What's new

Diversion - the Router Ad-Blocker

Asad Ali

Very Senior Member
what is the main difference in the small block file vs the standard, I have tested both and see no difference.
Number of blocked domains. In case you need details check the blocking file maintainers websites mentioned in the selection page.
 
Last edited:

Jumpstarter

Senior Member
Number of blocked domains. In case you need details check the blocking file mainterners websites mentioned in the selection page.
From what I notice the quantity of blocked domains is roughly the same. Size of block files is roughly the same as well and after inspecting the listed maintainers the blocked domains listed are about the same. So I am at the conclusion there is no real difference for the average user.
 

Asad Ali

Very Senior Member
From what I notice the quantity of blocked domains is roughly the same. Size of block files is roughly the same as well and after inspecting the listed maintainers the blocked domains listed are about the same. So I am at the conclusion there is no real difference for the average user.
Most websites use similar ad hosting services so you'll find same entries in all hosts block lists.
 

HairyA00

Senior Member
I am using Diversion Lite because when I use the Diversion Standard installation, some commercial websites do not work (example is Amazon Shopping app on Android). I've searched the forums and haven't found any clear answers on if this is resolvable; I would definitely like to give pixelserv-tls another shot, but not if commercial websites are causing issues. I am intimately familiar with white-listing domains, and have gone down that path to no avail. I'm wondering if the issue is truly one of white-listing? I've tailed the log live, and nothing indicates that any domains are being blocked when the infamous "oops, there's something wrong in our side" message appears. Don't get me wrong, Diversion Lite with some minor tweaks and SkyNet are fantastic; my network is amazing.

Is anyone aware of a workaround? Searching the forums leads to dead-ends.
Is it simply par for the course that some of the big guys (Amazon, Google, etc) are just going to have issues when running a pixelserv-tls server?

I am relatively new to Diversion, but not new to DNS sinkholing and troubleshooting. Any thoughts? Maybe I am just expecting it to work out of the box and perhaps there is something additional I should be doing (albeit I would prefer to not install certificates across the 30 devices on this network).
 

Mutzli

Very Senior Member
I am using Diversion Lite because when I use the Diversion Standard installation, some commercial websites do not work (example is Amazon Shopping app on Android). I've searched the forums and haven't found any clear answers on if this is resolvable; I would definitely like to give pixelserv-tls another shot, but not if commercial websites are causing issues. I am intimately familiar with white-listing domains, and have gone down that path to no avail. I'm wondering if the issue is truly one of white-listing? I've tailed the log live, and nothing indicates that any domains are being blocked when the infamous "oops, there's something wrong in our side" message appears. Don't get me wrong, Diversion Lite with some minor tweaks and SkyNet are fantastic; my network is amazing.

Is anyone aware of a workaround? Searching the forums leads to dead-ends.
Is it simply par for the course that some of the big guys (Amazon, Google, etc) are just going to have issues when running a pixelserv-tls server?

I am relatively new to Diversion, but not new to DNS sinkholing and troubleshooting. Any thoughts? Maybe I am just expecting it to work out of the box and perhaps there is something additional I should be doing (albeit I would prefer to not install certificates across the 30 devices on this network).
Can you list the sites you whitelisted regarding Amazon's issues under Android?
 

Mutzli

Very Senior Member
I use the following hosted whitelist:
https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt

Do note that Amazon works perfectly fine right now using Diversion Lite. If I enable pixelserv-tls, it will break.
Try adding the following sites to your whitelist:
aax-us-east.amazon-adsystem.com
fls-na.amazon-adsystem.com
images-na.ssl-images-amazon.com
ir-na.amazon-adsystem.com
ir-uk.amazon-adsystem.com
wms-eu.amazon-adsystem.com
wms-na.amazon-adsystem.com
wms-na.assoc-amazon.com
ws-eu.amazon-adsystem.com
ws-na.amazon-adsystem.com
z-na.amazon-adsystem.com
 

Xentrk

Part of the Furniture
when I search for something, in this case content of /jffs/....., I just do " cd /" and go from there
I have the following aliases inside of /jffs/configs/profile.add for commonly accessed directories.

Code:
alias logdir='cd /opt/var/log'
alias js='cd /jffs/scripts'
alias jc='cd /jffs/configs
 

HairyA00

Senior Member
Try adding the following sites to your whitelist:
aax-us-east.amazon-adsystem.com
fls-na.amazon-adsystem.com
images-na.ssl-images-amazon.com
ir-na.amazon-adsystem.com
ir-uk.amazon-adsystem.com
wms-eu.amazon-adsystem.com
wms-na.amazon-adsystem.com
wms-na.assoc-amazon.com
ws-eu.amazon-adsystem.com
ws-na.amazon-adsystem.com
z-na.amazon-adsystem.com
With all those domains white-listed, it seems to work better (meaning that it takes LONGER for the "oops, there's something wrong in our side" message to occur), but it eventually still happens. Any chance that Amazon thinks it is a MITM type of situation and bails out (meaning it's the SSL cert where it's choking)?
 

visortgw

Senior Member
With all those domains white-listed, it seems to work better (meaning that it takes LONGER for the "oops, there's something wrong in our side" message to occur), but it eventually still happens. Any chance that Amazon thinks it is a MITM type of situation and bails out (meaning it's the SSL cert where it's choking)?
There may be one or more additional hosts that need to be added to the whitelist. Follow the Diversion log for blocked hosts to determine which one(s).
 

Therion87

Regular Contributor
There may be one or more additional hosts that need to be added to the whitelist. Follow the Diversion log for blocked hosts to determine which one(s).
It's a pixel-serv issue. I have everything for amazon whitelisted. It breaks the app on Android. It's fine on iOS. PSVue also breaks with pixel-serv enabled. Those two services I have noticed do not like pixelserv intercepting traffic.
 

HairyA00

Senior Member
It's a pixel-serv issue. I have everything for amazon whitelisted. It breaks the app on Android. It's fine on iOS. PSVue also breaks with pixel-serv enabled. Those two services I have noticed do not like pixelserv intercepting traffic.
Yeah, I may just end up leaving it disabled. Diversion Lite will sinkhole any domain on the blocklist, which is exactly what Pi-hole or AdGuard Home are doing, or any other DNS sinkhole. I'm honestly not sure what pixelserv-tls's benefits are, especially when legit services do not work when it's enabled.
 

Kingp1n

Very Senior Member
With all those domains white-listed, it seems to work better (meaning that it takes LONGER for the "oops, there's something wrong in our side" message to occur), but it eventually still happens. Any chance that Amazon thinks it is a MITM type of situation and bails out (meaning it's the SSL cert where it's choking)?
Can you tell me what you're trying to open when you get the "oops" error message? I can try to mirror what you're doing to see if i get the same error message.
 

HairyA00

Senior Member
Can you tell me what you're trying to open when you get the "oops" error message? I can try to mirror what you're doing to see if i get the same error message.
Sure, open the Android Shopping app. Then click on any item (doesn't matter which). Scroll down quickly toward the bottom of the page to read reviews. Eventually the 'oops' message appears (at some point while scrolling down). Using a Nokia 7.1 and a Moto Z3 Play, both running Android Pie.
 
Last edited:

Mutzli

Very Senior Member
Yeah, I may just end up leaving it disabled. Diversion Lite will sinkhole any domain on the blocklist, which is exactly what Pi-hole or AdGuard Home are doing, or any other DNS sinkhole. I'm honestly not sure what pixelserv-tls's benefits are, especially when legit services do not work when it's enabled.
Amazon is using image trackers in their app to see what customers look at and pixelserv probably interferes with their tracking reports. If a tracker sends back an incomplete request it triggers an error on your end. The advantage of pixelserv is that it not only stops an ad from being displayed it also fills the space left by blocked content where possible with a pixel. So you're not left with a browser error message throughout your website for every blocked content.
 

HairyA00

Senior Member
Amazon is using image trackers in their app to see what customers look at and pixelserv probably interferes with their tracking reports. If a tracker sends back an incomplete request it triggers an error on your end. The advantage of pixelserv is that it not only stops an ad from being displayed it also fills the space left by blocked content where possible with a pixel. So you're not left with a browser error message throughout your website for every blocked content.
Gotcha. So for one, it's definitely less ugly than the gigantic grey squares on mobile devices. Basically replaces that content to make things look better. I'd imagine that can actually speed things up to a degree, too?

That being said, are all clients forced to the pixelserv-tls server address? Can some clients forward ads to 0.0.0.0 and others to the pixelserv-tls server? Or is it a one setting deal?
 

chewy74

Occasional Visitor
The sites you mentioned are not showing ads for me, but many file hosting sites are displaying ads. Trakt.tv website is also displaying ads now and it did not before.

Quick question... ads seem to be getting through now...

As troubleshooting steps, I just ran the update and re-downloaded all the blocking lists in the GUI. If I Follow the dnsmasq log, it SHOWS lots of domains being blocked, but going to sportingnews or foxnews or wunderground (etc.) all bring up plenty of ads... so I dunno what it actually IS blocking. I'm used to all of them being ad-free.

Also double-checked that my computer is using the router for DNS...

Suggestions?
 

L&LD

Part of the Furniture
Could someone please check https://trakt.tv/shows/trending

And see if ads are being blocked. I will try a fresh install if it's just happening to me. I already tried flushing my browser dns cache with no luck.

Thanks
No issues with my RT-AC86U with amtm and many scripts on RMerlin 384.13 Beta 1 and DoT (Quad9)/DNSSEC enabled too. :)
 

cmkelley

Very Senior Member
Could someone please check https://trakt.tv/shows/trending

And see if ads are being blocked. I will try a fresh install if it's just happening to me. I already tried flushing my browser dns cache with no luck.

Thanks
I'm getting ads. If they're served by the website itself, they (likely) can't be blocked. Given that they have the "VIP" thing, I'd imagine they are serving the adds themselves.
upload_2019-7-26_10-27-42.png
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top