What's new

Skynet What's appending this line in dnsmasq.conf.add?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gattaca

Senior Member
Hi, I updated and rebooted my router this AM and dnsmasq failed to start due to an unknown line in /etc/dnsmasq.conf. The only package which was updated was Skynet from 7.2.8 -> 7.3.0 (I think).

When I checked /etc/dnsmasq.conf, it had this offending line appended: "ipset=/1drv.ms/aax-eu.amazon-adsystem.com/aax-us-east.amazon-adsystem.com/anycast.dns.nextdns.io/apple.com/asuswrt-merl............

Can someone tell us how/where/what is inserting this line? Is it Skynet, Diversion or something else?
I force updated Skynet to be sure it was OK and it's at 7.3.0.. everything else in AMT is current. (I tend to update weekly).

It appears running Diversion EL+Process is appending the above offending line to: "/jffs/configs/dnsmasq.conf.add" which is killing dnsmasq on start.. The router will not properly restart until I remove the line.

Oct 28 09:13:48 rc_service: service 20970:notify_rc restart_dnsmasq
Oct 28 09:13:48 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Oct 28 09:13:48 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Oct 28 09:13:48 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Oct 28 09:13:48 Diversion: restarted Dnsmasq to apply settings
Oct 28 09:13:48 custom_script: Running /jffs/scripts/stubby.postconf (args: /etc/stubby/stubby.yml)
Oct 28 09:13:48 stubby[21255]: Stubby version: Stubby 0.4.0
Oct 28 09:13:48 dnsmasq[21257]: bad option at line 89 of /etc/dnsmasq.conf
Oct 28 09:13:48 dnsmasq[21257]: FAILED to start up
Oct 28 09:13:48 uiDivStats: dnsmasq has restarted, restarting taildns
Oct 28 09:13:52 gcm-admin: Started taildns from .

09:57 update Further digging shows these are the "whitelisted" entries via Diversion "edit list". I processed the whitelist again via Diversion's "el" and it appended the offending line again. So now we know what. IDK why.
I'm guessing since I have ~ 50 whitelisted entries, maybe the single line is too long now?...

Guidance please?
 
Last edited:
New Skynet whitelisting method. Sounds like the whitelist is longer than dnsmasq accepts for an ipset directive.
 
^^^ Probably a good guess. That's why I limit my own scripts to five (5) entries per line.

Code:
DOMAINS='
ipchicken.com
netflix.com
nflxext.com
nflximg.net
nflxso.net
nflxvideo.net
'

CONFIG="/jffs/configs/dnsmasq.conf.add"
IPSET_HOSTS='lan2wan'

for dom in $DOMAINS; do
    if [ $((n++ % 5)) -eq 0 ]; then
        [ "$str" ] && echo "$str/$IPSET_HOSTS" >> $CONFIG
        str='ipset='
    fi
    str="$str/$dom"
done
[ "$str" ] && echo "$str/$IPSET_HOSTS" >> $CONFIG

I never assume capacity is unlimited. Of course, you could be limited in number of lines too.
 
I have the same issue since updating Skynet.
I deleted my manual whitelist entries and updated lists, but issue persists.
I delete the "ipset" line from \\RT-AC68U\jffs\configs\dnsmasq.conf.add
service gets restored :) unless I reboot !

RT-AC68U
386.3
Skynet update to v7.3.0 (might have been v7.2.8 before update)
dnsmasq[11790]: bad option at line 113 of /etc/dnsmasq.conf
dnsmasq[11790]: FAILED to start up
ipset=/1drv.ms/aax-eu.amazon-adsystem.com/.... ... ... ...
This line is 1337 characters long
 
As a workaround, you can add this line to /jffs/scripts/dnsmasq.postconf:
Bash:
sed -i '\~# Skynet~d' "$1"
which will remove the offending line until a better solution is found.
 
Is he trying to get around the whitelist issue in skynet, where whitelisting does not always stick and needs to be redone time and again?

Anyway, same issue here.
 
As a workaround, you can add this line to /jffs/scripts/dnsmasq.postconf:
Bash:
sed -i '\~# Skynet~d' "$1"
which will remove the offending line until a better solution is found.
Does not work for me, the skynet line continues appearing in dnsmasq.conf, (does this only work on reboot)? dns remains broken thanks to skynet.
 
It would be helpful if some of you can post the full contents of that ipset line from dnsmasq.conf.add (put it in a CODE block).
 
I have the same issue since updating Skynet.
I deleted my manual whitelist entries and updated lists, but issue persists.
I delete the "ipset" line from \\RT-AC68U\jffs\configs\dnsmasq.conf.add
service gets restored :) unless I reboot !

RT-AC68U
386.3
Skynet update to v7.3.0 (might have been v7.2.8 before update)
dnsmasq[11790]: bad option at line 113 of /etc/dnsmasq.conf
dnsmasq[11790]: FAILED to start up
ipset=/1drv.ms/aax-eu.amazon-adsystem.com/.... ... ... ...
This line is 1337 characters long
This worked for me, couldn't comment it out, had to delete it or the error still came up
 
Code:
ipset=/0-edge-chat.facebook.com/1-edge-chat.facebook.com/1drv.ms/2-edge-chat.facebook.com/3-edge-chat.facebook.com/4-edge-chat.facebook.com/5-edge-chat.facebook.com/6-edge-chat.facebook.com/aax-eu.amazon-adsystem.com/aax-us-east.amazon-adsystem.com/abpvn.com/academy.binance.com/accounts.binance.com/accounts.nvgs.nvidia.com/adblock.mahakala.is/alluremedia.com.au/amzn.to/api-2-0.spot.im/api.accounts.firefox.com/api.binance.com/api.ipify.org/app-cdn.spot.im/app.mailerlite.com/appuals.com/apresolve.spotify.com/asuswrt-merlin.net/asuswrt.lostrealm.ca/au.download.windowsupdate.com/audownload.windowsupdate.nsatc.net/badges.instagram.com/bin.entware.net/bit.ly/bstream.binance.com/c-0001.c-msedge.net/c.s-microsoft.com/canadafreepress.com/cap.cyberlink.com/cdn-images.mailchimp.com/cdn.optimizely.com/cdn.polyfill.io/cdn.staticneo.com/clarium.global.ssl.fastly.net/clients2.google.com/clients3.google.com/clients4.google.com/clients5.google.com/codeload.github.com/connect.facebook.net/conquerseries.iljmp.com/crash-stats.mozilla.org/da.xboxservices.com/diversion.ch/dl.dropbox.com/dl2.soft98.ir/download.db-ip.com/download.windowsupdate.com/dropbox.com/dstream.binance.com/dyn.keepa.com/ea.com/edf.eset.com/email-connect.spot.im/etutorials.org/events-collector.spot.im/exp.wg.spotify.com/fe2.update.microsoft.com/fe2.update.microsoft.com.nsatc.net/fe3.delivery.dsp.mp.microsoft.com.nsatc.net/fe3.delivery.mp.microsoft.com/fls-na.amazon-adsystem.com/form.typeform.com/fpdownload.macromedia.com/frugallysustainable.com/fstream.binance.com/fwupdate.asuswrt-merlin.net/geni.us/gilad.co.uk/github.com/gitlab.com/gleam.io/go.microsoft.com/goo.gl/graph.facebook.com/graph.instagram.com/gravatar.com/gwens-nest.com/hostfiles.frogeye.fr/hosts-file.net/hosts.oisd.nl/ib.adnxs.com/ibb.co/im.vk.com/images-na.ssl-images-amazon.com/img1.blogblog.com/imgs.xkcd.com/ir-na.amazon-adsystem.com/ir-uk.amazon-adsystem.com/j.mp/kat.cr/keystone.mwbsys.com/launcher.spot.im/licensing.mp.microsoft.com/localhost.localdomain/login.live.com/logz.io/mail.gan/mail.gandi.net/maurerr.github.io/metacritic.com/mirror.cedia.org.ec/msdl.microsoft.com/mttstr.beacon.qq.com/mywot.com/nationalvanguard.org/nbstream.binance.com/netflix.com/newsletter.biggeekdad.com/nitroflare.com/nymag.com/nypost.com/o307710.ingest.sentry.io/ocsp.apple.com/ocsp.comodoca.com/olympia.prod.mozaws.net/onedrive.live.com/open.spotify.com/ouo.io/ow.ly/pagead2.googlesyndication.com/pgl.yoyo.org/pkg.entware.net/platform.tumblr.com/premaster-spoxy.spot.im/presstv.com/profile.accounts.firefox.com/ps.vk.com/pu.vk.com/queuev4.vk.com/raw.githubusercontent.com/redirector.googlevideo.com/redirector.gvt1.com/res.cloudinary.com/robertsspaceindustries.com/rover.ebay.com/rumble.com/russia-insider.com/rutrk.org/s.shopify.com/s3.amazonaws.com/safebrowsing.googleapis.com/scontent.xx.fbcdn.net/sentry.io/shareasale.com/shavar.services.mozilla.com/sls.update.microsoft.com/smallnetbuilder.com/smarturl.it/snbforums.com/someonewhocares.org/sourceforge.net/spclient.wg.spotify.com/spoxy-shard8.spot.im/ssl.gstatic.com/st6-21.vk.com/st6-22.vk.com/static-cdn.spot.im/static.xx.fbcdn.net/staticxx.facebook.com/storage.googleapis.com/store.globalresearch.ca/support.it-mate.co.uk/sysctl.org/tgc.cloud/tinyurl.com/tnoduse2.blogspot.com/tomshardware.com/tracker.mg64.net/tracker.pomf.se/tracker.trackerfix.com/traffic.spot.im/trk.klclick1.com/trunews.com/turbobit.net/typeform.com/u1584542.ct.sendgrid.net/u2025688.ct.sendgrid.net/v.firebog.net/veteranstoday.com/vu.vk.com/w.hypercomments.com/winhelp2002.mvps.org/wms-eu.amazon-adsystem.com/wms-na.amazon-adsystem.com/wms-na.assoc-amazon.com/ws-eu.amazon-adsystem.com/ws-na.amazon-adsystem.com/easycounter.com/experts-exchange.com/github.developerdan.com/globalresearch.ca/ivi.ru/kernsafe.com/malwaredomainlist.com/pinterest.com/rt.com/sadeempc.com/sevenforums.com/spot.im/stopforumspam.com/yastatic.net/youtube-nocookie.com/zerohedge.com/yt3.ggpht.com/z-na.amazon-adsystem.com/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/speedguide.net/otx.alienvault.com/astrill.com/strongpath.net/nwsrv-ns1.asus.com/209.115.181.108/0.ca.pool.ntp.org/Skynet-WhitelistDomains # Skynet


ipset=/0-edge-chat.facebook.com/1-edge-chat.facebook.com/1drv.ms/2-edge-chat.facebook.com/3-edge-chat.facebook.com/4-edge-chat.facebook.com/5-edge-chat.facebook.com/6-edge-chat.facebook.com/aax-eu.amazon-adsystem.com/aax-us-east.amazon-adsystem.com/abpvn.com/academy.binance.com/accounts.binance.com/accounts.nvgs.nvidia.com/adblock.mahakala.is/alluremedia.com.au/amzn.to/api-2-0.spot.im/api.accounts.firefox.com/api.binance.com/api.ipify.org/app-cdn.spot.im/app.mailerlite.com/appuals.com/apresolve.spotify.com/asuswrt-merlin.net/asuswrt.lostrealm.ca/au.download.windowsupdate.com/audownload.windowsupdate.nsatc.net/badges.instagram.com/bin.entware.net/bit.ly/bstream.binance.com/c-0001.c-msedge.net/c.s-microsoft.com/canadafreepress.com/cap.cyberlink.com/cdn-images.mailchimp.com/cdn.optimizely.com/cdn.polyfill.io/cdn.staticneo.com/clarium.global.ssl.fastly.net/clients2.google.com/clients3.google.com/clients4.google.com/clients5.google.com/codeload.github.com/connect.facebook.net/conquerseries.iljmp.com/crash-stats.mozilla.org/da.xboxservices.com/diversion.ch/dl.dropbox.com/dl2.soft98.ir/download.db-ip.com/download.windowsupdate.com/dropbox.com/dstream.binance.com/dyn.keepa.com/ea.com/edf.eset.com/email-connect.spot.im/etutorials.org/events-collector.spot.im/exp.wg.spotify.com/fe2.update.microsoft.com/fe2.update.microsoft.com.nsatc.net/fe3.delivery.dsp.mp.microsoft.com.nsatc.net/fe3.delivery.mp.microsoft.com/fls-na.amazon-adsystem.com/form.typeform.com/fpdownload.macromedia.com/frugallysustainable.com/fstream.binance.com/fwupdate.asuswrt-merlin.net/geni.us/gilad.co.uk/github.com/gitlab.com/gleam.io/go.microsoft.com/goo.gl/graph.facebook.com/graph.instagram.com/gravatar.com/gwens-nest.com/hostfiles.frogeye.fr/hosts-file.net/hosts.oisd.nl/ib.adnxs.com/ibb.co/im.vk.com/images-na.ssl-images-amazon.com/img1.blogblog.com/imgs.xkcd.com/ir-na.amazon-adsystem.com/ir-uk.amazon-adsystem.com/j.mp/kat.cr/keystone.mwbsys.com/launcher.spot.im/licensing.mp.microsoft.com/localhost.localdomain/login.live.com/logz.io/mail.gan/mail.gandi.net/maurerr.github.io/metacritic.com/mirror.cedia.org.ec/msdl.microsoft.com/mttstr.beacon.qq.com/mywot.com/nationalvanguard.org/nbstream.binance.com/netflix.com/newsletter.biggeekdad.com/nitroflare.com/nymag.com/nypost.com/o307710.ingest.sentry.io/ocsp.apple.com/ocsp.comodoca.com/olympia.prod.mozaws.net/onedrive.live.com/open.spotify.com/ouo.io/ow.ly/pagead2.googlesyndication.com/pgl.yoyo.org/pkg.entware.net/platform.tumblr.com/premaster-spoxy.spot.im/presstv.com/profile.accounts.firefox.com/ps.vk.com/pu.vk.com/queuev4.vk.com/raw.githubusercontent.com/redirector.googlevideo.com/redirector.gvt1.com/res.cloudinary.com/robertsspaceindustries.com/rover.ebay.com/rumble.com/russia-insider.com/rutrk.org/s.shopify.com/s3.amazonaws.com/safebrowsing.googleapis.com/scontent.xx.fbcdn.net/sentry.io/shareasale.com/shavar.services.mozilla.com/sls.update.microsoft.com/smallnetbuilder.com/smarturl.it/snbforums.com/someonewhocares.org/sourceforge.net/spclient.wg.spotify.com/spoxy-shard8.spot.im/ssl.gstatic.com/st6-21.vk.com/st6-22.vk.com/static-cdn.spot.im/static.xx.fbcdn.net/staticxx.facebook.com/storage.googleapis.com/store.globalresearch.ca/support.it-mate.co.uk/sysctl.org/tgc.cloud/tinyurl.com/tnoduse2.blogspot.com/tomshardware.com/tracker.mg64.net/tracker.pomf.se/tracker.trackerfix.com/traffic.spot.im/trk.klclick1.com/trunews.com/turbobit.net/typeform.com/u1584542.ct.sendgrid.net/u2025688.ct.sendgrid.net/v.firebog.net/veteranstoday.com/vu.vk.com/w.hypercomments.com/winhelp2002.mvps.org/wms-eu.amazon-adsystem.com/wms-na.amazon-adsystem.com/wms-na.assoc-amazon.com/ws-eu.amazon-adsystem.com/ws-na.amazon-adsystem.com/easycounter.com/experts-exchange.com/github.developerdan.com/globalresearch.ca/ivi.ru/kernsafe.com/malwaredomainlist.com/pinterest.com/rt.com/sadeempc.com/sevenforums.com/spot.im/stopforumspam.com/yastatic.net/youtube-nocookie.com/zerohedge.com/yt3.ggpht.com/z-na.amazon-adsystem.com/iplists.firehol.org/ipdeny.com/ipapi.co/api.db-ip.com/api.bgpview.io/speedguide.net/otx.alienvault.com/astrill.com/strongpath.net/nwsrv-ns1.asus.com/209.115.181.108/0.ca.pool.ntp.org/Skynet-WhitelistDomains # Skynet
 
Hi, Thanks for confirming my guess. Long lines are never always tolerated... best never to assume!

OK this has broken things at home and the family is getting antsy.. the router was down again this AM.

a) Does anyone know if Adam knows 7.3.0 is severely broken now?
--> OK, an issue was opened ~ 4 hours ago in github (no response yet) -> https://github.com/Adamm00/IPSet_ASUS/issues/80
b) Does anyone know the best way to revert to 7.2.8?
c) I'm sure I have a JFFS backup from BEFORE the last major router upgrade 07 Aug 2021....but won't restoring that JFFS backlevel everything on the router? Is there a way to just pick out the Skynet 7.2.8 executable?
d) I've learned now that best-practice is even before updating AMTM tooling - always take a JFFS backup. IDK that was super critical until now.

Thanks!
 
Last edited:
Hi, Thanks for confirming my guess. Long lines are never always tolerated... best never to assume!

OK this has broken things at home and the family is getting antsy.. the router was down again this AM.

a) Does anyone know if Adam knows 7.3.0 is severely broken now?
--> OK, an issue was opened ~ 4 hours ago in github (no response yet) -> https://github.com/Adamm00/IPSet_ASUS/issues/80
b) Does anyone know the best way to revert to 7.2.8?
c) I'm sure I have a JFFS backup from BEFORE the last major router upgrade 07 Aug 2021....but won't restoring that JFFS backlevel everything on the router? Is there a way to just pick out the Skynet 7.2.8 executable?
d) I've learned now that best-practice is even before updating AMTM tooling - always take a JFFS backup. IDK that was super critical until now.

Thanks!
To completely uninstall:


To reinstall 7.2.8 (if you don't have backup):

 
Hi, Thanks for confirming my guess. Long lines are never always tolerated... best never to assume!

OK this has broken things at home and the family is getting antsy.. the router was down again this AM.

a) Does anyone know if Adam knows 7.3.0 is severely broken now?
--> OK, an issue was opened ~ 4 hours ago in github (no response yet) -> https://github.com/Adamm00/IPSet_ASUS/issues/80
b) Does anyone know the best way to revert to 7.2.8?
c) I'm sure I have a JFFS backup from BEFORE the last major router upgrade 07 Aug 2021....but won't restoring that JFFS backlevel everything on the router? Is there a way to just pick out the Skynet 7.2.8 executable?
d) I've learned now that best-practice is even before updating AMTM tooling - always take a JFFS backup. IDK that was super critical until now.

Thanks!

amtm gave me the ability to revert back to Skynet v7.2.8 just now when I checked for updates. This appears to fix the issue and I was able to remove the sed -i '\~# Skynet~d' "$1" line from dnsmasq.postconf without incident when restarting dnsmasq.
 
^^^ Confirmed 7.2.8 is now in the AMTM menu. I had already removed the offending line and it was not readded this time when dnsmasq restarted. Thank You SO MUCH!!!! Have a great day and weekend!!
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top