Menu
What's new
By:
Filters Better Search

NextDNS Installer

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Just updated to the latest fw version, and was just checking for an update with the nextdns installer script, there wasn't an update but that's when I noticed when I run the 'NEXTDNS' command, nothing appears.
-sh: NEXTDNS: not found
so I uninstalled nextdns, rebooted router, waited 5mins, reinstalled nextdns and install went fine, but still it cannot find NEXTDNS installed.-
- Info - amtm 3.1.6 FW - RT-AC86U (aarch64) FW-384.17
everything else is fine in amtm (diversion/skynet/ntp/sc)
not sure what is going on?
<edit>
Code: 
found the issue - this command worked:  sh -c "$(curl -sL https://nextdns.io/install)"
this one didn't:  sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"'
I guess the install commands changed recently on github - everything seems ok now.
 
Last edited:
Done:

nextdns pro.png
 
XIII said:
@Olivier Poitrey Would this be something you guys could do on NextDNS as well?

https://discourse.pi-hole.net/t/youtube-script-seems-to-be-working-very-well/31316

See post 6000 and up in the Diversion topic on this forum where @thelonelycoder is doing an awesome job of implementing this in his ad-blocking tool.
Click to expand...
It's been a busy four days for me since I found out about that trick. And now Diversion is the first router based ad-blocker that has a fully automated working solution to block YouTube video ads.
Not even Pi-Hole has that automated setup.
Ha!
 
XIII said:
@Olivier Poitrey Would this be something you guys could do on NextDNS as well?

https://discourse.pi-hole.net/t/youtube-script-seems-to-be-working-very-well/31316

See post 6000 and up in the Diversion topic on this forum where @thelonelycoder is doing an awesome job of implementing this in his ad-blocking tool.
Click to expand...

thelonelycoder said:
It's been a busy four days for me since I found out about that trick. And now Diversion is the first router based ad-blocker that has a fully automated working solution to block YouTube video ads.
Not even Pi-Hole has that automated setup.
Ha!
Click to expand...

I spent some time testing this solution. Like all other similar solutions, it does not work for two reasons:
  1. A r#—xxxxxx.googlevideo.com hostname used by Youtube CDN will not accept a different IP, you can test it with curl —resolve. You get 400 responses when pointing those hostnames to the IP of another of those endpoints. The "fix IP" of this script is thus equivalent to just blocking the hostname, it's just more complex…
  2. The script will basically block any CDN hostname used to load actual content or ads in the past. There is a chance that some ads will reuse the same domain, but you have an equal (I would even say higher) chance that an actual content will reuse such domain as well. After a few days running this script, you will end up blocking most of the content hostnames, and Youtube will become unusable. It is probable that Youtube rotate those hostnames, so instead, it might just keep doing nothing, and sometime block an ad here or a content there.

You could get the same result as this solution by randomly blocking r*.googlevideo.com. It will sometime block ads, but also sometime block content. As you have more content that ads, you'll block more content than ads.

Keep in mind that Youtube stores ads and content on the same endpoints. If you block a r*.googlevideo.com that was used to serve an ad, you are also blocking all the content that is also served by that endpoint.

That's sad, but there is no solution to block Youtube ads at the DNS level. All solution we tested are placebos. Sorry for the bad news :)
 
Thank you for your analysis.

I’ll keep an eye on the Diversion forum to see which experiences people post there.
 
XIII said:
Thank you for your analysis.

I’ll keep an eye on the Diversion forum to see which experiences people post there.
Click to expand...

Every time such solution pops up, you have people posting positive feedback, finding they see less ads. This is called the placebo effect. Then later you get other people reporting they have issues loading content, which is inevitable with those solutions.

We could add a checkbox on NextDNS saying "Reduce Youtube ads" that does nothing, you will get the same feedback of people feeling it's somewhat effective :)
 
grub said:
The people in the Pi-hole forum thread and Reddit post are reporting excellent results.
The script does not block IPs or hostnames.

(I wrote the original script based on a hunch I had after analyzing too many network dumps.)
Click to expand...

By replacing the IP of those hostnames by the one of another, it creates 400 errors. So IT IS equivalent to blocking.

You can do the test yourself. In chrome, take one of those video request in the network tab, right click and copy the curl command. You can execute it and see that you get the video data. Now add the —resolve <hostname of the URL>:443:<fix IP> argument. You will get either a 400 error. This is exactly what this script is doing.
 
Olivier Poitrey said:
By replacing the IP of those hostnames by the one of another, it creates 400 errors. So IT IS equivalent to blocking.

You can do the test yourself. In chrome, take one of those video request in the network tab, right click and copy the curl command. You can execute it and see that you get the video data. Now add the —resolve <hostname of the URL>:443:<fix IP> argument. You will get either a 400 error. This is exactly what this script is doing.
Click to expand...

Do a tcpdump of the network traffic, you will see the video data still flows when this runs. Now I'm not sure how Google is doing their distribution (likely some Anycast funkiness and tracking to ensure the video flows from whatever IP, it's a black box really and that's a guess) When I first tested this, the query would go out but when the forced IP was returned, the packets kept coming.

Did you actually test the thing out?
 
grub said:
Do a tcpdump of the network traffic, you will see the video data still flows when this runs. Now I'm not sure how Google is doing their distribution (likely some Anycast funkiness and tracking to ensure the video flows from whatever IP, it's a black box really and that's a guess) When I first tested this, the query would go out but when the forced IP was returned, the packets kept coming.

Did you actually test the thing out?
Click to expand...

Yes I tested it, and performed some comparison tests too and tried many different approaches.

There is no black magic with youtube video delivery. It’s pretty standard and it does not use anycast or voodoo tech. It’s pure unicast with signed URLS and their server validate the SNI and host header to make sure it’s not altered. It works like many other video delivery systems.

Note that I have been working in video delivery space for the past 15 years.
 
Olivier Poitrey said:
By replacing the IP of those hostnames by the one of another, it creates 400 errors. So IT IS equivalent to blocking.

You can do the test yourself. In chrome, take one of those video request in the network tab, right click and copy the curl command. You can execute it and see that you get the video data. Now add the —resolve <hostname of the URL>:443:<fix IP> argument. You will get either a 400 error. This is exactly what this script is doing.
Click to expand...

As far as I can see/test this script is not replacing the hostnames IP nor blocking it. That's exactly why a nslookup on one of the GoogleVideo subdomains is a prerequisite for the setup. What this script is doing it simply gives out the fixed local YouTube CDN IP whenever there is a Googlevideo subdomains DNS query thus avoiding the second pre adroll IP DNS lookup.

I can see this breaks YouTube in only one case when the local YouTube CDN edge node changes the IP thus invalidating our forced IP setup.

Note: I haven't tested this thoroughly so my assumption can be wrong, in any case, we'll see how it goes in the next few weeks.
 
grub said:
Did you have fewer ads?
Click to expand...

As I said, it blocks some ads and some contents.

You can see the data from one of my test session of yesterday here: https://docs.google.com/spreadsheets/d/1sm9bgyo32WCHLWIne9j1WgvoFbwleTVWb4ZiuIYLY_U.

The ad/content columns shows the number of requests performed to fetch either ads or contents on each hostname. The two next column is the "after the fact blocking" theoretically performed by the script, as it is learning those hostnames from logs. It's theoretical, because as it's a cron job, so it might not learn them right away and thus certainly block less of those.

As you can see, such solution would block twice as more content than ads.
 
Asad Ali said:
As far as I can see/test this script is not replacing the hostnames IP nor blocking it. That's exactly why a nslookup on one of the GoogleVideo subdomains is a prerequisite for the setup. What this script is doing it simply gives out the fixed local YouTube CDN IP whenever there is a Googlevideo subdomains DNS query thus avoiding the second pre adroll IP DNS lookup.

I can see this breaks YouTube in only one case when the local YouTube CDN edge node changes the IP thus invalidating our forced IP setup.

Note: I haven't tested this thoroughly so my assumption can be wrong, in any case, we'll see how it goes in the next few weeks.
Click to expand...

The script is creating a hosts file with all the googlevideo.com hostname found in the logs from you past history, and force them to resolve to a single arbitrary IP got from one of them. So, yes it is replacing the IP of those hostnames by the a fixed IP.

The way those servers are programmed, such manipulation of the IP will make those requests fail, which is equivalent to a blocking. And if it was not blocking, I don't see how it could have any effect on ads, as ads and contents are stored indifferently on those servers.
 
Olivier Poitrey said:
As you can see, such solution would block twice as more content than ads.
Click to expand...

I guess this is a YMMV situation, because everybody else who sets it up correctly are reporting results similar to mine; no in-video ads and an occassional pre-roll ad.

Mine's been running for two weeks, will have to see how long this goes for.
 
Olivier Poitrey said:
The script is creating a hosts file with all the googlevideo.com hostname found in the logs from you past history, and force them to resolve to a single arbitrary IP got from one of them. So, yes it is replacing the IP of those hostnames by the a fixed IP.

The way those servers are programmed, such manipulation of the IP will make those requests fail, which is equivalent to a blocking. And if it was not blocking, I don't see how it could have any effect on ads, as ads and contents are stored indifferently on those servers.
Click to expand...

Well in my case the Arbitrary IP is from the local YouTube Egde node in my ISP and I haven't seen any fail video playbacks so far, the way CDNs work, they are connected to all other nodes over the network and if they don't have the requested video in the cache, they'll fetch it over the network so I still don't see how it'll fail to work even if we're using a single CDN IP.

As far as I can tell, the way this works is YouTube always do a DNS query before the ad roll and that gives a different IP then the original answer we get in the start and this method basically just blocks YouTube from that pre ad roll lookup and forced it to keep playing on the actual content.
 
Asad Ali said:
Well in my case the Arbitrary IP is from the local YouTube Egde node in my ISP and I haven't seen any fail video playbacks so far, the way CDNs work, they are connected to all other nodes over the network and if they don't have the requested video in the cache, they'll fetch it over the network so I still don't see how it'll fail to work even if we're using a single CDN IP.

As far as I can tell, the way this works is YouTube always do a DNS query before the ad roll and that gives a different IP then the original answer we get in the start and this method basically just blocks YouTube from that pre ad roll lookup and forced it to keep playing on the actual content.
Click to expand...

I explained it, but you guys are free to believe it works differently. At this point, I think I answered why this won't be added to NextDNS, which was the original question.
 
You must log in or register to reply here.

Similar threads

SomeWhereOverTheRainBow
DNScrypt Dnscrypt Proxy Installer For Asuswrt-Merlin(Nov.)
7 8 9
Replies
173
Views
40K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
Similar threads
Thread starter Title Forum Replies Date
SevenFactors NextDNS CLI Merlin GUI Asuswrt-Merlin AddOns 14
L NextDNS Windows installler Asuswrt-Merlin AddOns 15
SomeWhereOverTheRainBow DNScrypt Dnscrypt Proxy Installer For Asuswrt-Merlin late 2023 Releases Asuswrt-Merlin AddOns 8

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 839 (members: 12, guests: 827)
Top