I just noticed something in my network, i have a txt file with a lot of webs pointing to 0.0.0.0 (porn and ads mostly), the thing is that on my desktop (win10, dhcp) it works normally, the pages don't load and ping doesnt work on them... but on my cellphone (android 7, dhcp) they work normally, they are not filtered and pinging the webs works as well...
any ideas?...Im using LEDE 17.01.4
check if your mobile phone uses the LEDE router as DNS server from DHCP request. Probably it uses some internal hard coded (maybe even as fallback).
well.. my phone isn't rooted so im limited on commands, but using a network infor app, it shows my lede router as gateway and 1st dns (2nd is 0.0.0.0), so i assume it should work correctly, but it doesnt..
since you are using LEDE, you should be able to do a PCAP trace using tcpdump on the Internet Interface when accessing a masked host. Probably you will see some DNS traffic from mobile device.
Why do you map to 0.0.0.0, maybe it's better to use 127.0.0.1 (localhost).
well i like to have 0.0.0.0 as it doesn't even ping anything, ok, i created a pcap file using tcpdump, i opened it with wireshark, but i really don't know what i'm looking for...
ok no, wait.. i filtered by dns, and found that the address i've been testing was queried by the phone using ipv6, but i dont use ipv6 on my desktop.. maybe thats whats happening its been filtered only in ipv4 but no ipv6
correct, you found the problem. Only IPv4 is filtered by your method, not IPv6.
I am no expert for IPv6, but why is IPv6 enabled for WLAN devices? Maybe disabling it is the easyest way.
IPv6 should not be a problem here, but it may be possible that you have to redirect all DNS queries to your own relaying DNS server (the router). You can do that via iptables or configure luci-add-adblock to do that for you.
well i added a firewall rule to drop all kind of packets thru ipv6 and it has worked, i dont like to use the adblock, i like to visit a page that has all kind of host to gambling, porn, social media and others and add the hosts there to my txt.
thanks all for the help!
simple-adblock package allows you to either add domains you want to block with WebUI/uci and/or point it to the txt file with domains to block somewhere on the internet. It also features both IPv4 and IPv6 DNS hijacking to ensure all devices use your router as DNS resolver.
And you can also remove all pre-configured lists.
ummmm interesting... ill check that after work, thanks!