Diversion Diversion - the Router Ad-Blocker v4.2.x (see new thread for 4.3.x)

[thelonelycoder]

@thelonelycoder
Would you be so kind and add the feature "wildcard-whitelist" to the next update?
Is "wildcard-whitelist" even possible in Diversion?
Thanks!

That's generally possible, let me see what I can do. I'd have to see how that works with Skynet as we share the whitelists.

 

[SomeWhereOverTheRainBow]

2 GB is plenty for Skynet, Diversion and most other apps combined. Then, there’s Unbound that some users report uses more than that for some specific operations. Don’t ask, I don’t remember the specifics. I added the 5 and 10GB size option upon request.
Go with 2 GB, it will be sufficient for 97,5% of the use cases.

2GB is best max size. If anyone is swapping past this point, I am surprise your router is still functional (1.5GBish is the furthest I have ever gone....).

 

[foug]

I have Diversion installed and it shows it's "ad-blocking to IP 192.168.1.2". Should that address show up in my network map in the asus-merlin GUI? What is that address that's it's ad-blocking to and how does it apply to all devices on my network? Thanks

 

[Treadler]

I have Diversion installed and it shows it's "ad-blocking to IP 192.168.1.2". Should that address show up in my network map in the asus-merlin GUI? What is that address that's it's ad-blocking to and how does it apply to all devices on my network? Thanks

Welcome to the forum.

It just means you have Pixelserv-tls working with Diversion. (It has its own ad blocking IP).
You're good to go…….

 

[foug]

Can I whitelist a MAC address in Diversion? Such as my Nest thermostat

 

[chongnt]

Can I whitelist a MAC address in Diversion? Such as my Nest thermostat

You may refer this on how to exclude devices from adblock

Exclude devices from ad-blocking - Diversion

diversion.ch

 

[jksmurf]

Some browser extensions, such as uBlock Origin can block out the Google ads that appear at the top of some search results, rather than just prevent pages from links in such adverts opening. Is it possible to configure Diversion to do the same, so that the links and associated descriptions are not even visible in the search results? Just to be clear, I'm talking about things like this...
View attachment 38969

I have a sort of reverse question to this (and my apologies if I missed it, I looked as much as I could). I had Diversion running for a year or two and while my wife enjoyed not having the various flicking banner, side and bottom ads (that normally appear as pictures), she didn't like NOT being able to click links (as above) in Google Searches.

Is there a switch or toggle or other setting which would block everything BUT those links in Google searches?

ta

k.

 

[chongnt]

I have a sort of reverse question to this (and my apologies if I missed it, I looked as much as I could). I had Diversion running for a year or two and while my wife enjoyed not having the various flicking banner, side and bottom ads (that normally appear as pictures), she didn't like NOT being able to click links (as above) in Google Searches.

Is there a switch or toggle or other setting which would block everything BUT those links in Google searches?

ta

k.

Perhaps can try whitelist googleadservices.com and see if this helps.

 

[roscoe211]

I use YazFi for my guest networks. They are on separate vlans on their own subnets (e.g. 192.168.5.x), but I still have them use the router (192.168.1.1) for DNS and adblocking.

Diversion will not let me add these devices to the "exclude devices" list or follow them in the dnsmasq.log. "input is not an option"


Any way to workaround or support this use case?

 

[jksmurf]

Perhaps can try whitelist googleadservices.com and see if this helps.

Thank you chongnt, I have tried this but when I go to Google and enter something that always has ads first in the list and click it, it goes to some googleadservices.com address and does not do anything. Any other suggestions (from anyone) please?

Thanks
k.

 

[chongnt]

Thank you chongnt, I have tried this but when I go to Google and enter something that always has ads first in the list and click it, it goes to some googleadservices.com address and does not do anything. Any other suggestions (from anyone) please?

Thanks
k.

Seems like that alone is not enough. The best way is to run diversion, follow dnsmasq messages and then click the ads and see what is blocked. Then try to whitelist the relevant domain and re test again. I saw few other domains like “adservice.google.com, static.doubleclick.net, googleads.g.doubleclick.net”. You may try if you need to whitelist all these as well.

 

[jksmurf]

Seems like that alone is not enough. The best way is to run diversion, follow dnsmasq messages and then click the ads and see what is blocked. Then try to whitelist the relevant domain and re test again. I saw few other domains like “adservice.google.com, static.doubleclick.net, googleads.g.doubleclick.net”. You may try if you need to whitelist all these as well.

Thanks I think I had some success following this, essentially processing the added whitelist entry a couple of different ways. http://www.snbforums.com/threads/diversion-whitelist-exemptions-for-google.60503/

will also consider the other domains.

thanks!
k

 

[Chewie420]

Having a lot of issues with still getting ads. I have diversion installed but I still see ads when testing here https://ads-blocker.com/google-chrome/ and on youtube.

I am connected to VPN and have my DNS Filter set to Router and Internet settings to automatically connect to DNS. My DNS entires are blank under DHCP - DNS and WINS Server Settings but I am able to browse.

Did I do something wrong?

 

[unknownz]

For some reason, I am not able to use Large block list i.e. hosts.oisd.nl. Did a monitor of dnsmasq.log when switching to Large block list and it seems to stop processing DNS request after the list update is completed

Mar 14 18:21:47 dnsmasq[32569]: query[A] dns.msftncsi.com from 127.0.0.1
Mar 14 18:21:47 dnsmasq[32569]: forwarded dns.msftncsi.com to 127.0.1.1
Mar 14 18:21:47 dnsmasq[32569]: query[AAAA] dns.msftncsi.com from 127.0.0.1
Mar 14 18:21:47 dnsmasq[32569]: cached dns.msftncsi.com is fd3e:4f5a:5b81::1
Mar 14 18:21:47 dnsmasq[32569]: validation result is INSECURE
Mar 14 18:21:47 dnsmasq[32569]: reply dns.msftncsi.com is 131.107.255.255
Mar 14 18:21:51 dnsmasq[32569]: read //etc//hosts - 42 addresses

If I were to switch to another list e.g. Medium, processing of the DNS request resumes after the the list update is completed

Mar 14 18:32:44 dnsmasq[8813]: read //etc//hosts - 42 addresses                                                                                                            
Mar 14 18:32:44 dnsmasq[8813]: using nameserver 127.0.1.1#53                                                                                                              
Mar 14 18:32:44 dnsmasq[8813]: using only locally-known addresses for domain lan.kylim.net                                                                                
Mar 14 18:32:55 dnsmasq[8813]: query[NS] . from 192.168.1.13                                                                                                              
Mar 14 18:32:55 dnsmasq[8813]: forwarded . to 127.0.1.1                                                                                                                  
Mar 14 18:33:04 dnsmasq[8813]: query[A] dns.msftncsi.com from 127.0.0.1                                                                                                  
Mar 14 18:33:04 dnsmasq[8813]: forwarded dns.msftncsi.com to 127.0.1.1

Any suggestion on how to further troubleshoot or what could be the cause?
Not running any 3rd-party resolver e.g. Unbound; only using the built-in Stubby resolver with DoT that comes with Merlin FW
TIA

 

[Treadler]

For some reason, I am not able to use Large block list i.e. hosts.oisd.nl. Did a monitor of dnsmasq.log when switching to Large block list and it seems to stop processing DNS request after the list update is completed

Mar 14 18:21:47 dnsmasq[32569]: query[A] dns.msftncsi.com from 127.0.0.1
Mar 14 18:21:47 dnsmasq[32569]: forwarded dns.msftncsi.com to 127.0.1.1
Mar 14 18:21:47 dnsmasq[32569]: query[AAAA] dns.msftncsi.com from 127.0.0.1
Mar 14 18:21:47 dnsmasq[32569]: cached dns.msftncsi.com is fd3e:4f5a:5b81::1
Mar 14 18:21:47 dnsmasq[32569]: validation result is INSECURE
Mar 14 18:21:47 dnsmasq[32569]: reply dns.msftncsi.com is 131.107.255.255
Mar 14 18:21:51 dnsmasq[32569]: read //etc//hosts - 42 addresses

If I were to switch to another list e.g. Medium, processing of the DNS request resumes after the the list update is completed

Mar 14 18:32:44 dnsmasq[8813]: read //etc//hosts - 42 addresses                                                                                                          
Mar 14 18:32:44 dnsmasq[8813]: using nameserver 127.0.1.1#53                                                                                                            
Mar 14 18:32:44 dnsmasq[8813]: using only locally-known addresses for domain lan.kylim.net                                                                              
Mar 14 18:32:55 dnsmasq[8813]: query[NS] . from 192.168.1.13                                                                                                            
Mar 14 18:32:55 dnsmasq[8813]: forwarded . to 127.0.1.1                                                                                                                
Mar 14 18:33:04 dnsmasq[8813]: query[A] dns.msftncsi.com from 127.0.0.1                                                                                                
Mar 14 18:33:04 dnsmasq[8813]: forwarded dns.msftncsi.com to 127.0.1.1

Any suggestion on how to further troubleshoot or what could be the cause?
Not running any 3rd-party resolver e.g. Unbound; only using the built-in Stubby resolver with DoT that comes with Merlin FW
TIA

I ‘think’ the Oisd list has massively increased in size recently. (By some 400,000 entries?)
I could be wrong & maybe the problem lies elsewhere.
So what may have been handled ok by the router previously, is now too much?

 

[dave14305]

Slightly off-topic, but does anyone ever analyze how many actual unique domains get blocked on their networks over a typical week of internet usage? Are any of the extra domains in the oisd list actually registering any hits, compared to the standard list? Is there a real benefit to the extra resources? I'm wondering if users would benefit from a "learning" ad-blocker that whittles the list of domains over time as usage patterns emerge, such as from Diversion's weekly stats. Count all the unique domains and offer to customize the block list, for example.

 

[Treadler]

Slightly off-topic, but does anyone ever analyze how many actual unique domains get blocked on their networks over a typical week of internet usage? Are any of the extra domains in the oisd list actually registering any hits, compared to the standard list? Is there a real benefit to the extra resources? I'm wondering if users would benefit from a "learning" ad-blocker that whittles the list of domains over time as usage patterns emerge, such as from Diversion's weekly stats. Count all the unique domains and offer to customize the block list, for example.

The Oisd list, nothing ‘extra’ blocked seems to leap out at me here, but it’s not like I’m profoundly analysing what’s going on. I glance at uidivstats from time to time.

IMHO, for me Oisd is a large use of router resources for no apparent benefit over the other (smaller) lists I already use.

The idea of an adaptive list is an interesting concept. It might reduce the load on router resources?

Having whittled the ‘on router‘ list, how might a newly seen domain be re-added though?
Or, not at all?
Perhaps each list update (bi weekly?) starts the list @ full size, & it shrinks with use once more till next update day?

Interesting……..

 

[dave14305]

Having whittled the ‘on router‘ list, how might a newly seen domain be re-added though?
Or, not at all?
Perhaps each list update (bi weekly?) starts the list @ full size, & it shrinks with use once more till next update day?

Keep the original downloaded list on the router. When updating, compare the new list to the old list for additions, and add them to the user’s curated list. If they aren’t used in the next 7 days, remove them.

For “removed” entries, a daily or weekly job could mine the dnsmasq logs for unblocked entries and see if any appear on the latest downloaded list.

It might not be a great idea for everyone, but just food for thought.

 

[Icelvlan]

Hello,

Any privacy issues with Diversion or amtm? Is there any type of external logging? I'm assuming everything is kept local on the router itself. Is it possible to have a device completely bypass the adblocking? Are there predefined lists that can be uploaded? Do devices still use encrypted DNS if configured on the router such as google or whatever they are pointed to via DHCP?

 

[Treadler]

Hello,

Any privacy issues with Diversion or amtm? Is there any type of external logging? I'm assuming everything is kept local on the router itself. Is it possible to have a device completely bypass the adblocking? Are there predefined lists that can be uploaded? Do devices still use encrypted DNS if configured on the router such as google or whatever they are pointed to via DHCP?

Amtm is built into Merlin.
Most/all of your other concerns are covered here.

Diversion - the Router Ad-Blocker - Diversion

diversion.ch