Somehow I managed to get adblock-lean in a state where it comes up but does nothing . I think my testing of doh is what has caused the issue . If I start adb I do see this
No ip addresses detected for dnsmasq instance 'cfg01411c'. Using the loopback addresses.
The issue is everything seems OK but ads not being blocked
root@shadow:~# echo "config:"; cat /etc/adblock-lean/config
config:
# adblock-lean configuration options
# config_format=v6
#
# values must be enclosed in double-quotes
# custom comments are not preserved after automatic config update
# Whitelist mode: only domains (and their subdomains) included in the allowlist(s) are allowed, all other domains are blocked
# In this mode, if blocklists are used in addition to allowlists, subdomains included in the blocklists will be blocked,
# including subdomains of allowed domains
whitelist_mode="0"
# One or more *raw domain* format blocklist/ipv4 blocklist/allowlist urls separated by spaces
blocklist_urls="https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.medium-onlydomains.txt"
blocklist_ipv4_urls=""
allowlist_urls=""
# One or more *dnsmasq format* domain blocklist/ipv4 blocklist/allowlist urls separated by spaces
dnsmasq_blocklist_urls=""
dnsmasq_blocklist_ipv4_urls=""
dnsmasq_allowlist_urls=""
# Path to optional local *raw domain* allowlist/blocklist files in the form:
# site1.com
# site2.com
local_allowlist_path="/etc/adblock-lean/allowlist"
local_blocklist_path="/etc/adblock-lean/blocklist"
# Test domains are automatically querried after loading the blocklist into dnsmasq,
# in order to verify that the blocklist didn't break DNS resolution
# If query for any of the test domains fails, previous blocklist is restored from backup
# If backup doesn't exist, the blocklist is removed and adblock-lean is stopped
# Leaving this empty will disable verification
test_domains="google.com microsoft.com amazon.com"
# List part failed action:
# This option applies to blocklist/allowlist parts which failed to download or couldn't pass validation checks
# SKIP - skip failed blocklist file part and continue blocklist generation
# STOP - stop blocklist generation (and fall back to previous blocklist if available)
list_part_failed_action="SKIP"
# Maximum number of download retries
max_download_retries="3"
# Minimum number of good lines in final postprocessed blocklist
min_good_line_count="150000"
# Mininum number of lines of any individual downloaded part
min_blocklist_part_line_count="1"
min_blocklist_ipv4_part_line_count="1"
min_allowlist_part_line_count="1"
# Maximum size of any individual downloaded blocklist part
max_file_part_size_KB="8000"
# Maximum total size of combined, processed blocklist
max_blocklist_file_size_KB="10000"
# Whether to perform sorting and deduplication of entries (usually doesn't cause much slowdown, uses a bit more memory) - enable (1) or disable (0)
deduplication="1"
# compress final blocklist, intermediate blocklist parts and the backup blocklist to save memory - enable (1) or disable (0)
use_compression="0"
# restart dnsmasq if previous blocklist was extracted and before generation of
# new blocklist thereby to free up memory during generaiton of new blocklist - enable (1) or disable (0)
initial_dnsmasq_restart="0"
# Start delay in seconds when service is started from system boot
boot_start_delay_s="30"
# If a path to custom script is specified and that script defines functions 'report_success()' and 'report_failure()'',
# one of these functions will be executed when adblock-lean completes the execution of some commands,
# with the success or failure message passed in first argument
# report_success() is only executed upon completion of the 'start' command
# Recommended path is '/usr/libexec/abl_custom-script.sh' which the luci app has permission to access
custom_script=""
# Crontab schedule expression for periodic list updates
cron_schedule="disable"
# dnsmasq instance and config directory
# normally this should be set automatically by the 'setup' command
DNSMASQ_INSTANCE="cfg01411c"
DNSMASQ_INDEX="0"
DNSMASQ_CONF_D="/etc/config/dnsmasq.user"
root@shadow:~# echo "dhcp:"; cat /etc/config/dhcp
dhcp:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option local '/evinrude.net/'
option domain 'evinrude.net'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option filterwin2k '1'
option cachesize '10000'
option min_cache_ttl '3600'
option quietdhcp '1'
option confdir '/etc/config/dnsmasq.user'
option dnsforwardmax '500'
list addnmount '/bin/busybox'
#list server '127.0.0.1#5053'
#list server '127.0.0.1#5054'
config dhcp 'lan'
option interface 'lan'
option start '10'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
list dhcp_option '42,10.10.10.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '3'
config host
option name 'linux-laptop'
option dns '1'
option mac 'A0:D3:7A:8D:BC:6A'
config domain
option name 'shadow'
option ip '10.10.10.1'
config domain
option ip '10.10.10.4'
option name 'ollie'
config domain
option name 'timeserver'
option ip '10.10.10.1'
config domain
option ip '10.10.10.8'
option name 'kitten'
config dhcp 'lan3'
option interface 'lan3'
option start '10'
option limit '30'
option leasetime '12h'
list dhcp_option '42,10.10.20.1'
config host
option name 'hs200studiooutside'
option dns '1'
option mac '6C:5A:B0:EE:9B:F1'
config host
option name 'hs200shopoutside'
option dns '1'
option mac '6C:5A:B0:EE:BA:91'
config domain
option name 'tiberius'
option ip '10.10.10.7'
config host
option name 'brotherprinter'
option dns '1'
list mac '60:6D:C7:69:40:EB'
option ip '10.10.20.27'
config host
option name 'beelink'
option dns '1'
option mac 'E0:2E:0B:91:E9:07'
option ip '10.10.10.109'
config domain
option name 'mediaserver'
option ip '10.10.10.3'
config domain
option name 'gallery'
option ip '10.10.10.3'
config domain
option name 'shares'
option ip '10.10.10.3'
config domain
option name 'webdav'
option ip '10.10.10.3'
config domain
option name 'elog4'
option ip '10.10.10.3'
config domain
option name 'gallery4'
option ip '10.10.10.3'
config domain
option name 'webdav4'
option ip '10.10.10.3'
config domain
option name 'tootie'
option ip '10.10.10.3'
config host
option name 'biscuit'
list mac '00:18:dd:09:13:e3'
option ip '10.10.20.12'
config host
option name 'beelink-eth'
list mac 'b0:41:6f:0d:14:93'
option ip '10.10.10.5'
config host
list mac '00:22:6C:21:5A:31'
option ip '10.10.20.34'
option name 'S10shop'
config host
option name 'Denon'
list mac '00:05:CD:DA:92:56'
option ip '10.10.20.26'
config host
list mac '48:78:5E:FE:B3:69'
option ip '10.10.20.13'
config host
list mac '90:A8:22:51:63:F1'
option ip '10.10.20.14'
config host
list mac 'EC:2B:EB:56:0F:1C'
option ip '10.10.20.17'
config domain
option name 'daisy'
option ip '10.10.10.9'
You have a bunch of domains assigned to same IP address in /etc/config/dhcp. I wonder if this is intentional and what's the point. Probably unrelated to adblocking.
Also please issue the command dig google.com or nslookup google.com on the host where adblocking is not working and post the output. As @frollic alluded, probably your hosts are not using your local DNS server.
I'm marking this as 'solved' . This is on my Linux box . The issue was that both firefox and chrome were told to use dns over https thus bypassing my local dns/adblock . I'm not sure how it got turned on in Chrome but this seems to be the default setting for a new install of firefox . I verified this by removing and adding firefox . major confusion factor