>[ 454.427246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
<6>[ 454.433957] br-lan: port 2(wlan0) entered blocking state
<6>[ 454.439260] br-lan: port 2(wlan0) entered forwarding state
<6>[ 469.135636] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
<6>[ 469.144975] br-lan: port 3(wlan1) entered blocking state
<6>[ 469.150287] br-lan: port 3(wlan1) entered disabled state
<6>[ 469.156152] device wlan1 entered promiscuous mode
<6>[ 474.915109] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
<6>[ 474.921844] br-lan: port 3(wlan1) entered blocking state
<6>[ 474.927199] br-lan: port 3(wlan1) entered forwarding state
<6>[ 1201.876754] device br-lan entered promiscuous mode
<6>[ 1824.095084] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[10773.092255] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[10794.184765] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[10796.900918] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[32343.960283] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[32346.522401] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[32349.745490] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[33339.656951] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[33355.007786] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[33357.727923] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[39349.747160] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[39352.958729] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[59790.794261] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[59793.355873] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[59819.062933] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[59821.840677] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[67771.698851] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[97938.490896] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[97959.793191] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[97962.603809] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[121746.347826] device wlan0 left promiscuous mode
<6>[121746.352701] br-lan: port 2(wlan0) entered disabled state
<6>[121757.894491] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
<6>[121757.906287] br-lan: port 2(wlan0) entered blocking state
<6>[121757.911782] br-lan: port 2(wlan0) entered disabled state
<6>[121757.917916] device wlan0 entered promiscuous mode
<6>[121764.942488] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
<6>[121764.949257] br-lan: port 2(wlan0) entered blocking state
<6>[121764.954645] br-lan: port 2(wlan0) entered forwarding state
<6>[121842.893391] device wlan0 left promiscuous mode
<6>[121842.898312] br-lan: port 2(wlan0) entered disabled state
<6>[121863.842849] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
<6>[121863.854513] br-lan: port 2(wlan0) entered blocking state
<6>[121863.860021] br-lan: port 2(wlan0) entered disabled state
<6>[121863.866176] device wlan0 entered promiscuous mode
<6>[121870.889822] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
<6>[121870.896595] br-lan: port 2(wlan0) entered blocking state
<6>[121870.901984] br-lan: port 2(wlan0) entered forwarding state
<6>[152516.175249] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[152518.739508] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[152522.360521] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[182494.302166] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<6>[182509.828101] mtk_soc_eth 1e100000.ethernet eth0: port 3 link down
<6>[182512.571688] mtk_soc_eth 1e100000.ethernet eth0: port 3 link up
<1>[195076.152202] CPU 0 Unable to handle kernel paging request at virtual address 00b3d984, epc == 8006cb9c, ra == 8006cb10
<4>[195076.162899] Oops[#1]:
<4>[195076.165252] CPU: 0 PID: 3906 Comm: kworker/0:2 Not tainted 4.14.195 #0
<4>[195076.171861] Workqueue: events rht_deferred_worker
<4>[195076.176636] task: 87e4e600 task.stack: 8779a000
<4>[195076.181230] $ 0 : 00000000 00000001 0000000c 80544658
<4>[195076.186527] $ 4 : 00000002 00040000 01293ca9 01293ca9
<4>[195076.191823] $ 8 : 0000ffff ffff0000 00000002 fffffffe
<4>[195076.197129] $12 : 805a14e0 00000040 00000000 77f3f2a0
<4>[195076.202438] $16 : 87f3f57c 81116320 8059a1e8 00040000
<4>[195076.207736] $20 : 00b3d984 86e7dbd0 000000bc 0000001f
<4>[195076.213033] $24 : 00000000 80008f34
<4>[195076.218330] $28 : 8779a000 8779bdf0 85927c00 8006cb10
<4>[195076.223627] Hi : 00000133
<4>[195076.226575] Lo : 33333380
<4>[195076.229546] epc : 8006cb9c queued_spin_lock_slowpath+0x1cc/0x2e0
<4>[195076.235784] ra : 8006cb10 queued_spin_lock_slowpath+0x140/0x2e0
<4>[195076.242016] Status: 11008403 KERNEL EXL IE
<4>[195076.246273] Cause : c080000c (ExcCode 03)
<4>[195076.250345] BadVA : 00b3d984
<4>[195076.253295] PrId : 0001992f (MIPS 1004Kc)
<4>[195076.257454] Modules linked in: pppoe ppp_async pppox ppp_generic nf_conntrack_ipv6 mt76x2e mt76x2_common mt76x02_lib mt7603e mt76 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_FLOWOFFLOAD xt_CT wireguard slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_mangle iptable_filter ip_tables crc_ccitt compat nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ip6_udp_tunnel udp_tunnel leds_gpio gpio_button_hotplug
<4>[195076.323950] Process kworker/0:2 (pid: 3906, threadinfo=8779a000, task=87e4e600, tls=00000000)
<4>[195076.332518] Stack : 81115a20 81118800 85927c00 80233e44 81115da0 86fda700 0000003d 0000003d
<4>[195076.340938] 87172200 85927cb8 86360730 8023407c 00000000 80089cb4 86e10000 86e10000
<4>[195076.349356] 0000002c 87f3f57c 85927c00 00000000 86e7dbe0 87172200 86e7dbd0 86ecb000
<4>[195076.357777] 81115a20 81118800 00000000 00000000 00000000 fffffffe 805a0000 80046e28
<4>[195076.366197] 81115bc0 81115a38 805a0000 81115bc0 805a0000 fffffffe 86ecb000 81115a20
<4>[195076.374617] ...
<4>[195076.377140] Call Trace:
<4>[195076.379662] [<8006cb9c>] queued_spin_lock_slowpath+0x1cc/0x2e0
<4>[195076.385574] [<8023407c>] rht_deferred_worker+0x218/0x524
<4>[195076.390954] [<80046e28>] process_one_work+0x290/0x438
<4>[195076.396069] [<80047320>] worker_thread+0x350/0x5b4
<4>[195076.400935] [<8004cf18>] kthread+0x130/0x144
<4>[195076.405282] [<80007078>] ret_from_kernel_thread+0x14/0x1c
<4>[195076.410747] Code: 0282a021 0283a021 0000000f <10000001> ae910000 8e220004 0000000f 1040fffd 00000000
<4>[195076.420559]
<4>[195076.422427] ---[ end trace fefaf670b97b02d9 ]---
LE: i forgott to add device model.
Xiaomi MI Router 4A Gigabit
16 GB ROM, 128 MB RAM
I think when I had issues with adblock and OOM it was the dnsmasq process that had lots of memory usage.
Hi
we have one WRT1900ACS with a last build of Davidc502 (05/24/2020), and the whitelist of adblock not release the site.... Ex I put site bandb.com and bandab.com.br and and even after saving and restarting the router, the site remains blocked any idea ?
thanks a lot
Best Regards
Juliano
how did you test that? Post the output of /etc/init.d/adblock query bandb.com please.
No, it's only an extension list for dnsmasq ... therefore it's earliest available when dnsmasq is up and running (or another used dns backend). If you need blocking from the beginning you should script some firewall rules to block lan access until all services are up & running.
I doubt that your problem is adblock related, but I have no evidence for that.
It seems to me that it is not "earliest available when dnsmasq is up and running" - dnsmasq starts first, without adblock rules, even when having the rules backup from previous boot on usb storage.
It seems that the rules are converted to format that dnsmasq can understand after starting dnsmasq.
It could be done before starting dnsmasq followed by explicit start of dnsmasq or it could be saved & restored already converted to have it available for standard dnsmasq start up.
I checked how the dns resolution worked during router bootup from my linux machine running nslookup in a loop with a dns name listed in adblock having explicitly the router's ip address as dnsserver to be used with nslookup.
Yep, the normal adblock backups are pre-processed lists sources which needs minimal processing time ( a merge sort) to get incorporated in your dns backend. If you need this "ad-hoc" you'll have to backup your dns directory with the adb_list.overall ... and even than, that kind of protection becomes only available with your dns startup.
It may need minimal time to do the merge sort, but I really wonder why dnsmasq can start before the adblock rules are ready for it?
Can you please explain how it is done with adblock - how it populates the merge sorted rules into already running dnsmasq?
Does adblock explicitly restart dnsmasq after preparing the rules?
Or does dnsmasq pick up the rules based on some i-notify event or what ever?
Obviously without dnsmasq running on the router there is no dns resolution working and if iptables would forbid forwarding of dns requests to internet dns servers, it would be very ok protection.
Unfortunately with current implementation it seems dnsmasq can resolve adblock listed names for some time during router bootup.
The dns backend gets restarted after blocklist preparation.
If you are really concerned about access security during a router restart, you should really think about more advanced firewall configurations, because with browser-based DoH the clients are not interested in your local DNS infrastructure at all.
That's right, DoH will be a problem in near future (not yet in my country it seems). Already put the canary domain into adblock black list to disable DoH by default.
I know this is weak. That is the reason I try to solve the boot up not-blocked-window in the first place.
In any case, this is not for me (not rebooting router at all), but I need to setup a router for grand parents who cannot get explained not to power off the router if they switch off their note book.
So the situation with router booting up when PC is already up is quite likely.
Than adblock is not your problem. Most probably this domain will be already filtered by your local ISP. Try a global dns like 1.1.1.1 or 8.8.8.8
