Diversion Diversion - the Router Ad-Blocker

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

thelonelycoder

Part of the Furniture

doublehd

Occasional Visitor

Butterfly Bones

Very Senior Member
Anyone seen this yet? Two domain requests, one which gets around the sinkhole? Is this an iOS 14 thing? Screenshot is from uiDivStats.

View attachment 26326


Edit: Yep, it sure is. I wonder if I can disable it: https://support.umbrella.com/hc/en-...DNS-Resolver-Selection-in-iOS-14-and-macOS-11
I wonder if it is the random mac address issue? Can you see the mac for those two entries? Are they the same? You might try this.
 

HairyA00

Senior Member
I wonder if it is the random mac address issue? Can you see the mac for those two entries? Are they the same? You might try this.
Yeah, that's what it seems like. My iOS14 devices generate a new MAC address for each WiFi network it joins. But not sure I want to turn it off; it only generates a new MAC address once for each unique network. What's more disconcerting is that this new DNS type=65 is getting around Diversion (at least according to uiDivStats) and Apple doesn't seem to provide a way (like Firefox does) to prevent client Auto DoH. Won't this be a nightmare for network admins in schools and such?

Can also confirm that the router setting does not prevent it, again likely because Apple just ignores it or didn't provide a way to disable it at the network level?
@RMerlin @thelonelycoder @Jack Yaz

Screen Shot 2020-09-18 at 10.20.18 AM.png


Edit: I turned it off for my home network... just another thing to remember now when joining other networks...
 
Last edited:

Jack Yaz

Part of the Furniture
Yeah, that's what it seems like. My iOS14 devices generate a new MAC address for each WiFi network it joins. But not sure I want to turn it off; it only generates a new MAC address once for each unique network. What's more disconcerting is that this new DNS type=65 is getting around Diversion (at least according to uiDivStats) and Apple doesn't seem to provide a way (like Firefox does) to prevent client Auto DoH. Won't this be a nightmare for network admins in schools and such?

Can also confirm that the router setting does not prevent it, again likely because Apple just ignores it or didn't provide a way to disable it at the network level?
@RMerlin @thelonelycoder @Jack Yaz

View attachment 26330

Edit: I turned it off for my home network... just another thing to remember now when joining other networks...
i'd be interested to see a snippet of the dnsmasq.log file to make sure its not just a parsing error on my part
 

Megahurtz

Occasional Visitor
Anyone seen this yet? Two domain requests, one which gets around the sinkhole? Is this an iOS 14 thing? Screenshot is from uiDivStats.

View attachment 26326


Edit: Yep, it sure is. I wonder if I can disable it: https://support.umbrella.com/hc/en-...DNS-Resolver-Selection-in-iOS-14-and-macOS-11
I'm getting the exact same thing on my iPad now that it updated to the final GM version of iOS 14. Beta versions were fine. I was seeing tons of ads in Apple News yesterday which made me question if Diversion was even running. My logs look the same, two identical requests at the same time, one class A blocked, and the other with type=65 showing as allowed.

Here is what I see in dnqmasq.log for an iAd query:
Sep 18 19:29:42 dnsmasq[20954]: query[type=65] iadsdk.apple.com from 192.168.1.133
Sep 18 19:29:42 dnsmasq[20954]: forwarded iadsdk.apple.com to 75.75.75.75
Sep 18 19:29:42 dnsmasq[20954]: query[A] iadsdk.apple.com from 192.168.1.133
Sep 18 19:29:42 dnsmasq[20954]: /opt/share/diversion/list/blockinglist iadsdk.apple.com is 192.168.1.2
I've also noticed a giant increase in iOS youtube app ads over the last two-three weeks on my iPad. I shrugged and figured it was just new domains being used (I have over 400 counted in my youtube blocker), but I do recall looking and noticing that I wasn't getting new youtube host found messages in my system log on a consistent basis when I was being served ads. Sometimes I'd get a log entry, other times I'd see youtube app ads and have no entry for a new host. I didn't think much of it at the time and shrugged it off...
 
Last edited:

repeater

Occasional Visitor
Browser and platform shouldn't make any difference - the blocking is done at the router. Works fine on the Macs (and PCs) on my home network.
Its the CA cert I can't get. Just tried it on my PI4 with chromium and no joy. I also tried the reinstall option. still less joy. Any tips would be appreciated. Http:// was missing. hey you can't fix stupid.

Thanks fellas!
 
Last edited:

repeater

Occasional Visitor
OK so importing the CRT to safari is not so easy. It was easy with Firefox, but of corse the apples makes everything hard. Working on it. Diversion works great on Firefox. The problem with Mac and Firefox is I can't easily zoom in. Sorry just learning the basics of this stuff. Funny thing is before Merlin I used PFsense. you'd figure I'd know this stuff.


So far not anyway as good as the PiHole. Do I need to do something to add lists? I mean no disrespect the developer. I'm just stating experience. I truly love this stuff.
 
Last edited:

TheLyppardMan

Very Senior Member
I've decided to try the youtube adblocking (beta) feature. Can you tell me what this means in the log?
View attachment 26342
Thanks.
Following on from this (and which I am still wondering about), does it make any difference if I select "Skip Ad" or do I need to let the advert(s) run to the end to help Diversion gather the information it needs? Also, roughly how many youtube videos might I need to watch before I start to see fewer ads and will someone else watching youtube videos on the network contribute to what Diversion needs to be effective at blocking ads or will it only work from the network devices used to switch on this feature (I suspect the former, but I just want to be sure)?
 

thelonelycoder

Part of the Furniture
Following on from this (and which I am still wondering about), does it make any difference if I select "Skip Ad" or do I need to let the advert(s) run to the end to help Diversion gather the information it needs? Also, roughly how many youtube videos might I need to watch before I start to see fewer ads and will someone else watching youtube videos on the network contribute to what Diversion needs to be effective at blocking ads or will it only work from the network devices used to switch on this feature (I suspect the former, but I just want to be sure)?
This experimental feature is an attempt to reduce YouTube video ads. The success rate that it prevents ads from playing is relatively low but can be at times very high or frustratingly ineffective.

After setup, all devices running through the router help adding to the forced IP redirect list which typically grows to a unique domain count of about 200-400 over time. The Skip Ad button, if shown, can safely be clicked, the request for the domain has at this time already passed through the router and will be picked up at the next count point (counter at x of xx) and added if not previously seen to the redirect list.

I believe some changes I made in the local development code may have increased the success rate, pending further testing and tweaking. Cross fingers and keep your hopes low...
 

kmschwem

New Around Here
Just installed Diversion and experimental YouTube ad blocking. It works well on YouTube viewed with a web browser but it doesn’t seem to have an effect on the YouTube app for iOS or appletv. Is this a known limitation? Anything I can configure to make it work? Thanks for the Diversion project!
 

Megahurtz

Occasional Visitor
Just installed Diversion and experimental YouTube ad blocking. It works well on YouTube viewed with a web browser but it doesn’t seem to have an effect on the YouTube app for iOS or appletv. Is this a known limitation? Anything I can configure to make it work? Thanks for the Diversion project!
If you’ve updated to iOS 14, Apple is allowing developers to use dns over https (type=65). These requests are currently not being caught by Diversion, even if they point to a blacklisted domain. The iOS YouTube app has been updated recently and appears to be doing this based on what I’m seeing in my logs. The tvOS version hasn’t been updated in months and I think Diversion should still be able to filter it. I haven’t tried YouTube on my Apple TV recently though so I’m not 100% sure.
 

kmschwem

New Around Here
That’s interesting about iOS 14. I checked with my iPad that still has iOS 13 and the ads get through on the YouTube app there too. I’ve been interested in the app for YouTube on the Apple TV. I usually run an adblocker in my browser and never seen them. They’re out of control without blocking. I can just AirPlay and avoid the app. I’m considering premium though because I actually do watch several YouTube vids a day.
 

weslsew

Occasional Visitor
I see where it goes wrong for you during the blocking list(s) update. The empty hosts list file is the reason why.
Give me a good reason why the hostslist file deliberately is empty and I might consider a workaround for that rather unusual setup.
In any case, adding a direct raw link to a legitimate hosts or domain list that contains a minimum of 200 unique entries will fix this for you.
Gotcha - yeah I just realized that the issue was occurring the morning after it was set to update the blocklists.

The reasoning for this setup was to have certain devices on my network that still used my router for DNS (to take advantage o DNSSEC and DNS over TLS) but not have any ad-blocking. Is it fine to just point those devices to 1.1.1.1 using the dns filter feature? (or is that a risk because I lose DNS over TLS?)
 

MrReis

New Around Here
With Diversion, is it possible it unblock (allow) ads for specific websites? I don't mean unblock the ads being served by an ad server to our home network. I mean allow all the ads being served by multiple ad servers to be displayed (unblocked) for a specific website that is being viewed on a network client, but still block adds for all the other websites viewed on the network client. For example, my wife would like to view ads displayed on her favorite fashion websites, but continue to not view ads on all the other web sites she visits. I don't see how to do that and I couldn't find that discussed in this forum.

Thanks.
 

dave14305

Part of the Furniture
With Diversion, is it possible it unblock (allow) ads for specific websites? I don't mean unblock the ads being served by an ad server to our home network. I mean allow all the ads being served by multiple ad servers to be displayed (unblocked) for a specific website that is being viewed on a network client, but still block adds for all the other websites viewed on the network client. For example, my wife would like to view ads displayed on her favorite fashion websites, but continue to not view ads on all the other web sites she visits. I don't see how to do that and I couldn't find that discussed in this forum.

Thanks.
No, the point of a DNS-based ad-block is to block the ad domains across ALL sites for all devices on your network. To whitelist ads for only one site, you need to be using a browser-based adblocker instead. A DNS-based solution won’t know if a request for www.doubleclick.net is related to www.fashionsite.com or not. It just knows it has to block any request for www.doubleclick.net.

This is one of the issues trying to whitelist ad domains to support SNBForums.com — the domains that need to be whitelisted here are the same prolific ones that show us ads everywhere else.
 

Stardust

Regular Contributor
How to make sure it works, both regarding WAN settings with no VPN and with (Nord)VPN? Settings?

Regards
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top