AB-Solution - The Ad Blocking Solution

[MarCoMLXXV]

I'd have to fire up an old laptop with Ubuntu on it but lack the time, but have you tried disabling dnsmasq?

No, I haven't yet, but can give it try later tonight, as the nine-year-old has just confiscated 'his' laptop for gaming purposes. I assume you mean dnsmasq on the Ubuntu-laptop, right?

I was pissed off at the time for the way it played out for all of us then. But that's over and in the past now.

Good to hear, but to be honest, I still don't know what I did wrong back then, but let's just leave it a that. It wasn't my intention either to bring something private out in the open, it was more like my way of saying sorry in general, without having the guts to send you a PM.

I'm happy you found your way back to this thread a little while ago.

Thanks, that's kind of you. Wasn't 'gone' actually, just laid low for a while, as I didn't want to cause any more unintended annoyance.

 

[thelonelycoder]

No, I haven't yet, but can give it try later tonight, as the nine-year-old has just confiscated 'his' laptop for gaming purposes. I assume you mean dnsmasq on the Ubuntu-laptop, right?



Good to hear, but to be honest, I still don't know what I did wrong back then, but let's just leave it a that. It wasn't my intention either to bring something private out in the open, it was more like my way of saying sorry in general, without having the guts to send you a PM.



Thanks, that's kind of you. Wasn't 'gone' actually, just laid low for a while, as I didn't want to cause any more unintended annoyance.

As I said at the time I won’t hold it against you or anyone else.
Glad you’re back and that‘s where we best leave it.

 

[thelonelycoder]

BTW @MarCoMLXXV, your signature needs adjustment:
with Pixelserv-TLS by @bigeyes0x0 installed.
Pixelserv-tls is by @mstombs and @kvic

 

[MarCoMLXXV]

I'd have to fire up an old laptop with Ubuntu on it but lack the time, but have you tried disabling dnsmasq?
http://mark.orbum.net/2012/05/14/disabling-dnsmasq-as-your-local-dns-server-in-ubuntu/

Tried your suggestion, but apparently dnsmasq is no longer installed out of the box, as of 16.10 systemd-resolved has taken over it's tasks. After two days of fiddling, trial and error and several re-installs (because I simply couldn't remember what 'fixes' I had applied and whether they could be counteracting each other) I managed to disable resolving locally (127.0.0.53 on the laptop), disabled DNSSEC and got the Ubuntu laptop to use the routers DNS-server, as confirmed by dig. However, somehow the router doesn't block ads and the Ubuntu laptop refuses to resolve local clients while the router is now the only DNS server set, even though the (local) network settings are correct. There must be more to it, but after two days I'm throwing in the towel and rolling back to the latest LTS release, which worked perfectly fine. Was just curious to try the latest version of Gnome. Somehow Canonical messed up starting with 16.10 and 17.04 and given the amount of unresolved bugs, they've got some serious issues to fix before 17.10 can released. Getting it to resolve addresses is fairly simple (now), but if you want to be able to connect to your local clients and use your router's full functionality, stick with 16.04 LTS.

Edit: Signature edited, didn't know, sorry. Thanks for pointing it out, though.

 

[Alfred]

Can't tell for sure ATM, but pixelserv should only listen on port 443 on the ps IP.
Make sure OpenVPN does the same in its IP and see how it goes.
In my head it works...
There is also the harder way of doing it: The pixelserv switches, you can change the https port (443) in the AB UI, but you'll also have to add a firewall forwarding rule to make it work.
See kvic's pixelserv thread for how to do it.

Stubborn as I am, I first tried the hard way...
I have read several posts regarding the harder way by forwarding in the PREROUTING chain of the nat table, in which a puzzling IP address 10.8.10.8 was used, which I did not understand, so I did not succeed with that.
However, I managed to fix it the easy way. As you suspected, OpenVPN was listening on all IP. See community.openvpn.net:
--local host
Local host name or IP address for bind. If specified, OpenVPN will bind to this address only. If unspecified, OpenVPN will bind to all interfaces.

So above the port-share redirection option for forwarding non-OpenVPN traffic (https), I inserted the line:
local <router EXTERNAL ip or ddns ;-) hostname>
This worked. Pixelserv-tls and OpenVPN are now happily living together, listening both on TCP 443, each at their own IP.
Pfff...
Thanks!

 

[MarCoMLXXV]

Okay, now I'm lost. Did a clean install of (non-flavored) Ubuntu 16.04.3 LTS (amd64) on my laptop yesterday, disabled dnsmasq on the Ubuntu-laptop, get an IP assigned from the router, including announcing itself as DNS-server:

marco@vaio:~$ dig snbforums.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> snbforums.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25238
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;snbforums.com.            IN    A

;; ANSWER SECTION:
snbforums.com.        300    IN    A    104.25.235.15
snbforums.com.        300    IN    A    104.25.234.15

;; Query time: 58 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Aug 26 08:14:30 CEST 2017
;; MSG SIZE  rcvd: 74

Yet, ad-blocking doesn't work even it though it uses the router for resolving DNS. I checked AB-Solution which seems to work fine, even on my ancient netbook running Lubuntu 17.04 (i386) which I've been using for weeks without any issues. Rebooted the router (which has been up without issues since 380.68_0 was released), to no avail. Any other suggestions are highly appreciated.

Edit: In addition to info above, here's the output of $ cat /etc/resolv.conf (which has been auto populated by network-manager)

marco@vaio:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.1
search lan

and resolving local clients doesn't work eiter.

 

[thelonelycoder]

Okay, now I'm lost. Did a clean install of (non-flavored) Ubuntu 16.04.3 LTS (amd64) on my laptop yesterday, disabled dnsmasq on the Ubuntu-laptop, get an IP assigned from the router, including announcing itself as DNS-server:

marco@vaio:~$ dig snbforums.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> snbforums.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25238
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;snbforums.com.            IN    A

;; ANSWER SECTION:
snbforums.com.        300    IN    A    104.25.235.15
snbforums.com.        300    IN    A    104.25.234.15

;; Query time: 58 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Aug 26 08:14:30 CEST 2017
;; MSG SIZE  rcvd: 74

Yet, ad-blocking doesn't work even it though it uses the router for resolving DNS. I checked AB-Solution which seems to work fine, even on my ancient netbook running Lubuntu 17.04 (i386) which I've been using for weeks without any issues. Rebooted the router (which has been up without issues since 380.68_0 was released), to no avail. Any other suggestions are highly appreciated.

Edit: In addition to info above, here's the output of $ cat /etc/resolv.conf (which has been auto populated by network-manager)

marco@vaio:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.1.1
search lan

and resolving local clients doesn't work eiter.

Here on my fresh install of Ubuntu 16.04.3 32bit it works out of the box.
Note that I have not enabled dnscrypt on the router (192.168.2.1) and 192.168.2.2 is the pixelserv-tls IP (resolved as 1worldonliene.com but this is still the pixelserv IP).
IPv6 is disalbed on the router but not on the Ubuntu machine.

I see no ads whatsoever.
Some output:

tlc@ubuntu-16.04.3:~$ dig snbforums.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> snbforums.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33996
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;snbforums.com.            IN    A

;; ANSWER SECTION:
snbforums.com.        300    IN    A    104.25.235.15
snbforums.com.        300    IN    A    104.25.234.15

;; Query time: 25 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Aug 26 11:35:29 CEST 2017
;; MSG SIZE  rcvd: 74


tlc@ubuntu-16.04.3:~$ dig googleadservices.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> googleadservices.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43627
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;googleadservices.com.        IN    A

;; ANSWER SECTION:
googleadservices.com.    0    IN    A    192.168.2.2

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Aug 26 11:36:34 CEST 2017
;; MSG SIZE  rcvd: 65


tlc@ubuntu-16.04.3:~$ tracepath snbforums.com
 1?: [LOCALHOST]                                         pmtu 1500
 1:  RT-AC87U-D700                                         0.400ms
 1:  RT-AC87U-D700                                         0.367ms
 2:  no reply
 3:  217-168-53-41.static.cablecom.ch                     11.425ms
 4:  ch-otf01b-rc1-ae50-0.aorta.net                        9.737ms asymm  7
 5:  ch-zrh01b-ra1-ae9-0.aorta.net                        11.930ms
 6:  213.46.171.66                                        10.927ms

 
tlc@ubuntu-16.04.3:~$ traceroute snbforums.com
traceroute to snbforums.com (104.25.234.15), 30 hops max, 60 byte packets
 1  RT-AC87U-D700 (192.168.2.1)  0.360 ms  0.327 ms  0.544 ms
 2  * * *
 3  217-168-53-41.static.cablecom.ch (217.168.53.41)  9.354 ms  9.303 ms  9.299 ms
 4  ch-otf01b-rc1-ae50-0.aorta.net (84.116.202.241)  9.811 ms  9.882 ms  9.930 ms
 5  ch-zrh01b-ra1-ae9-0.aorta.net (84.116.134.22)  9.700 ms  9.774 ms  9.569 ms
 6  213.46.171.66 (213.46.171.66)  9.696 ms  7.720 ms  7.720 ms
 7  cloudflare-ic-312618-zch-b2.c.telia.net (62.115.57.174)  9.504 ms  8.340 ms  8.362 ms
 8  104.25.234.15 (104.25.234.15)  8.253 ms  7.843 ms  7.796 ms


tlc@ubuntu-16.04.3:~$ tracepath googleadservices.com
 1?: [LOCALHOST]                                         pmtu 1500
 1:  1worldonline.com                                      0.403ms reached
 1:  1worldonline.com                                      0.350ms reached
     Resume: pmtu 1500 hops 1 back 1


tlc@ubuntu-16.04.3:~$ traceroute googleadservices.com
traceroute to googleadservices.com (192.168.2.2), 30 hops max, 60 byte packets
 1  1worldonline.com (192.168.2.2)  0.449 ms  0.432 ms  0.414 ms


 
tlc@ubuntu-16.04.3:~$ nmcli dev show enp24s0
GENERAL.DEVICE:                         enp24s0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:1C:C4:C7:88:B7
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     Wired connection 1
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.2.170/24
IP4.GATEWAY:                            192.168.2.1
IP4.ROUTE[1]:                           dst = 169.254.0.0/16, nh = 0.0.0.0, mt = 1000
IP4.DNS[1]:                             192.168.2.1
IP6.ADDRESS[1]:                         fe80::21c:c4ff:fec7:88b7/64
IP6.GATEWAY:

 

[MarCoMLXXV]

@thelonelycoder Thanks for the effort. The only difference (besides your private client/server- farm for testing purposes) is that I have DNSCrypt installed. Funny part is, that on my ancient netbook, I installed a 32-bits edition of Lubuntu 17.04 which works flawless out of the box too, yet a 64-bit install of 16.4.3 causes the same issues as 17.04 even though it has undergone many changes under the hood. Starting to wonder whether the difference in architecture might be a factor. Will do a 32 bit install on the 64 bit laptop and see how that turns out, as I can't stand this. Once you get used to the magic of AB-Solution, you don't want without it anymore...

 

[truglodite]

I recall having issues using dnscrypt and ab-solution together. After reading up on the benefits (or more so the reasons for) running dnscrypt, I did some analysis on my isp and mobile apn dns servers, and both are actually quite secure as is (very random, and not outside accessible). So I don't feel much exposure by not trying to hack dnscrypt to work on my setup (ran for decades without it before and no issues I'm aware of).

@thelonelycoder,
A while back I was playing with blacklists trying to get boston.com to stop showing googleads (I don't read that site, but it's a good test for ad blocking). At the end of the day the ad problems disappeared (probably a dns cache issue), but from that point on, it seems my pixelserv hostname got somehow set to 'pulpix.com' (lol, ironic). pulpix.com was the first entry on my blacklist.

This morning I set out to change the hostname from pulpix.com, to simply 'pixelserv'. I couldn't find the setting anywhere in the pixelserv docs, other than the command line option (which I tried and didn't work). After deleting and reprocessing my blacklist, a host/dns lookup on my pixelserv IP now shows 192.168.x.y (so hostname is now = pixelserv addy).

I would like it to resolve to pixelserv.home, to match the SANs I have in my cert (and match the rest of the "hostname.domainname" on my network). Is there a straightforward way to change it? How could I avoid this from happening to begin with?

I know this may be OT for this thread (probably just a dnsmasq config issue), but you guys are very helpful around these parts, and since it started by playing with ab-sol...

Thanks in advance,
Kev

 

[MarCoMLXXV]

I tried two other distros, the last being Linux Mint 18.2 (amd64) which I've used for a long time, without any issues whatsoever.

I hashed out dns=dnsmasq in NetworkManager.conf on the laptop. Systemd-resolved appears to do resolving. After restarting network-manager and network services, I removed dnsscrypt on the router and rebooted the router and the laptop. /etc/resolv.conf was now automatically populated with 192.168.1.1 (router) instead of 127.0.1.1 (local dns at the laptop). At first I thought it was successful. Until I disconnected the ethernet cable and refreshed the page. Boom, ads are back.

When connected through WiFi:

marco@vaio ~ $ dig www.googleadservices.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.googleadservices.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 657
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.googleadservices.com.    IN    A

;; ANSWER SECTION:
www.googleadservices.com. 300    IN    CNAME    pagead.l.doubleclick.net.
pagead.l.doubleclick.net. 165    IN    A    172.217.17.98

;; Query time: 301 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Aug 26 22:48:33 CEST 2017
;; MSG SIZE  rcvd: 107

When connected trough ethernet

marco@vaio ~ $ dig www.googleadservices.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.googleadservices.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44148
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.googleadservices.com.    IN    A

;; ANSWER SECTION:
www.googleadservices.com. 0    IN    A    192.168.1.2

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Aug 26 22:51:05 CEST 2017
;; MSG SIZE  rcvd: 69

So for some reason, wired connections work as expected, ads are being blocked by AB-Solution, hosts are being redirected to pixelserv-TLS. WiFi does resolve through the router, but ads aren't blocked. Both connections in linux are on DHCP (auto), nothing pre-filled. Even deleted both connections and had the system recreate them after reconnecting wired as well as wireless, but to no avail.

This is as far as my knowledge goes... What I don't get: why is traffic handled by the router over wl0 not being filtered yet on eth0 everything works as it's supposed to, when on the client (laptop) side both interface are configured exactly the same (automatically)? I can't imagine dnscrypt being the culprit, as I have always had it installed, together with AB and Skynet and had no issues. @thelonelycoder, do you have any more suggestions or tips to point me in the right direction? I had the same distro running on my main laptop, which is out for repair currently, which worked flawless, both on John's new beta fork and on @RMerlin's 380.66 if I recall correctly.

 

[Jack Yaz]

I tried two other distros, the last being Linux Mint 18.2 (amd64) which I've used for a long time, without any issues whatsoever.

I hashed out dns=dnsmasq in NetworkManager.conf on the laptop. Systemd-resolved appears to do resolving. After restarting network-manager and network services, I removed dnsscrypt on the router and rebooted the router and the laptop. /etc/resolv.conf was now automatically populated with 192.168.1.1 (router) instead of 127.0.1.1 (local dns at the laptop). At first I thought it was successful. Until I disconnected the ethernet cable and refreshed the page. Boom, ads are back.

When connected through WiFi:

marco@vaio ~ $ dig www.googleadservices.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.googleadservices.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 657
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.googleadservices.com.    IN    A

;; ANSWER SECTION:
www.googleadservices.com. 300    IN    CNAME    pagead.l.doubleclick.net.
pagead.l.doubleclick.net. 165    IN    A    172.217.17.98

;; Query time: 301 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Aug 26 22:48:33 CEST 2017
;; MSG SIZE  rcvd: 107

When connected trough ethernet

marco@vaio ~ $ dig www.googleadservices.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.googleadservices.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44148
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.googleadservices.com.    IN    A

;; ANSWER SECTION:
www.googleadservices.com. 0    IN    A    192.168.1.2

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Aug 26 22:51:05 CEST 2017
;; MSG SIZE  rcvd: 69

So for some reason, wired connections work as expected, ads are being blocked by AB-Solution, hosts are being redirected to pixelserv-TLS. WiFi does resolve through the router, but ads aren't blocked. Both connections in linux are on DHCP (auto), nothing pre-filled. Even deleted both connections and had the system recreate them after reconnecting wired as well as wireless, but to no avail.

This is as far as my knowledge goes... What I don't get: why is traffic handled by the router over wl0 not being filtered yet on eth0 everything works as it's supposed to, when on the client (laptop) side both interface are configured exactly the same (automatically)? I can't imagine dnscrypt being the culprit, as I have always had it installed, together with AB and Skynet and had no issues. @thelonelycoder, do you have any more suggestions or tips to point me in the right direction? I had the same distro running on my main laptop, which is out for repair currently, which worked flawless, both on John's new beta fork and on @RMerlin's 380.66 if I recall correctly.

Might be asking the obvious, but you don't have dns filtering enabled do you?

 

[Xentrk]

I am curious why I am seeing this ad on beta.speedtest.net

Inspecting the element shows the source:

I added www.media.net is in the blacklist blocking file.

192.168.3.2 is my pixelserv IP address.

log file entries:

Aug 27 08:36:50 dnsmasq[4884]: query[A] contextual.media.net from 192.168.3.152
Aug 27 08:36:50 dnsmasq[4884]: /tmp/mnt/absolution/adblocking/blocking_file contextual.media.net is 192.168.3.2
Aug 27 08:36:54 dnsmasq[4884]: query[A] www.media.net from 192.168.3.152
Aug 27 08:36:54 dnsmasq[4884]: /tmp/mnt/absolution/adblocking/blocking_file www.media.net is 192.168.3.2
Aug 27 08:36:54 dnsmasq[4884]: query[A] www.media.net from 192.168.3.152
Aug 27 08:36:54 dnsmasq[4884]: /tmp/mnt/absolution/adblocking/blocking_file www.media.net is 192.168.3.2
Aug 27 08:36:54 dnsmasq[4884]: query[A] www.media.net from 192.168.3.152
Aug 27 08:36:54 dnsmasq[4884]: /tmp/mnt/absolution/adblocking/blocking_file www.media.net is 192.168.3.2
Aug 27 08:36:54 dnsmasq[4884]: query[AAAA] www.media.net from 192.168.3.152
Aug 27 08:36:54 dnsmasq[4884]: forwarded www.media.net to 104.223.91.194

 

[MarCoMLXXV]

Might be asking the obvious, but you don't have dns filtering enabled do you?

Actually, I have. Does that bypass AB-Solutions functionality? I have had this question (not directly related to AB-Solution, but to dnscrypt in this case) for a long time over at the dnscrypt installer thread, but unfortunately it remains unanswered. Does dns filtering by Trend Micro bypass the additionally installed functionality (AB-Solution, Skynet, DNSCrypt) for wireless clients? If so, why doesn't it apply to (wireless) all clients? I'll give it try as soon as my eyes stay open voluntarily (got a great autistic kid, who's still (after nearly ten years) convinced, 5:20 AM is a perfect time to week up the whole house...)

 

[MarCoMLXXV]

Okay, after disabling DNS-filtering, it appears AB-Solutions magic works on the wireless clients as well, to be more specific, the clients which were previously specified to used OpenDNS Family (instead of OpenDNS Home, which is set in DNSCrypt as well as on the WAN Settings page > DNS servers. Will reinstall without any modifications, to see if I'm able to get it working Out of the Box, like @thelonelycoder managed yesterday.

Are there any other AIProtection services I should disable?

 

[MarCoMLXXV]

@Jack Yaz, thanks so much for asking the obvious Just did a clean install of Ubuntu Gnome 17.04 and with no modifications at all, and DNS filtering on the router disabled, it works like charm. No ads whatsoever, regardless whether I'm connected wired or wirelessly. Clients on the local network are resolved as well.

Still curious though whether the other functionality of AIProtection can safely be used (this seems to work now, but I'm not sure whether having Network Protection and Parental Controls can cause other trouble. If anyone feels like it (wrong thread, I know, but maybe I'll get an answer here or in the original post if you prefer), please let me know whether when running @bigeyes0x0 installer for DNSCRYPT (which doesn't seem to cause the issues I encountered previously), and answering 'Yes' when asked whether you want all the network traffic routed through DNSCRYPT, will actually go through DNSSCRYPT with AB-Solution, Skynet installed and TM's Network Protection and Parental Controls enabled. Or will it bypass, like when having DNS filtering enabled?

Your input is highly appreciated.

 

[Jack Yaz]

@Jack Yaz, thanks so much for asking the obvious Just did a clean install of Ubuntu Gnome 17.04 and with no modifications at all, and DNS filtering on the router disabled, it works like charm. No ads whatsoever, regardless whether I'm connected wired or wirelessly. Clients on the local network are resolved as well.

Still curious though whether the other functionality of AIProtection can safely be used (this seems to work now, but I'm not sure whether having Network Protection and Parental Controls can cause other trouble. If anyone feels like it (wrong thread, I know, but maybe I'll get an answer here or in the original post if you prefer), please let me know whether when running @bigeyes0x0 installer for DNSCRYPT (which doesn't seem to cause the issues I encountered previously), and answering 'Yes' when asked whether you want all the network traffic routed through DNSCRYPT, will actually go through DNSSCRYPT with AB-Solution, Skynet installed and TM's Network Protection and Parental Controls enabled. Or will it bypass, like when having DNS filtering enabled?

Your input is highly appreciated.

Yeah DNS filtering bypasses AB-Solution, which is why I haven't got AB-Solution, much as I'd like to. This is because I'd want desktops to be ad-free but not play havoc with cashback tracking (uBlock extension is easier for the family to toggle on/off), while still retaining dnscrypt. My understanding is that if I excluded the desktops via filtering to use non-ABS with upstream DNS, they wouldn't be able to benefit from dnscrypt.

I use all AIProtection in addition to Skynet, no problems whatsoever.

The "route all via dnscrypt" I believe adds an iptables rule to the router so that all queries for port 53 are forced to the router. This means that even if a client sets say, 8.8.8.8, when the client queries for DNS (on port 53), the query will instead be handled via the router. So this should help enforce the use of AB-Solution.

Which features of Parental Control, in particular?

Happy to be corrected on any of that though!

 

[Jack Yaz]

Actually, I have. Does that bypass AB-Solutions functionality? I have had this question (not directly related to AB-Solution, but to dnscrypt in this case) for a long time over at the dnscrypt installer thread, but unfortunately it remains unanswered. Does dns filtering by Trend Micro bypass the additionally installed functionality (AB-Solution, Skynet, DNSCrypt) for wireless clients? If so, why doesn't it apply to (wireless) all clients? I'll give it try as soon as my eyes stay open voluntarily (got a great autistic kid, who's still (after nearly ten years) convinced, 5:20 AM is a perfect time to week up the whole house...)

I have my own kid, though it's a German Shepherd cross Husky puppy. 5am is toilet time!

 

[Rhialto]

For AB to work, all clients, however routed, need to resolve their DNS through the local DNS server Dnsmasq.
If you have Clients that resolve the DNS through an upstream Server then it will not work. Make sure clients are not set to use an upstream server but the routers IP address.

So if I have Custom DNS 1 set to 208.67.222.123 to filter malicious/adult websites then AB would not work? Haven't tried it, just started reading about AB.

edit: oh I see you are working on a major new release, maybe I should wait. I was looking at your solution because I recently bought a new router, the RT-AC1990, and blocking ads from the router sounded good but I see there could be some drawbacks too so I will have to read even more. All those past years I was ok with AB+ and now uBO so no need to rush for a new solution, even though it looks interesting at first sight. Will keep an eye on v4 announcements.

 

[visortgw]

So if I have Custom DNS 1 set to 208.67.222.123 to filter malicious/adult websites then AB would not work? Haven't tried it, just started reading about AB.

edit: oh I see you are working on a major new release, maybe I should wait. I was looking at your solution because I recently bought a new router, the RT-AC1990, and blocking ads from the router sounded good but I see there could be some drawbacks too so I will have to read even more. All those past years I was ok with AB+ and now uBO so no need to rush for a new solution, even though it looks interesting at first sight.

You can specify a custom DNS server of choice in the router WAN settings. For your clients, simply point to the router as the DNS server.

 

[MarCoMLXXV]

Yeah DNS filtering bypasses AB-Solution, which is why I haven't got AB-Solution, much as I'd like to.

Oh, I personally would choose AB-Solution over DNS-filtering any time. Just wasn't aware that one ruled out the other.

Which features of Parental Control, in particular?

BTW, I apologize for the late reply, totally forgot. I have serious issues with my short-term memory, just had to take a look a this thread to reproduce what I learned from you. Yes, it's a mess upstairs, I know, but I can't help it.

As for your question regarding the parental controls: I use the Web & Apps filter to deny access to several categories for specified clients (based on their MAC-addresses), which are only the devices my son has access to. As mentioned before, he's autistic and way too curious for his age, and combined with an anxiety disorder, access to certain material needs to be regulated otherwise he's continuously feeding his own fears, with all its consequences. Make no mistake, I do not want to limit his development, but as his brain functions different, I do feel responsible to manage what content he get's to see. And if there's a subject he wants to know more about, we'll investigate together.

Furthermore, I use the Time Scheduling for the iOS devices he uses. If I don't he'll simply wake up somewhere between 3 and 4 AM and starts using them. There are iOS apps like OurPact for that, but the functionality in the router is free and works just as well without installing third party apps. Available apps and content (age-based) are controlled within iOS Parental Controls. For the Windows clients he's using, I'm using Microsoft Family Safety which actually works quite well. He's got a time limit per day within a pre-defined time frame. And I get a nice report mailed weekly how he's spend his time, what search queries he has performed and which apps have been used. That might all sound very strict to some people, but as these measures mainly provide safety and especially clarity, contribute to clear agreements which for an autistic kid means that it gives him peace of mind. All things vague or doubtful are hard to deal with as borders aren't clear. And believe me, I know what I'm talking about, yet my parents never felt the need to investigate. I found out, at my own request, when I was 40.

Every now and then we try to give him some more freedom and see if he can already handle it, if he does, that's great, if he can't, we discuss it and will try again later. He's a happy and healthy child, it's just like other kids, they come without a manual, but in this case, the sh*tload of appendices is missing too...

I have my own kid, though it's a German Shepherd cross Husky puppy. 5am is toilet time!

Ah, that's awesome. That was one of my dreams, but my physical condition is going downwards the hill so rapidly, that we decided earlier this year, that it wouldn't be feasible anymore, as I don't know how much longer I'll be able to walk and a Shepherd has become one of the breeds too strong for me to control. We had two dogs (a Jack Russell x Boerenfox - a Dutch terrier breed for which I couldn't find a translation and a West Highland White Terrier), both unfortunately died unexpectedly way too young last year. The Westie died from acute kidney failure, caused by diabetes, the other Terrier had a previously undiscovered heart issue and died on Christmas from a heart attack, which, despite CPR, costed him his life. The only domain I had to block for them both was http://icanhas.cheezburger.com/, they couldn't care less about the rest of the internet, but it was the only way to get our iPads back.