See the edit to my last post above, I addressed this issue there.
But the domains can change between runs. I guess these problems go away whenever there is that initial restart of dnsmasq. So one option would be to simply opt for that every run. Or another option would be to actually bypass dnsmasq to get the IP addresses for the blocklist_URLs and then use those in the uclient-fetch. Or my idea about leaving a record of previous whitelist. Or checking whether blocklist_urls are accessible (nx domain received or not) and then restarting if not and trying again just in case.
I like this idea more than others because it's simple and it doesn't universally force dnsmasq restart with extra adblocking downtime and possibly additional issues. IMO it's best to minimize interruption of critical system services.
1 Like
I like that too. What if URL is mistyped though. Well I guess as upfront check doesn't matter. Can be very rapid.
1 Like
Latest revision implements connectivity test to domains extracted from the URLs and dnsmasq restart if connectivity test fails. Also should solve the error which @Wizballs reported above.
Currently connectivity check runs regardless of the mode (whitelist or not) because I thought it might be useful in both cases. If you think it should run only in whitelist mode, I can change that.
2 Likes
Connectivity check regardless makes sense to me.
1 Like
I think this:
config dnsmasq 'adblock_lean'
list addnmount '/bin/busybox'
Does not seem to be working:
Mon Oct 7 12:48:03 2024 daemon.crit dnsmasq[1]: busybox sh /tmp/dnsmasq.d/.extract_blocklist returns non-zero error code
Mon Oct 7 12:48:03 2024 daemon.crit dnsmasq[1]: FAILED to start up
As usual for OpenWrt the documentation is indecipherable:
This is really odd. Seems working for me:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
option dynamicdhcp '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dnsmasq 'adblock_lean'
list addnmount '/bin/busybox'
root@OpenWrt:~# service adblock-lean start
Started adblock-lean.
gawk detected so using gawk for fast (sub)domain match removal and entries packing.
GNU sed detected so list processing will be fast.
coreutils-sort detected so sort will be fast.
Creating compressed backup of existing blocklist.
Testing connectivity.
Error: Lookup of 'raw.githubusercontent.com' failed.
Restarting dnsmasq.
Waiting for dnsmasq initialization.
Restart of dnsmasq completed.
Found local allowlist. Sanitizing.
Successfully processed allowlist (source file size: 22 B, sanitized line count: 2).
Successfully generated allowlist with 2 entries.
Will remove any (sub)domain matches present in the allowlist from the blocklist and append corresponding server entries to the blocklist.
No local blocklist identified.
Starting raw blocklist part(s) download.
Downloading, checking and sanitizing raw blocklist part from: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt.
Successfully processed blocklist (source file size: 3.18 MiB, sanitized line count: 169,140).
Downloading, checking and sanitizing raw blocklist part from: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.medium-onlydomains.txt.
Successfully processed blocklist (source file size: 2.8 MiB, sanitized line count: 166,841).
Starting dnsmasq blocklist part(s) download.
Downloading, checking and sanitizing dnsmasq blocklist part from: https://small.oisd.nl/dnsmasq2.
Successfully processed blocklist (source file size: 1.15 MiB, sanitized line count: 46,293).
Successfully generated preprocessed blocklist file with 382,276 entries.
Sorting and merging the blocklist parts into a single blocklist file.
Stopping dnsmasq.
Checking the resulting blocklist with 'dnsmasq --test'.
New blocklist file check passed.
Final list uncompressed file size: 4.63 KiB.
Successfully imported new compressed blocklist file for use by dnsmasq with size: 1.11 KiB.
Restarting dnsmasq.
Waiting for dnsmasq initialization.
Restart of dnsmasq completed.
Processing time for blocklist generation and import: 0m:4s.
Checking active blocklist.
Active blocklist check passed with the new blocklist file.
New blocklist installed with entries count: 174.
Checking for adblock-lean updates.
Error: Unable to download latest version of adblock-lean to check for any updates.
(I have whitelist mode enabled which is why it can't download updates)
Can you post your /etc/config/dhcp please?
root@OpenWrt-1:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
list server '127.0.0.1#5453'
list server '0::1#5453'
XXX
config dnsmasq 'adblock_lean'
list addnmount '/bin/busybox'
I think the 'adblock_lean` amounts to a so-called 'tag', which is mean to apply to certain hosts(?) - see indecipherable documentation and discussion here:
https://forum.archive.openwrt.org/viewtopic.php?id=69092
I see the motivation - we want our own custom adblock-lean dnsmasq setting. But maybe this is not quite working out. In the discussion the tag is paired with specific hosts. Maybe we need a corresponding host entry or something.
If it's not then it's not. I'm fully prepared to roll this back in that case. However since it is working for me, I'd like to understand why it errors out for you before making the decision.
Hi, sorry if this is not the best place for support. I am running the latest adblock-lean and am trying to configure an allow list and have added *.events.data.microsoft.com
*.aria.microsoft.com
to the allow list and restart adblock-lean and it has recognised the 2 entries. however i still get eu-mobile.events.data.microsoft.com is NXDOMAIN in the logs.what have i done wrong?
I think the allow entries currently won't take precedence when wildcards are employed. We'll look into improving this (not sure it's possible) - for now, please specify full subdomains in the allowlist.
amazing, thanks for the quick response and amazing ad blocker!
1 Like
Please post the full ps ww | grep jail | grep dnsmasq output to see how your jail is running. Same for @Lynx
15523 root 2764 S {dnsmasq} /sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/busybox -r /bin/ubus -r /etc/TZ -r /etc/dnsmasq.conf -r /etc/ethers -r /etc/group -r /etc/hosts -r /etc/passwd -w /tmp/dhcp.leases -r /tmp/dnsmasq.d -r /tmp/hosts -r /tmp/resolv.conf.d -r /usr/bin/jshn -r /usr/lib/dnsmasq/dhcp-script.sh -r /usr/share/dnsmasq/dhcpbogushostname.conf -r /usr/share/dnsmasq/rfc6761.conf -r /usr/share/dnsmasq/trust-anchors.conf -r /usr/share/libubox/jshn.sh -r /var/etc/dnsmasq.conf.adblock_lean -w /var/run/dnsmasq/ -- /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.adblock_lean -k -x /var/run/dnsmasq/dnsmasq.adblock_lean.pid
root@OpenWrt:~# ps ww
PID TTY STAT TIME COMMAND
1 ttyS0 Ss+ 15:10 /sbin/procd
1092 tty1 Ss+ 0:00 /sbin/askfirst /usr/libexec/login.sh
3842 pts/0 Ss 0:01 -ash
51792 pts/1 Ss+ 0:00 -ash
57172 pts/0 R+ 0:00 ps ww
root@OpenWrt:~# ps ww | grep jail
57202 pts/0 S+ 0:00 grep jail
root@OpenWrt:~# ps ww | grep jail | grep dnsmasq
This shows busybox allowed in the jail. Which code are you running?
But I see:
Mon Oct 7 12:48:13 2024 daemon.crit dnsmasq[1]: busybox sh /tmp/dnsmasq.d/.extract_blocklist returns non-zero error code
Mon Oct 7 12:48:13 2024 daemon.crit dnsmasq[1]: FAILED to start up
Mon Oct 7 12:48:18 2024 daemon.crit dnsmasq[1]: busybox sh /tmp/dnsmasq.d/.extract_blocklist returns non-zero error code
Mon Oct 7 12:48:18 2024 daemon.crit dnsmasq[1]: FAILED to start up
Mon Oct 7 12:48:23 2024 daemon.crit dnsmasq[1]: busybox sh /tmp/dnsmasq.d/.extract_blocklist returns non-zero error code
Mon Oct 7 12:48:23 2024 daemon.crit dnsmasq[1]: FAILED to start up
Mon Oct 7 12:48:23 2024 daemon.info procd: Instance dnsmasq::cfg01411c s in a crash loop 6 crashes, 0 seconds since last crash
root@OpenWrt-1:~# cat /tmp/dnsmasq.d/.extract_blocklist
busybox gunzip -c /tmp/dnsmasq.d/.blocklist.gz
exit 0
root@OpenWrt:~# pgrep -af ujail | grep dnsmasq
55719 /sbin/ujail -t 5 -n dnsmasq -u -l -r /bin/busybox -r /bin/ubus -r /etc/TZ -r /etc/dnsmasq.conf -r /etc/ethers -r /etc/group -r /etc/hosts -r /etc/passwd -w /tmp/dhcp.leases -r /tmp/dnsmasq.d -r /tmp/hosts -r /tmp/resolv.conf.d -r /usr/bin/jshn -r /usr/lib/dnsmasq/dhcp-script.sh -r /usr/share/dnsmasq/dhcpbogushostname.conf -r /usr/share/dnsmasq/rfc6761.conf -r /usr/share/dnsmasq/trust-anchors.conf -r /usr/share/libubox/jshn.sh -r /var/etc/dnsmasq.conf.adblock_lean -w /var/run/dnsmasq/ -- /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.adblock_lean -k -x /var/run/dnsmasq/dnsmasq.adblock_lean.pid