Diversion Diversion 5.4.6 - the Router Ad-Blocker, July 27, 2025

[Mogsy]

I had to remove these domains from the block list, because they were messing with streaming on Apple TV app.

mask.icloud.com
mask-h2.icloud.com
mask-canary.icloud.com

It will be mask-canary.icloud.com that causing it. I have both mask and mask-h2 blocked, no problem with Apple TV streaming

 

[Rhialto]

I had to remove these domains from the block list, because they were messing with streaming on Apple TV app.

What kind? I just added those blindly to my block list thinking it may help with ads on AppleTV. We watch some YT videos with it and stream movies with Infuse from a NAS running Jellyfin. I haven't tested since I added those 3 domains.

 

[KGB7]

What kind? I just added those blindly to my block list thinking it may help with ads on AppleTV. We watch some YT videos with it and stream movies with Infuse from a NAS running Jellyfin. I haven't tested since I added those 3 domains.

This is only for Apple TV app on Apple TV device. Other apps on Apple TV device work fine. The issue that I was having, is that a video would randomly stop streaming several times and automatically resume.

I haven't tested Apple TV app on MacBook or on iPhone.

 

[KGB7]

It will be mask-canary.icloud.com that causing it. I have both mask and mask-h2 blocked, no problem with Apple TV streaming

I honestly see no reason to block those domains since I primarily use Apple devices.

 

[visortgw]

I honestly see no reason to block those domains since I primarily use Apple devices.

Blocking these domains also apparently adversely affects iOS 18.2 (possibly other versions as well) devices from checking and downloading e-mail using Apple's Mail app.

 

[Ellenswamy]

Not sure if this was asked, is there a way to disable by iOS shortcut for a certain amount of time and re-enable?

 

[thelonelycoder]

Not sure if this was asked, is there a way to disable by iOS shortcut for a certain amount of time and re-enable?

That may come with a next release.

 

[Treadler]

Blocking these domains also apparently adversely affects iOS 18.2 (possibly other versions as well) devices from checking and downloading e-mail using Apple's Mail app.

You bewdy!

Fixed my Apple Mail problem. Looking at you Controld dns……..

EDIT: Adguard DNS was the fix for me.
EDIT 2: Ignore the above, Apple Mail app still giving me grief.

 

[thelonelycoder]

I had to remove these domains from the block list, because they were messing with streaming on Apple TV app.

mask.icloud.com
mask-h2.icloud.com
mask-canary.icloud.com

An observation to consider.
When /WAN/Prevent client auto DoH is set to Yes or Auto on the router, the following directives are set in dnsmasq.conf:

address=/use-application-dns.net/
address=/_dns.resolver.arpa/
address=/mask.icloud.com/mask-h2.icloud.com/

This blocks these two *.icloud.com domains from resolving.

So, with this set and I then add mask.icloud.com and mask-h2.icloud.com to the allowlist in Diversion they then resolve correctly to their IP Address even though dnsmasq.conf still has them blocked. This may be the magic of Diversion but it makes no sense to me. Technically they should still be blocked.

 

[Treadler]

An observation to consider.
When /WAN/Prevent client auto DoH is set to Yes or Auto on the router, the following directives are set in dnsmasq.conf:

address=/use-application-dns.net/
address=/_dns.resolver.arpa/
address=/mask.icloud.com/mask-h2.icloud.com/

This blocks these two *.icloud.com domains from resolving.

So, with this set and I then add mask.icloud.com and mask-h2.icloud.com to the allowlist in Diversion they then resolve correctly to their IP Address even though dnsmasq.conf still has them blocked. This may be the magic of Diversion but it makes no sense to me. Technically they should still be blocked.

All Apple here. I long ago set the auto DoH = no. Everything just seemed a little more snappy.

 

[thelonelycoder]

All Apple here. I long ago set the auto DoH = no. Everything just seemed a little more snappy.

Setting it to No allows iOS devices and some Browsers to use their own hard-coded IP and thus circumnavigating Diversion. This is what I want to prevent.

 

[Mogsy]

All Apple here. I long ago set the auto DoH = no. Everything just seemed a little more snappy.

I think Apple have their own load balancing dns or DNS discovery to make everything works ok. I have multiple guests network, and I use Adguard for iOS and have set DNS server to System default when I am home, and Nextdns TLS when I am out. Setting Auto DoH to Yes should be no problem for Apple ecosystem. These normally hits when I ran a trial on different guest network if Apple devices having hard time communicating with each other.

lb._dns-sd._udp.6.0.0.192.in-addr.arpa
lb._dns-sd._udp.0.50.168.192.in-addr.arpa

If these appears, I just restart my iPhone and they are gone.

Router IP address 192.168.50.1, I guess 192.0.0.6 hitting lb dns is because I have Adguard running as pseudo VPN.

 

[n2ubp]

What do I have set incorrectly that causes these messages to pop up in my router log?
---
Dec 30 07:50:06 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:50:41 rstats[1856]: Problem loading /mnt/Flash1/tomato_rstats_7c10c903bb70.gz. Still trying...
Dec 30 07:50:54 Diversion: updated Medium blocking list from 1 valid file, 59046 domains are now blocked
Dec 30 07:50:55 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:51:00 crond[4537]: can't change directory to '/dev/null'
Dec 30 07:51:00 crond[4538]: can't change directory to '/dev/null'
Dec 30 07:51:32 Diversion: updated Large blocking list from 1 valid file, 122983 domains are now blocked
Dec 30 07:51:32 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:52:00 crond[6318]: can't change directory to '/dev/null'
Dec 30 07:52:00 crond[6319]: can't change directory to '/dev/null'
Dec 30 07:52:05 Diversion: updated Large blocking list from 1 valid file, 122983 domains are now blocked
Dec 30 07:52:05 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:52:35 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:53:00 crond[7649]: can't change directory to '/dev/null'
Dec 30 07:53:00 crond[7650]: can't change directory to '/dev/null'
Dec 30 07:54:00 crond[7754]: can't change directory to '/dev/null'
Dec 30 07:54:00 crond[7755]: can't change directory to '/dev/null'
Dec 30 07:55:00 crond[7862]: can't change directory to '/dev/null'
Dec 30 07:55:00 crond[7863]: can't change directory to '/dev/null'
Dec 30 07:56:00 crond[7968]: can't change directory to '/dev/null'
Dec 30 07:56:00 crond[7969]: can't change directory to '/dev/null'
Dec 30 07:56:29 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:57:00 crond[10398]: can't change directory to '/dev/null'
Dec 30 07:57:00 crond[10399]: can't change directory to '/dev/null'
Dec 30 07:58:00 crond[10516]: can't change directory to '/dev/null'
Dec 30 07:58:00 crond[10517]: can't change directory to '/dev/null'

 

[thelonelycoder]

What do I have set incorrectly that causes these messages to pop up in my router log?
---
Dec 30 07:50:06 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:50:41 rstats[1856]: Problem loading /mnt/Flash1/tomato_rstats_7c10c903bb70.gz. Still trying...
Dec 30 07:50:54 Diversion: updated Medium blocking list from 1 valid file, 59046 domains are now blocked
Dec 30 07:50:55 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:51:00 crond[4537]: can't change directory to '/dev/null'
Dec 30 07:51:00 crond[4538]: can't change directory to '/dev/null'
Dec 30 07:51:32 Diversion: updated Large blocking list from 1 valid file, 122983 domains are now blocked
Dec 30 07:51:32 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:52:00 crond[6318]: can't change directory to '/dev/null'
Dec 30 07:52:00 crond[6319]: can't change directory to '/dev/null'
Dec 30 07:52:05 Diversion: updated Large blocking list from 1 valid file, 122983 domains are now blocked
Dec 30 07:52:05 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:52:35 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:53:00 crond[7649]: can't change directory to '/dev/null'
Dec 30 07:53:00 crond[7650]: can't change directory to '/dev/null'
Dec 30 07:54:00 crond[7754]: can't change directory to '/dev/null'
Dec 30 07:54:00 crond[7755]: can't change directory to '/dev/null'
Dec 30 07:55:00 crond[7862]: can't change directory to '/dev/null'
Dec 30 07:55:00 crond[7863]: can't change directory to '/dev/null'
Dec 30 07:56:00 crond[7968]: can't change directory to '/dev/null'
Dec 30 07:56:00 crond[7969]: can't change directory to '/dev/null'
Dec 30 07:56:29 Diversion: restarted Dnsmasq to apply settings
Dec 30 07:57:00 crond[10398]: can't change directory to '/dev/null'
Dec 30 07:57:00 crond[10399]: can't change directory to '/dev/null'
Dec 30 07:58:00 crond[10516]: can't change directory to '/dev/null'
Dec 30 07:58:00 crond[10517]: can't change directory to '/dev/null'

Likely this is a incomplete or corrupt file. Force update Diversion using u.

 

[Milan]

When on RT-BE88U and 3006.102.3_beta1 firmware after changing and applying any setting change the page end like this:

Sometimes the deleting cookies helps to see the Diversion page correctly again.
Latest Diversion and amtm installed.

 

[visortgw]

When on RT-BE88U and 3006.102.3_beta1 firmware after changing and applying any setting change the page end like this:

View attachment 63254

Sometimes the deleting cookies helps to see the Diversion page correctly again.
Latest Diversion and amtm installed.

I see the the same with GT-BE98 Pro with Merlin 3006.102.3_beta1. It isn't a huge deal as I typically use the script-based interface (as opposed to web UI).

 

[thelonelycoder]

When on RT-BE88U and 3006.102.3_beta1 firmware after changing and applying any setting change the page end like this:

View attachment 63254

Sometimes the deleting cookies helps to see the Diversion page correctly again.
Latest Diversion and amtm installed.

Refresh the page a couple times, helps on mine. I‘ll wait until final version if it needs an update.

 

[nlurker]

I woke up to find this:

https://big.oisd.nl/dnsmasq2 appears not to be a valid compatible file format, skipping
update of Large blocking list failed completely, no blocking list in use

Is there a reason you can't continue to use the previous blocking list after an error like this,
instead of leaving my network totally unprotected?

 

[Ripshod]

I woke up to find this:

https://big.oisd.nl/dnsmasq2 appears not to be a valid compatible file format, skipping
update of Large blocking list failed completely, no blocking list in use

Is there a reason you can't continue to use the previous blocking list after an error like this,
instead of leaving my network totally unprotected?

Reboot and try a manual update. Sounds like something may be corrupted.

 

[nlurker]

Reboot and try a manual update. Sounds like something may be corrupted.

It was probably a temporary connectivity issue. I simply ran a manual update and that fixed it. I am asking the developer to continue using the existing blocklist rather than leave my network exposed until I notice the problem.