Diversion Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024

[Treadler]

What would you call it if not bugs?
I don't use any custom lists or settings, everything is vanilla and I get internet interruptions on several devices and websites either load slow or incorrectly at times.

No other custom scripts are running, no custom scripts/settings in the router. Its as vanilla as it gets.

Not experienced here with Diversion, working just fine.

 

[Ripshod]

What would you call it if not bugs?
I don't use any custom lists or settings, everything is vanilla and I get internet interruptions on several devices and websites either load slow or incorrectly at times.

No other custom scripts are running, no custom scripts/settings in the router. Its as vanilla as it gets.

I don't recall seeing a description of what problems you're experiencing. I don't recall seeing a router model or firmware version. That would help.
Without any information no-one can point you in right direction.
Running fine here - all info in my signature

 

[Boji]

That's a false positive, the blocked subdomain in both files is incoming-telemetry.thunderbird.net which does not block your original domain.

Solved;

I seem to have fixed the issue, I believe a reboot solved the problem.

I had set in my windows hosts file: 192.168.50.2 live.thunderbird.net
Yesterday, #'ing it did not solve the problem, nor did flushing dns cache. After commenting out that line in the hosts file and flushing dns failed to solve the problem, I had decided to post on here...

But, it seems a reboot fixed the problem.

I thought the hosts file was dynamically loaded/updated w/o reboot; i also reloaded the browser, and used a private window, that did not flush the dns

 

[KGB7]

I don't recall seeing a description of what problems you're experiencing. I don't recall seeing a router model or firmware version. That would help.
Without any information no-one can point you in right direction.
Running fine here - all info in my signature

Router; AC68
Frimware; Merlin 386.13
Issues; Internet randomly stops twice a day for a 1-2 minutes. There are no errors in the logs. Turning off and on wifi on devices does not solve the issue. I have to sit there for 2 min and just wait for internet to start working.

Removing diversion has solved the problem.

 

[dave14305]

Internet randomly stops twice a day for a 1-2 minutes. There are no errors in the logs.

Reminds me of trying to use too large a list with Diversion back when I had an AC68U. Worked fine with Standard though (back in Diversion 4.x).

 

[thelonelycoder]

Solved; skip to the bottom

No, I don't think you understand. I specifically block live.thunderbird.net in my own denylist.

For clarification:

View attachment 59788

How is diversion blocklist intercepting live.thunderbird.net when I use third party DoH in Waterfox G6 on a Windows machine?

I'm using max protection / nextdns in Waterfox G6, in Windows.

Using nextdns app on ios effectively bypasses diversion for live.thunderbird.net; this is using a vpn profile on ios 12.5.7; and the same result occurs with dns profile on ios 16.7.8. This is what I want.

The PROBLEM is on windows desktop with Waterfox G6.

When I use waterfox G6 in order to bypass diversion, which is configured to use its own built in DoH dns service, certain domains are being intercepted by diversion, particularly, those in my diversion blocklist, specifically live.thunderbird.net

How is this possible, and how do I stop that from happening?

I use Waterfox G6 as a debugging browser to test and bypass items in my routers domain based blocklists. In this instance, it is not working.

Update:

I seem to have fixed the issue, I believe a reboot solved the problem.

I had set in my windows hosts file: 192.168.50.2 live.thunderbird.net
Yesterday, #'ing it did not solve the problem, nor did flushing dns cache. After commenting out that line in the hosts file and flushing dns, I had decided to post on here...

But, it seems a reboot fixed the problem.

Yeah, and of course Diversion is to blame first.

 

[Boji]

Yeah, and of course Diversion is to blame first.

Yeah, it is the last thing I suspected, but the only thing that I could think of after checking acryclic dns and windows hosts. Windows shouldn't require a reboot to reload hosts or flush the dns.

 

[thelonelycoder]

It is the last thing I suspected, but the only thing that I could think of after checking acryclic dns and windows hosts. Windows shouldn't require a reboot to flush the dns.

View attachment 59791

ipconfig/flushdns

 

[thelonelycoder]

Yeah, it is the last thing I suspected, but the only thing that I could think of after checking acryclic dns and windows hosts. Windows shouldn't require a reboot to flush the dns.

View attachment 59791

And Firefox / Waterfox can be a pain in the butt to clear caches.

 

[Boji]

ipconfig/flushdns

Yup I ran that and it didn't stop the problem.

 

[Boji]

And Firefox / Waterfox can be a pain in the butt to clear caches.

Yeah... that is probably the issue. i never tried restarting acrylic as is only running as a forwarding proxy. But I could have tried that just to be sure.

I use acrylic to prevent ptr and AAAA requests, which cuts the diversion log in half; it also acts to reduce attack surface area by preventing potentially insecure DNS query types from leaving the system

; In the following example only the requests for A, AAAA, MX and SRV query types get forwarded to the primary DNS
; server:
; The supported query types are:
;
; A            NS           MD           MF           CNAME
; SOA          MB           MG           MR           NULL
; WKS          PTR          HINFO        MINFO        MX
; TXT          RP           AFSDB        X25          ISDN
; RT           NSAP         NSAPPTR      SIG          KEY
; PX           GPOS         AAAA         LOC          NXT
; EID          NIMLOC       SRV          ATMA         NAPTR
; KX           CERT         A6           DNAME        SINK
; OPT          APL          DS           SSHFP        IPSECKEY
; RRSIG        NSEC         DNSKEY       DHCID        NSEC3
; NSEC3PARAM   TLSA         HIP          NINFO        RKEY
; TALINK       CDS          CDNSKEY      OPENPGPKEY   CSYNC
; SPF          UINFO        UID          GID          UNSPEC
; NID          L32          L64          LP           EUI48
; EUI64        ADDRS        TKEY         TSIG         IXFR
; AXFR         MAILB        MAILA        ALL          URI
; CAA          TA           DLV          WINS         WINSR
;
;
; PrimaryServerQueryTypeAffinityMask=A;AAAA;MX;SRV
;PrimaryServerQueryTypeAffinityMask=A;CNAME
;
; All DNS query types are supported, either explicitly using A, AAAA, CNAME, MX, NS, PTR, SOA, SRV and TXT or implicitly
; using their decimal values.
;
PrimaryServerQueryTypeAffinityMask=A;CNAME

You see I only allow A and CNAME through. I backed up this list of dns section, as it was removed from subsequent versions of acrylic.


Just a little tip, maybe some will find it useful for diversion!

 

[KGB7]

Reminds me of trying to use too large a list with Diversion back when I had an AC68U. Worked fine with Standard though (back in Diversion 4.x).

I haven't made any changes to diversion after installing it and it was running standard size list from the get go.

 

[visortgw]

What other third-party scripts are you running?

 

[KGB7]

What other third-party scripts are you running?

Im not running any other scripts.

 

[thelonelycoder]

Im not running any other scripts.

Did you ever look in the Syslog for clues?

 

[KGB7]

Did you ever look in the Syslog for clues?

Unfortunately I did not. If I have time this weekend, I will reinstall Diversion and see if anything shows up in the logs. Thanks for the reminder.