Configure DNS for simple-adblock

mambu · January 25, 2022, 11:19am

Hi, I have installed simple-adblock but it does not seem to be working in my setup, which is as follows.
My openwrt router (.2) connects to internet via another router (.1), which has DHCP server enabled, and they are part of the same network (with .1 set as default gateway for .2).
The DNS in OpenWRT is configured to forward requests router .1 (which gets DNS info from the WAN network), otherwise it does not work, and simple-adblock is configured to "force router DNS server to all local devices".
So my understanding is that devices connected to router .1 are using the DNS coming from OpenWRT which should "usually" forward to router 1. Then simple-adblock should hijack (as written in the docs!) DNS requests and filter them (before forwarding).
But if I log in to the openwrt router I see some domains are blocked but from my PC they are not.

OpenWRT router (192.168.8.2):

root@router-bis:~# nslookup ads.linkedin.com
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find ads.linkedin.com: NXDOMAIN
** server can't find ads.linkedin.com: NXDOMAIN

root@router-bis:~# nslookup www.google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      www.google.com
Address 1: 216.239.38.120
Address 2: 2001:4860:4802:32::78

My PC (connected via ethernet to openwrt router):

marco@orange:~$ nslookup ads.linkedin.com
Server:         192.168.8.1
Address:        192.168.8.1#53

Non-authoritative answer:
ads.linkedin.com        canonical name = mix.linkedin.com.
mix.linkedin.com        canonical name = na-rr.mix.linkedin.com.
na-rr.mix.linkedin.com  canonical name = pop-lor1.mix.linkedin.com.
Name:   pop-lor1.mix.linkedin.com
Address: 144.2.14.5

So the DNS server seen in my PC is still .1 (may be correct anyway), but the correct IP is returned unlike inside openwrt.

Is my setup correct or am I missing some more config changes?
Where can I find logs to investigate what is going on?

Thanks,
Marco

pavelgl · January 25, 2022, 12:12pm

Your lan clients obtain their IP configuration from the main router, not from the OpenWrt device, so the DNS requests are sent directly to 192.168.8.1, and there is no way to be hijacked.

Run the following on marco:

marco@orange:~$ nslookup ads.linkedin.com 192.168.8.2

If it works as expected, set the DHCP server on the main router to advertise 192.168.8.2 as a DNS server.

mambu · January 25, 2022, 3:04pm

Hi, I tried and it works as you suggested, so setting the DNS to the one in OpenWRT filters the ads and the default one from the router connected to internet does not so all looks good on OpenWRT.

I took a look at the Huawei router and there is no option to modify the DNS sent via DHCP but I changed manually in my PC to be .2 first and .1 second and I can now see ads being blocked.
Not the best solution as I have to go and re-configure every device but works for me.

Thanks