Ive been on 4.1 since release. it is latest versionWhich version of amtm are you running?
Ive been on 4.1 since release. it is latest versionWhich version of amtm are you running?
I’m all out of ideas, sorry.It's all the default "Standard" and even tried the "Small". Happens both times on fresh install. Just a a weird error i cant seem to figure out
Ive been on 4.1 since release. it is latest version
According to his code, it seems to have to do with the dnsmasq.conf file... specifically, if the entry "conf-dir=/opt/share/diversion/list,*" doesn't appear in your /etc/dnsmasq.conf file, it will wait and go through a loop to give you the "Waiting for blocking list entry" message.Hey i keep getting this error when installing:
At the end of install it repeats
Waiting for blocking list entry...
Waiting for blocking list entry...
Then it times out
Also, i am not seeing the diversion tab in the UI anymore under the LAN tab like normal.
RT-AX86U
Check the routers SysLog, Dnsmasq will say what’s not compliant.Hey i keep getting this error when installing:
At the end of install it repeats
Waiting for blocking list entry...
Waiting for blocking list entry...
Then it times out
Also, i am not seeing the diversion tab in the UI anymore under the LAN tab like normal.
RT-AX86U
4.1. If no update is available your on the latest version. I released amtm 4.1 and Diversion 5.0 at the same time, hence the remark in the release threads for both amtm and Diversion.Which version of amtm are you running?
Check the routers SysLog, Dnsmasq will say what’s not compliant.
What extra dns service are you running on the router?Jan 5 13:49:18 dnsmasq[15986]: using nameserver 127.0.0.1#5342
Damn nice catch, @dave14305!What extra dns service are you running on the router?
NextDNS is known to play badly with dnsmasq and other addons’ customizations.
is NXDOMAIN
is catching DNSSEC lines like these:Jan 5 16:54:06 dnsmasq[21995]: 107425 192.168.1.187/64162 reply metadata.google.internal is NXDOMAIN (DNSSEC signed)
config .* is NXDOMAIN$
is a more specific search string.local=/home.arpa/
778 wpad.home.arpa
633 lb._dns-sd._udp.home.arpa
606 _dns.resolver.arpa
494 metrics.icloud.com
404 b._dns-sd._udp.home.arpa
403 db._dns-sd._udp.home.arpa
150 app-measurement.com
143 wpad.<redacted>.local
114 <redacted>.local
113 securepubads.g.doubleclick.net
The top 10 blocked ad domains were:
--------------------------------------------------------
778 wpad.home.arpa blocked
633 lb._dns-sd._udp.home.arpa blocked
Thanks Dave, it‘s observation like yours that help me most when fine-tuning.Hi @thelonelycoder,
I have a problem with the weekly stats collection, specific to the top 10 blocked domains.
These are the initial top 10 blocked domains (running your awk commands from stats.div directly):
- The filter on
is NXDOMAIN
is catching DNSSEC lines like these:
Jan 5 16:54:06 dnsmasq[21995]: 107425 192.168.1.187/64162 reply metadata.google.internal is NXDOMAIN (DNSSEC signed)
and this is putting NXDOMAIN (NF-2) in the temporary list of blocked domains. Maybeconfig .* is NXDOMAIN$
is a more specific search string.- The top 10 blocked domains includes a lot of NXDOMAIN results for my local domain (home.arpa), due to the dnsmasq config for
local=/home.arpa/
- Blocked domains that are a sub-domain of a blocked wildcard domain aren't reported as being from the blockinglist.conf. See securepubads example below.
The resulting stats report shows only 2 domains in the report:Code:778 wpad.home.arpa 633 lb._dns-sd._udp.home.arpa 606 _dns.resolver.arpa 494 metrics.icloud.com 404 b._dns-sd._udp.home.arpa 403 db._dns-sd._udp.home.arpa 150 app-measurement.com 143 wpad.<redacted>.local 114 <redacted>.local 113 securepubads.g.doubleclick.net
I see a couple issues: it detects 2 domains of the 10 as being in the blockinglist.conf, but it displays the wrong 2. metrics.icloud.com and app-measurement.com are direct matches from OISD Small. securepubads.g.doubleclick.net isn't a direct match, but is covered by g.doubleclick.net in the OISD Small list.Code:The top 10 blocked ad domains were: -------------------------------------------------------- 778 wpad.home.arpa blocked 633 lb._dns-sd._udp.home.arpa blocked
Congratulations on the big 5.0! This definitely swayed me in my decision to purchase a new Asus router (RT-AX88U PRO)!
Hope this report is helpful.
I tried a lot of other adblockers on other platforms in my "Prodigal Son" phase and was always wishing they worked more like Diversion, especially around logging and stats. I'm very happy to help improve things here in any way I can.I hope you are aware that 5.0 is also your brainchild. Your post back then triggered this massive rewrite. And I expected a few flaws and inconsistencies upon release. They all will be sorted out given some time and patience.
What can I say but “your a good man / lad” or some other variation therof.I tried a lot of other adblockers on other platforms in my "Prodigal Son" phase and was always wishing they worked more like Diversion, especially around logging and stats. I'm very happy to help improve things here in any way I can.
openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"
Error Loading extension section v3_ca
4144742400:error:22097069:lib(34):func(151):reason(105):NA:0:name=subjectAltName,section=@alt_names
4144742400:error:22098080:lib(34):func(152):reason(128):NA:0:name=subjectAltName, value=@alt_names
openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions usr_cert -out ca.crt -subj "/CN=Pixelserv CA"
Look at the very first post, there is a section called Diversion post-update notes. Look at the second line if it can help.Now, of course, there isn't. How do I get the certificate? Via WinSCP?
Look at the very first post, there is a section called Diversion post-update notes. Look at the second line if it can help.
pixelserv has been deprecated from Diversion 5.0.Yes, following that guide (which always worked), I encountered this problem.
Yes do it like this and now seems working fine. Thanks.Reset your blocking files. then try one of the pre-selected blocking lists to see if that works. If it works, make sure that your lists are compatible with the new Diversion. Everything should work the same in the latest version, there is no reason to downgrade.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!