Block domain not update after dnsmasq restart

dovanhuong · September 4, 2023, 2:39pm

Dear experts,
I'm follow the instruction from this link to block some domain: How to block particular Web sites - #7 by vgaetera
I found that can work perfect only after reboot my router TP-Link Archer C50 Openwrt Version 21.
However, when I restart "dnsmasq" it is not updated to block domains.
Based on your expertise, could you please help me how can I solve this issue without reboot my router?
Warmly thank you so much~

eduperez · September 4, 2023, 2:52pm

I understand you are following the instructions at DNS Filtering? Restarting dnsmasq should enable the block; could you explain exactly what are you doing, and how are you testing it, please?

dovanhuong · September 4, 2023, 2:55pm

dear @eduperez

my flow commands as below:
uci add_list dhcp.@dnsmasq[0].address="/youtube.com/127.0.0.1"
uci commit dhcp
/etc/init.d/dnsmasq restart

=> if I don't reboot my router, it is can access youtube.com from browser. When I reboot my router, it is working well for block youtube.com.
I don't know how can solve this issue, could you please advice to me~

frollic · September 4, 2023, 3:03pm

Cashed DNS entries on client, tried rebooting the client, instead of the router ?

Also, use 0.0.0.0, not 127.0.0.1, 127 will make the client do a connection attempt, and time out, while 0.0.0.0 will abort immediately.

By the sound of it, it's probably not an Openwrt issue.

account4538 · September 4, 2023, 3:04pm

Try list address 'youtube.com/#' to return 0.0.0.0 or list address 'youtube.com/' to return nxdomain in /etc/config/dhcp under config dnsmasq

dovanhuong · September 4, 2023, 3:10pm

dear @frollic, thank for your advice, I tried that, it can run first time, however after that it can access again

frollic · September 4, 2023, 3:11pm

Ok, are you sure your clients are using your DNS ?

Does it work when you try to ping ?

dovanhuong · September 4, 2023, 3:12pm

yess, I'm sure to use this and this is below my list block as your recommendation in "/etc/config/dhcp"
...
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option leasefile '/etc/dhcp.leases'
list address '/dantri.com.vn/0.0.0.0'
list address '/vnexpress.net/0.0.0.0'
list address '/asicland.com/0.0.0.0'
list address '/youtube.com/0.0.0.0'
...

when I test with nslookup, it seem not work, but when I use firefox browser to access, it can access
root@OpenWrt:/tmp/dnsmasq.d# nslookup youtube.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: youtube.com
Address 1: 0.0.0.0
*** Can't find youtube.com: No answer
root@OpenWrt:/tmp/dnsmasq.d#

frollic · September 4, 2023, 3:13pm

This is on the router, not a client, apples and bananas.

dovanhuong · September 4, 2023, 3:15pm

on the client device, I used firefox to access these websites, it can access after dnsmasq restart from router

frollic · September 4, 2023, 3:16pm

Like i said, does it block it on the client, if you try ping ?

Disabled DoH in the browser?

dovanhuong · September 4, 2023, 3:17pm

could you please instruct more about this?

frollic · September 4, 2023, 3:18pm

Tried "Firefox disable DoH" at Google ?
Like I said, this is probably a client issue.

dovanhuong · September 4, 2023, 3:20pm

hmm, it seems from the client, that it can ping youtube

dovanhuong · September 4, 2023, 3:22pm

I think the router is not successfully blocking my target link, it seems not from the client issue

frollic · September 4, 2023, 3:25pm

And what is the client OS?
Do an nslookup on the client.

dovanhuong · September 4, 2023, 3:25pm

i'm using ubuntu 20 LTS

frollic · September 4, 2023, 3:26pm

Is Ubuntu then using your DNS ?

dovanhuong · September 4, 2023, 3:26pm

yess, it is connect with my router by ethernet cable

frollic · September 4, 2023, 3:26pm

Answer the question instead.