Skynet What's appending this line in dnsmasq.conf.add?

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

gattaca

Senior Member
Hi, I updated and rebooted my router this AM and dnsmasq failed to start due to an unknown line in /etc/dnsmasq.conf. The only package which was updated was Skynet from 7.2.8 -> 7.3.0 (I think).

When I checked /etc/dnsmasq.conf, it had this offending line appended: "ipset=/1drv.ms/aax-eu.amazon-adsystem.com/aax-us-east.amazon-adsystem.com/anycast.dns.nextdns.io/apple.com/asuswrt-merl............

Can someone tell us how/where/what is inserting this line? Is it Skynet, Diversion or something else?
I force updated Skynet to be sure it was OK and it's at 7.3.0.. everything else in AMT is current. (I tend to update weekly).

It appears running Diversion EL+Process is appending the above offending line to: "/jffs/configs/dnsmasq.conf.add" which is killing dnsmasq on start.. The router will not properly restart until I remove the line.

Oct 28 09:13:48 rc_service: service 20970:notify_rc restart_dnsmasq
Oct 28 09:13:48 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Oct 28 09:13:48 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Oct 28 09:13:48 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Oct 28 09:13:48 Diversion: restarted Dnsmasq to apply settings
Oct 28 09:13:48 custom_script: Running /jffs/scripts/stubby.postconf (args: /etc/stubby/stubby.yml)
Oct 28 09:13:48 stubby[21255]: Stubby version: Stubby 0.4.0
Oct 28 09:13:48 dnsmasq[21257]: bad option at line 89 of /etc/dnsmasq.conf
Oct 28 09:13:48 dnsmasq[21257]: FAILED to start up
Oct 28 09:13:48 uiDivStats: dnsmasq has restarted, restarting taildns
Oct 28 09:13:52 gcm-admin: Started taildns from .

09:57 update Further digging shows these are the "whitelisted" entries via Diversion "edit list". I processed the whitelist again via Diversion's "el" and it appended the offending line again. So now we know what. IDK why.
I'm guessing since I have ~ 50 whitelisted entries, maybe the single line is too long now?...

Guidance please?
 
Last edited:

dave14305

Part of the Furniture
New Skynet whitelisting method. Sounds like the whitelist is longer than dnsmasq accepts for an ipset directive.
 

eibgrad

Very Senior Member
^^^ Probably a good guess. That's why I limit my own scripts to five (5) entries per line.

Code:
DOMAINS='
ipchicken.com
netflix.com
nflxext.com
nflximg.net
nflxso.net
nflxvideo.net
'

CONFIG="/jffs/configs/dnsmasq.conf.add"
IPSET_HOSTS='lan2wan'

for dom in $DOMAINS; do
    if [ $((n++ % 5)) -eq 0 ]; then
        [ "$str" ] && echo "$str/$IPSET_HOSTS" >> $CONFIG
        str='ipset='
    fi
    str="$str/$dom"
done
[ "$str" ] && echo "$str/$IPSET_HOSTS" >> $CONFIG

I never assume capacity is unlimited. Of course, you could be limited in number of lines too.
 

Michael_007

New Around Here
I have the same issue since updating Skynet.
I deleted my manual whitelist entries and updated lists, but issue persists.
I delete the "ipset" line from \\RT-AC68U\jffs\configs\dnsmasq.conf.add
service gets restored :) unless I reboot !

RT-AC68U
386.3
Skynet update to v7.3.0 (might have been v7.2.8 before update)
dnsmasq[11790]: bad option at line 113 of /etc/dnsmasq.conf
dnsmasq[11790]: FAILED to start up
ipset=/1drv.ms/aax-eu.amazon-adsystem.com/.... ... ... ...
This line is 1337 characters long
 

dave14305

Part of the Furniture
As a workaround, you can add this line to /jffs/scripts/dnsmasq.postconf:
Bash:
sed -i '\~# Skynet~d' "$1"
which will remove the offending line until a better solution is found.
 

dugaduga

Senior Member
Is he trying to get around the whitelist issue in skynet, where whitelisting does not always stick and needs to be redone time and again?

Anyway, same issue here.
 

dave14305

Part of the Furniture
The workaround I posted will also neuter Skynet domain whitelisting, so more things will break, but dnsmasq will work.

Uninstalling Skynet might be safest (ironically) until Adamm wakes up tomorrow.
 

dugaduga

Senior Member
As a workaround, you can add this line to /jffs/scripts/dnsmasq.postconf:
Bash:
sed -i '\~# Skynet~d' "$1"
which will remove the offending line until a better solution is found.
Does not work for me, the skynet line continues appearing in dnsmasq.conf, (does this only work on reboot)? dns remains broken thanks to skynet.
 

dave14305

Part of the Furniture
It would be helpful if some of you can post the full contents of that ipset line from dnsmasq.conf.add (put it in a CODE block).
 

dugaduga

Senior Member
I have the same issue since updating Skynet.
I deleted my manual whitelist entries and updated lists, but issue persists.
I delete the "ipset" line from \\RT-AC68U\jffs\configs\dnsmasq.conf.add
service gets restored :) unless I reboot !

RT-AC68U
386.3
Skynet update to v7.3.0 (might have been v7.2.8 before update)
dnsmasq[11790]: bad option at line 113 of /etc/dnsmasq.conf
dnsmasq[11790]: FAILED to start up
ipset=/1drv.ms/aax-eu.amazon-adsystem.com/.... ... ... ...
This line is 1337 characters long
This worked for me, couldn't comment it out, had to delete it or the error still came up
 

dugaduga

Senior Member
Code:
ipset=/0-edge-chat.facebook.com/1-edge-chat.facebook.com/1drv.ms/2-edge-chat.facebook.com/3-edge-chat.facebook.com/4-edge-chat.facebook.com/5-edge-chat.facebook.com/6-edge-chat.facebook.com/aax-eu.amazon-adsystem.com/aax-us-east.amazon-adsystem.com/abpvn.com/academy.binance.com/accounts.binance.com/accounts.nvgs.nvidia.com/adblock.mahakala.is/alluremedia.com.au/amzn.to/api-2-0.spot.im/api.accounts.firefox.com/api.binance.com/api.ipify.org/app-cdn.spot.im/app.mailerlite.com/appuals.com/apresolve.spotify.com/asuswrt-merlin.net/asuswrt.lostrealm.ca/au.download.windowsupdate.com/audownload.windowsupdate.nsatc.net/badges.instagram.com/bin.entware.net/bit.ly/bstream.binance.com/c-0001.c-msedge.net/c.s-microsoft.com/canadafreepress.com/cap.cyberlink.com/cdn-images.mailchimp.com/cdn.optimizely.com/cdn.polyfill.io/cdn.staticneo.com/clarium.global.ssl.fastly.net/clients2.google.com/clients3.google.com/clients4.google.com/clients5.google.com/codeload.github.com/connect.facebook.net/conquerseries.iljmp.com/crash-stats.mozilla.org/da.xboxservices.com/diversion.ch/dl.dropbox.com/dl2.soft98.ir/download.db-ip.com/download.windowsupdate.com/dropbox.com/dstream.binance.com/dyn.keepa.com/ea.com/edf.eset.com/email-connect.spot.im/etutorials.org/events-collector.spot.im/exp.wg.spotify.com/fe2.update.microsoft.com/fe2.update.microsoft.com.nsatc.net/fe3.delivery.dsp.mp.microsoft.com.nsatc.net/fe3.delivery.mp.microsoft.com/fls-na.amazon-adsystem.com/form.typeform.com/fpdownload.macromedia.com/frugallysustainable.com/fstream.binance.com/fwupdate.asuswrt-merlin.net/geni.us/gilad.co.uk/github.com/gitlab.com/gleam.io/go.microsoft.com/goo.gl/graph.facebook.com/graph.instagram.com/gravatar.com/gwens-nest.com/hostfiles.frogeye.fr/hosts-file.net/hosts.oisd.nl/ib.adnxs.com/ibb.co/im.vk.com/images-na.ssl-images-amazon.com/img1.blogblog.com/imgs.xkcd.com/ir-na.amazon-adsystem.com/ir-uk.amazon-adsystem.com/j.mp/kat.cr/keystone.mwbsys.com/launcher.spot.im/licensing.mp.microsoft.com/localhost.localdomain/login.live.com/logz.io/mail.gan/mail.gandi.net/maurerr.github.io/metacritic.com/mirror.cedia.org.ec/msdl.microsoft.com/mttstr.beacon.qq.com/mywot.com/nationalvanguard.org/nbstream.binance.com/netflix.com/newsletter.biggeekdad.com/nitroflare.com/nymag.com/nypost.com/o307710.ingest.sentry.io/ocsp.apple.com/ocsp.comodoca.com/olympia.prod.mozaws.net/onedrive.live.com/open.spotify.com/ouo.io/ow.ly/pagead2.googlesyndication.com/pgl.yoyo.org/pkg.entware.net/platform.tumblr.com/premaster-spoxy.spot.im/presstv.com/profile.accounts.firefox.com/ps.vk.com/pu.vk.com/queuev4.vk.com/raw.githubusercontent.com/redirector.googlevideo.com/redirector.gvt1.com/res.cloudinary.com/robertsspaceindustries.com/rover.ebay.com/rumble.com/russia-insider.com/rutrk.org/s.shopify.com/s3.amazonaws.com/safebrowsing.googleapis.com/scontent.xx.fbcdn.net/sentry.io/shareasale.com/shavar.services.mozilla.com/sls.update.microsoft.com/smallnetbuilder.com/smarturl.it/snbforums.com/someonewhocares.org/sourceforge.net/spclient.wg.spotify.com/spoxy-shard8.spot.im/ssl.gstatic.com/st6-21.vk.com/st6-22.vk.com/static-cdn.spot.im/static.xx.fbcdn.net/staticxx.facebook.com/storage.googleapis.com/store.globalresearch.ca/support.it-mate.co.uk/sysctl.org/tgc.cloud/tinyurl.com/tnoduse2.blogspot.com/tomshardware.com/tracker.mg64.net/tracker.pomf.se/tracker.trackerfix.com/traffic.spot.im/trk.klclick1.com/trunews.com/turbobit.net/typeform.com/u1584542.ct.sendgrid.net/u2025688.ct.sendgrid.net/v.firebog.net/veteranstoday.com/vu.vk.com/w.hypercomments.com/winhelp2002.mvps.org/wms-eu.amazon-adsystem.com/wms-na.amazon-adsystem.com/wms-na.assoc-amazon.com/ws-eu.amazon-adsystem.com/ws-na.amazon-adsystem.com/easycounter.com/experts-exchange.com/github.developerdan.com/globalresearch.ca/ivi.ru/kernsafe.com/malwaredomainlist.com/pinterest.com/rt.com/sadeempc.com/sevenforums.com/spot.im/stopforumspam.com/yastatic.net/youtube-nocookie.com/zerohedge.com/yt3.ggpht.com/z-na.amazon-adsystem.com/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/speedguide.net/otx.alienvault.com/astrill.com/strongpath.net/nwsrv-ns1.asus.com/209.115.181.108/0.ca.pool.ntp.org/Skynet-WhitelistDomains # Skynet


ipset=/0-edge-chat.facebook.com/1-edge-chat.facebook.com/1drv.ms/2-edge-chat.facebook.com/3-edge-chat.facebook.com/4-edge-chat.facebook.com/5-edge-chat.facebook.com/6-edge-chat.facebook.com/aax-eu.amazon-adsystem.com/aax-us-east.amazon-adsystem.com/abpvn.com/academy.binance.com/accounts.binance.com/accounts.nvgs.nvidia.com/adblock.mahakala.is/alluremedia.com.au/amzn.to/api-2-0.spot.im/api.accounts.firefox.com/api.binance.com/api.ipify.org/app-cdn.spot.im/app.mailerlite.com/appuals.com/apresolve.spotify.com/asuswrt-merlin.net/asuswrt.lostrealm.ca/au.download.windowsupdate.com/audownload.windowsupdate.nsatc.net/badges.instagram.com/bin.entware.net/bit.ly/bstream.binance.com/c-0001.c-msedge.net/c.s-microsoft.com/canadafreepress.com/cap.cyberlink.com/cdn-images.mailchimp.com/cdn.optimizely.com/cdn.polyfill.io/cdn.staticneo.com/clarium.global.ssl.fastly.net/clients2.google.com/clients3.google.com/clients4.google.com/clients5.google.com/codeload.github.com/connect.facebook.net/conquerseries.iljmp.com/crash-stats.mozilla.org/da.xboxservices.com/diversion.ch/dl.dropbox.com/dl2.soft98.ir/download.db-ip.com/download.windowsupdate.com/dropbox.com/dstream.binance.com/dyn.keepa.com/ea.com/edf.eset.com/email-connect.spot.im/etutorials.org/events-collector.spot.im/exp.wg.spotify.com/fe2.update.microsoft.com/fe2.update.microsoft.com.nsatc.net/fe3.delivery.dsp.mp.microsoft.com.nsatc.net/fe3.delivery.mp.microsoft.com/fls-na.amazon-adsystem.com/form.typeform.com/fpdownload.macromedia.com/frugallysustainable.com/fstream.binance.com/fwupdate.asuswrt-merlin.net/geni.us/gilad.co.uk/github.com/gitlab.com/gleam.io/go.microsoft.com/goo.gl/graph.facebook.com/graph.instagram.com/gravatar.com/gwens-nest.com/hostfiles.frogeye.fr/hosts-file.net/hosts.oisd.nl/ib.adnxs.com/ibb.co/im.vk.com/images-na.ssl-images-amazon.com/img1.blogblog.com/imgs.xkcd.com/ir-na.amazon-adsystem.com/ir-uk.amazon-adsystem.com/j.mp/kat.cr/keystone.mwbsys.com/launcher.spot.im/licensing.mp.microsoft.com/localhost.localdomain/login.live.com/logz.io/mail.gan/mail.gandi.net/maurerr.github.io/metacritic.com/mirror.cedia.org.ec/msdl.microsoft.com/mttstr.beacon.qq.com/mywot.com/nationalvanguard.org/nbstream.binance.com/netflix.com/newsletter.biggeekdad.com/nitroflare.com/nymag.com/nypost.com/o307710.ingest.sentry.io/ocsp.apple.com/ocsp.comodoca.com/olympia.prod.mozaws.net/onedrive.live.com/open.spotify.com/ouo.io/ow.ly/pagead2.googlesyndication.com/pgl.yoyo.org/pkg.entware.net/platform.tumblr.com/premaster-spoxy.spot.im/presstv.com/profile.accounts.firefox.com/ps.vk.com/pu.vk.com/queuev4.vk.com/raw.githubusercontent.com/redirector.googlevideo.com/redirector.gvt1.com/res.cloudinary.com/robertsspaceindustries.com/rover.ebay.com/rumble.com/russia-insider.com/rutrk.org/s.shopify.com/s3.amazonaws.com/safebrowsing.googleapis.com/scontent.xx.fbcdn.net/sentry.io/shareasale.com/shavar.services.mozilla.com/sls.update.microsoft.com/smallnetbuilder.com/smarturl.it/snbforums.com/someonewhocares.org/sourceforge.net/spclient.wg.spotify.com/spoxy-shard8.spot.im/ssl.gstatic.com/st6-21.vk.com/st6-22.vk.com/static-cdn.spot.im/static.xx.fbcdn.net/staticxx.facebook.com/storage.googleapis.com/store.globalresearch.ca/support.it-mate.co.uk/sysctl.org/tgc.cloud/tinyurl.com/tnoduse2.blogspot.com/tomshardware.com/tracker.mg64.net/tracker.pomf.se/tracker.trackerfix.com/traffic.spot.im/trk.klclick1.com/trunews.com/turbobit.net/typeform.com/u1584542.ct.sendgrid.net/u2025688.ct.sendgrid.net/v.firebog.net/veteranstoday.com/vu.vk.com/w.hypercomments.com/winhelp2002.mvps.org/wms-eu.amazon-adsystem.com/wms-na.amazon-adsystem.com/wms-na.assoc-amazon.com/ws-eu.amazon-adsystem.com/ws-na.amazon-adsystem.com/easycounter.com/experts-exchange.com/github.developerdan.com/globalresearch.ca/ivi.ru/kernsafe.com/malwaredomainlist.com/pinterest.com/rt.com/sadeempc.com/sevenforums.com/spot.im/stopforumspam.com/yastatic.net/youtube-nocookie.com/zerohedge.com/yt3.ggpht.com/z-na.amazon-adsystem.com/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/speedguide.net/otx.alienvault.com/astrill.com/strongpath.net/nwsrv-ns1.asus.com/209.115.181.108/0.ca.pool.ntp.org/Skynet-WhitelistDomains # Skynet
 

gattaca

Senior Member
Hi, Thanks for confirming my guess. Long lines are never always tolerated... best never to assume!

OK this has broken things at home and the family is getting antsy.. the router was down again this AM.

a) Does anyone know if Adam knows 7.3.0 is severely broken now?
--> OK, an issue was opened ~ 4 hours ago in github (no response yet) -> https://github.com/Adamm00/IPSet_ASUS/issues/80
b) Does anyone know the best way to revert to 7.2.8?
c) I'm sure I have a JFFS backup from BEFORE the last major router upgrade 07 Aug 2021....but won't restoring that JFFS backlevel everything on the router? Is there a way to just pick out the Skynet 7.2.8 executable?
d) I've learned now that best-practice is even before updating AMTM tooling - always take a JFFS backup. IDK that was super critical until now.

Thanks!
 
Last edited:

visortgw

Senior Member
Hi, Thanks for confirming my guess. Long lines are never always tolerated... best never to assume!

OK this has broken things at home and the family is getting antsy.. the router was down again this AM.

a) Does anyone know if Adam knows 7.3.0 is severely broken now?
--> OK, an issue was opened ~ 4 hours ago in github (no response yet) -> https://github.com/Adamm00/IPSet_ASUS/issues/80
b) Does anyone know the best way to revert to 7.2.8?
c) I'm sure I have a JFFS backup from BEFORE the last major router upgrade 07 Aug 2021....but won't restoring that JFFS backlevel everything on the router? Is there a way to just pick out the Skynet 7.2.8 executable?
d) I've learned now that best-practice is even before updating AMTM tooling - always take a JFFS backup. IDK that was super critical until now.

Thanks!
To completely uninstall:


To reinstall 7.2.8 (if you don't have backup):

 

tnrst1

New Around Here
Hi, Thanks for confirming my guess. Long lines are never always tolerated... best never to assume!

OK this has broken things at home and the family is getting antsy.. the router was down again this AM.

a) Does anyone know if Adam knows 7.3.0 is severely broken now?
--> OK, an issue was opened ~ 4 hours ago in github (no response yet) -> https://github.com/Adamm00/IPSet_ASUS/issues/80
b) Does anyone know the best way to revert to 7.2.8?
c) I'm sure I have a JFFS backup from BEFORE the last major router upgrade 07 Aug 2021....but won't restoring that JFFS backlevel everything on the router? Is there a way to just pick out the Skynet 7.2.8 executable?
d) I've learned now that best-practice is even before updating AMTM tooling - always take a JFFS backup. IDK that was super critical until now.

Thanks!

amtm gave me the ability to revert back to Skynet v7.2.8 just now when I checked for updates. This appears to fix the issue and I was able to remove the sed -i '\~# Skynet~d' "$1" line from dnsmasq.postconf without incident when restarting dnsmasq.
 

gattaca

Senior Member
^^^ Confirmed 7.2.8 is now in the AMTM menu. I had already removed the offending line and it was not readded this time when dnsmasq restarted. Thank You SO MUCH!!!! Have a great day and weekend!!
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top