Diversion Diversion - the Router Ad-Blocker

[Devin G.]

Figured out which line in conf file was not allowing me to post. This is in regard to alternate blocking file.

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=ppp1*
no-dhcp-interface=ppp1*
resolv-file=/tmp/resolv.conf
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
dhcp-range=lan,192.168.1.2,192.168.1.252,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,252,"\n"
dhcp-authoritative
read-ethers
## line removed because snbforums whould not let me post. Arrgh!

# start of Diversion directives #
ptr-record=254.1.168.192.in-addr.arpa,192.168.1.254
addn-hosts=/opt/share/diversion/list/blacklist
addn-hosts=/opt/share/diversion/list/blockinglist
log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log
# end of Diversion directives #
---------------------------------------------------
END FILE

 

[thelonelycoder]

Figured out which line in conf file was not allowing me to post. This is in regard to alternate blocking file.

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=ppp1*
no-dhcp-interface=ppp1*
resolv-file=/tmp/resolv.conf
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
dhcp-range=lan,192.168.1.2,192.168.1.252,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,252,"\n"
dhcp-authoritative
read-ethers
## line removed because snbforums whould not let me post. Arrgh!

# start of Diversion directives #
ptr-record=254.1.168.192.in-addr.arpa,192.168.1.254
addn-hosts=/opt/share/diversion/list/blacklist
addn-hosts=/opt/share/diversion/list/blockinglist
log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log
# end of Diversion directives #
---------------------------------------------------
END FILE

This is not the alternate-bf.conf, looks like the regular /etc/dnsmasq.conf to me.
Use sf in Diversion, they both are listed.

 

[XIII]

I don’t see any /mnt/usb or /jffs/scripts errors.

This might be worrisome though:

May  5 07:05:10 kernel: nand_read_bbt: bad block at 0x00000c8c0000

Oh, I had previously manually installed pixelserv-tls 2.3.1 (which lives in /opt/bin I think?) and that was also gone after the reboot.

 

[XIII]

Upgrading to 384.15 Alpha 2 requires a reboot.

The first upgrade failed, but after that reboot Diversion was again gone.

I noticed that I have a Catch-22 at boot: date is May 5 and won't be corrected: NTP hostname can't be resolved because NextDNS does not start ("certificate has expired or is not yet valid") and vice versa.

Can the date being in the past have any relation to the uninstall issue?

 

[dave14305]

I noticed that I have a Catch-22 at boot: date is May 5 and won't be corrected: NTP hostname can't be resolved because NextDNS does not start ("certificate has expired or is not yet valid") and vice versa.

NTP should still resolve the hostname using your WAN DNS servers, unless you've changed the default value for "Wan: Use local caching DNS server as system resolver (default: No)" on Tools / Other Settings.

 

[XIII]

After a second attempt I could upgrade to 384.15 Alpha 2 and amtm 3.1.0 FW.

I tried to reinstall Diversion using amtm, but got this error:

[Error] No compatible device(s) found to install
 Diversion on.

 A permanently plugged in USB storage device
 formatted with one of these file systems
 is required: ext2, ext3, ext4

But I do have such a device attached:

admin@ac86u:/tmp/home/root# mount | grep usb
/dev/sda1 on /tmp/mnt/usb type ext4 (rw,nodev,relatime,data=ordered)

And I can access it:

admin@ac86u:/tmp/home/root# ls -1 /tmp/mnt/usb/
dhcp
entware
lost+found
myswap.swp
nvram
skynet

 

[XIII]

NTP should still resolve the hostname using your WAN DNS servers, unless you've changed the default value for "Wan: Use local caching DNS server as system resolver (default: No)" on Tools / Other Settings.

I have indeed set that to Yes... (because all local hostnames did not seem to resolve otherwise)

EDIT: Changed it to No and rebooted. Same issue: date remains at May 5.

 

[dave14305]

I have indeed set that to Yes... (because all local hostnames did not seem to resolve otherwise)

EDIT: Changed it to No and rebooted. Same issue: date remains at May 5.

What are your WAN DNS servers?

 

[XIII]

What are your WAN DNS servers?

"Connect to DNS Server automatically" is set to "No" and both WAN DNS servers are empty...

That's done by the NextDNS installer it seems:

https://github.com/nextdns/nextdns/blob/master/router/merlin/setup.go

 

[dave14305]

I tried to reinstall Diversion using amtm, but got this error:

[Error] No compatible device(s) found to install
Diversion on.

A permanently plugged in USB storage device
formatted with one of these file systems
is required: ext2, ext3, ext4

But I do have such a device attached:

admin@ac86u:/tmp/home/root# mount | grep usb
/dev/sda1 on /tmp/mnt/usb type ext4 (rw,nodev,relatime,data=ordered)

A stab in the dark: what is the output of

uname -m

?

 

[XIII]

I'm not 100% sure, but I think "/tmp/opt/bin" did not exist when I could not start/find Diversion.

Is it possible that Diversion is not really uninstalled but something else makes it "invisible"? (For example by a missing mount?)

I don't understand how /tmp/opt/bin survives a boot or how it is created (I see diversion in /tmp/opt/bin, but nowhere else).

 

[XIII]

uname -m reports aarch64 (I have an AC86u, so that should be fine).

 

[faria]

Had to reboot my router (remotely) because DNS was not working and amtm 3.0 was super slow (because of that?).

This time I used the GUI instead of `reboot` on the command line.

Again Diversion is uninstalled after the reboot... (third time this year)

if you have NextDNS installed remove it , had the same issue for several days , diversion/entaware was not detected or started even though it was there,

 

[XIII]

if you have NextDNS installed remove it , had the same issue for several days , diversion/entaware was not detected or started even though it was there,

Thank you for mentioning this!

Seems like we now have a better starting point to investigate this.

 

[Brunotoo]

The following keeps popping up, anyone know what it means?

Jan 27 09:46:14 pixelserv-tls[24710]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.doubleclick.net
Jan 27 09:46:14 pixelserv-tls[24710]: tls_clienthello_cb: fail to create sslctx or cache _.doubleclick.net
Jan 27 09:46:25 pixelserv-tls[24710]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.doubleclick.net
Jan 27 09:46:25 pixelserv-tls[24710]: tls_clienthello_cb: fail to create sslctx or cache _.doubleclick.net
Jan 27 13:45:24 pixelserv-tls[24710]: create_child_sslctx: cannot find or use /opt/var/cache/pixelserv/_.doubleclick.net
Jan 27 13:45:24 pixelserv-tls[24710]: tls_clienthello_cb: fail to create sslctx or cache _.doubleclick.net

 

[SomeWhereOverTheRainBow]

diversion doing a lot of grep'n

 

[dave14305]

View attachment 21106
diversion doing a lot of grep'n

Probably SkyNet, generating Stats.

 

[Asad Ali]

@thelonelycoder and others:

Food for thought!

Since now we have a hosted wildcard list feature will it be a good idea to treat it as a complete standalone hosts list and not as an extension of the hosts list blocking file at least for the hardcore ad domains. Why you may ask? Here's a small example from my personal experiment. I had 300+ subdomains of "doubleclick.net" and "amazon-adsystem.com" in my blocking list and I deleted all the subdomains of these from the blocking list and simply added these two domains in the wildcard list and my blocking file is slashed by 300+ entries. Now I'm going to do that with all the hardcore advertising domains in my hosts' list and I'm sure the end result will be a considerably smaller blocking file.

So my suggestion/idea is to treat the hosted wildcard list as a proper hosts list for someone like me who just want to use a wildcard hosted list and don't make diversion warn us that your hosts list is empty, though I can still bypass that limitation by using a single entry host list file and a fully loaded hosted wildcard list of what I needed blocking but that method is not totally a replacement of hosts list blocking file because the option of finding domains in the hosts list only look in the hosts list and as far as I can see it doesn't check the domains in wildcard list.

So that's the idea and I'm still experimenting with it and so far I'm pretty happy with my results, what do you guys think?

 

[thelonelycoder]

@thelonelycoder and others:

Food for thought!

Since now we have a hosted wildcard list feature will it be a good idea to treat it as a complete standalone hosts list and not as an extension of the hosts list blocking file at least for the hardcore ad domains. Why you may ask? Here's a small example from my personal experiment. I had 300+ subdomains of "doubleclick.net" and "amazon-adsystem.com" in my blocking list and I deleted all the subdomains of these from the blocking list and simply added these two domains in the wildcard list and my blocking file is slashed by 300+ entries. Now I'm going to do that with all the hardcore advertising domains in my hosts' list and I'm sure the end result will be a considerably smaller blocking file.

So my suggestion/idea is to treat the hosted wildcard list as a proper hosts list for someone like me who just want to use a wildcard hosted list and don't make diversion warn us that your hosts list is empty, though I can still bypass that limitation by using a single entry host list file and a fully loaded hosted wildcard list of what I needed blocking but that method is not totally a replacement of hosts list blocking file because the option of finding domains in the hosts list only look in the hosts list and as far as I can see it doesn't check the domains in wildcard list.

So that's the idea and I'm still experimenting with it and so far I'm pretty happy with my results, what do you guys think?

I'll think about it. But really, there is no way you can replace all domains in a hosts file with just a wildcard domain. There are many legitimate subdomains that are not ad servers.

 

[Asad Ali]

I'll think about it. But really, there is no way you can replace all domains in a hosts file with just a wildcard domain. There are many legitimate subdomains that are not ad servers.

I don't have to do that I'll just use the *.domain URL for hardcore ad domains and for other legitimate subdomains for example "ads.youtube.com" I won't make it an absolute wildcard URL and use it as it is, this way it won't block the URL "YouTube.com" but it'll still block "ads.youtube.com" or "xxx.ads.youtube.com" subdomains.