Diversion Diversion 5.4.1 - the Router Ad-Blocker, December 15, 2024

[Mogsy]

I had to remove these domains from the block list, because they were messing with streaming on Apple TV app.

mask.icloud.com
mask-h2.icloud.com
mask-canary.icloud.com

It will be mask-canary.icloud.com that causing it. I have both mask and mask-h2 blocked, no problem with Apple TV streaming

 

[Rhialto]

I had to remove these domains from the block list, because they were messing with streaming on Apple TV app.

What kind? I just added those blindly to my block list thinking it may help with ads on AppleTV. We watch some YT videos with it and stream movies with Infuse from a NAS running Jellyfin. I haven't tested since I added those 3 domains.

 

[KGB7]

What kind? I just added those blindly to my block list thinking it may help with ads on AppleTV. We watch some YT videos with it and stream movies with Infuse from a NAS running Jellyfin. I haven't tested since I added those 3 domains.

This is only for Apple TV app on Apple TV device. Other apps on Apple TV device work fine. The issue that I was having, is that a video would randomly stop streaming several times and automatically resume.

I haven't tested Apple TV app on MacBook or on iPhone.

 

[KGB7]

It will be mask-canary.icloud.com that causing it. I have both mask and mask-h2 blocked, no problem with Apple TV streaming

I honestly see no reason to block those domains since I primarily use Apple devices.

 

[visortgw]

I honestly see no reason to block those domains since I primarily use Apple devices.

Blocking these domains also apparently adversely affects iOS 18.2 (possibly other versions as well) devices from checking and downloading e-mail using Apple's Mail app.

 

[Ellenswamy]

Not sure if this was asked, is there a way to disable by iOS shortcut for a certain amount of time and re-enable?

 

[thelonelycoder]

Not sure if this was asked, is there a way to disable by iOS shortcut for a certain amount of time and re-enable?

That may come with a next release.

 

[Treadler]

Blocking these domains also apparently adversely affects iOS 18.2 (possibly other versions as well) devices from checking and downloading e-mail using Apple's Mail app.

You bewdy!

Fixed my Apple Mail problem. Looking at you Controld dns……..

EDIT: Adguard DNS was the fix for me.

 

[thelonelycoder]

I had to remove these domains from the block list, because they were messing with streaming on Apple TV app.

mask.icloud.com
mask-h2.icloud.com
mask-canary.icloud.com

An observation to consider.
When /WAN/Prevent client auto DoH is set to Yes or Auto on the router, the following directives are set in dnsmasq.conf:

address=/use-application-dns.net/
address=/_dns.resolver.arpa/
address=/mask.icloud.com/mask-h2.icloud.com/

This blocks these two *.icloud.com domains from resolving.

So, with this set and I then add mask.icloud.com and mask-h2.icloud.com to the allowlist in Diversion they then resolve correctly to their IP Address even though dnsmasq.conf still has them blocked. This may be the magic of Diversion but it makes no sense to me. Technically they should still be blocked.

 

[Treadler]

An observation to consider.
When /WAN/Prevent client auto DoH is set to Yes or Auto on the router, the following directives are set in dnsmasq.conf:

address=/use-application-dns.net/
address=/_dns.resolver.arpa/
address=/mask.icloud.com/mask-h2.icloud.com/

This blocks these two *.icloud.com domains from resolving.

So, with this set and I then add mask.icloud.com and mask-h2.icloud.com to the allowlist in Diversion they then resolve correctly to their IP Address even though dnsmasq.conf still has them blocked. This may be the magic of Diversion but it makes no sense to me. Technically they should still be blocked.

All Apple here. I long ago set the auto DoH = no. Everything just seemed a little more snappy.

 

[thelonelycoder]

All Apple here. I long ago set the auto DoH = no. Everything just seemed a little more snappy.

Setting it to No allows iOS devices and some Browsers to use their own hard-coded IP and thus circumnavigating Diversion. This is what I want to prevent.

 

[Mogsy]

All Apple here. I long ago set the auto DoH = no. Everything just seemed a little more snappy.

I think Apple have their own load balancing dns or DNS discovery to make everything works ok. I have multiple guests network, and I use Adguard for iOS and have set DNS server to System default when I am home, and Nextdns TLS when I am out. Setting Auto DoH to Yes should be no problem for Apple ecosystem. These normally hits when I ran a trial on different guest network if Apple devices having hard time communicating with each other.

lb._dns-sd._udp.6.0.0.192.in-addr.arpa
lb._dns-sd._udp.0.50.168.192.in-addr.arpa

If these appears, I just restart my iPhone and they are gone.

Router IP address 192.168.50.1, I guess 192.0.0.6 hitting lb dns is because I have Adguard running as pseudo VPN.