What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Based on Mozilla’s recent announcement (DoH on by default soon), is there a way to add a NXDOMAIN response for the canary domain they query to determine if DoH should be disabled?

DoH can still be manually disabled in Firefox.
 
Is there a way follow Dnsmasq log file but filter by IP it requested from or at least show the IP at the end of each line? Having 15 devices on the network makes it impossible troubleshoot...

Thank you.


P.S.
I'm using the same lists that I use in Pi-Hole which have 1,537,825 unique domains, but Diversion shows 652,145 blocked domains. This is due to Diversion is required an IP (0.0.0.0) preppended to each line...it's redundant since it's creates it's own single hosts file with pixelserv-tls ip and makes the list 1/3 bigger...

Here is my list:
Code:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
https://gitlab.com/ookangzheng/dbl-oisd-nl/raw/master/dbl.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adaway.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adblock-nocoin-list/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adguard-simplified/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/anudeepnd-adservers/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-ad/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-malvertising/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-malware/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-tracking/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/easylist/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/easyprivacy/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/eth-phishing-detect/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.2o7net/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.dead/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.risk/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.spam/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/kadhosts/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomainlist.com/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomains.com-immortaldomains/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomains.com-justdomains/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/matomo.org-spammers/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/mitchellkrogza-badd-boyz-hosts/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/pgl.yoyo.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/ransomwaretracker.abuse.ch/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/someonewhocares.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/spam404.com/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/stevenblack/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/winhelp2002.mvps.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/zerodot1-coinblockerlists-browser/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/zeustracker.abuse.ch/list.txt
https://raw.githubusercontent.com/CHEF-KOCH/Audio-fingerprint-pages/master/AudioFp.txt
https://raw.githubusercontent.com/CHEF-KOCH/Canvas-fingerprinting-pages/master/Canvas.txt
https://raw.githubusercontent.com/CHEF-KOCH/WebRTC-tracking/master/WebRTC.txt
https://raw.githubusercontent.com/CHEF-KOCH/CKs-FilterList/master/Anti-Corp/hosts/NSABlocklist.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
https://www.stopforumspam.com/downloads/toxic_domains_whole.txt
 
Last edited:
Is there a way follow Dnsmasq log file but filter by IP it requested from or at least show the IP at the end of each line? Having 15 devices on the network makes it impossible troubleshoot...
You can enable extra logging in ds menu in Diversion. Turn option 6 on and then enable with option 1.
Code:
 What do you want to do?  ds
____________________________________________________

 Dnsmasq settings:

 See the Dnsmasq man page what these options do:
 http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

 1. Disable Dnsmasq settings
 2. log-async         
 3. cache-size       
 4. bogus-priv       
 5. domain-needed     
 6. log-queries=extra on
You’ll get logging per client IP and a serial number that helps trace a single query across multiple log lines.

Here’s me searching the log for a query I made from my iPad.
Code:
/tmp/mnt/apps/entware/var/log# grep 62785 dnsmasq.log
Sep  8 15:43:13 dnsmasq[24652]: 10655 192.168.1.86/62785 query[A] www.snbforums.com from 192.168.1.86
Sep  8 15:43:13 dnsmasq[24652]: 10655 192.168.1.86/62785 forwarded www.snbforums.com to 9.9.9.9
Sep  8 15:43:14 dnsmasq[24652]: 10655 192.168.1.86/62785 reply www.snbforums.com is 104.25.235.15
Sep  8 15:43:14 dnsmasq[24652]: 10655 192.168.1.86/62785 reply www.snbforums.com is 104.25.234.15
 
DoH can still be manually disabled in Firefox.
Yes, but I’m thinking about preventing children from using it to bypass DNSFilter.
 
You can enable extra logging in ds menu in Diversion. Turn option 6 on and then enable with option 1.
Thank you, the menu is confusing, when disabled it just showed "6. log-queries=extra" which I assumed was already logging "extra"

Unfortunately it still doesn't show IP when filtered by blocked domains.
 
Thank you, the menu is confusing, when disabled it just showed "6. log-queries=extra" which I assumed was already logging "extra"

Unfortunately it still doesn't show IP when filtered by blocked domains.
Option 6 must show “on” and then option 1 must be chosen to enable the extra settings, so option 1 will change description from Enable to Disable.

I’m very disturbed by your avatar. :eek:
 
This is probably more of a general dnsmasq question, but applicable to Diversion users with Firefox browsers on their networks.

Based on Mozilla’s recent announcement (DoH on by default soon), is there a way to add a NXDOMAIN response for the canary domain they query to determine if DoH should be disabled?

https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https

This seems to be the month for everyone to throw obstacles for all the Diversion users.
I can get an NXDOMAIN by adding this line to /jffs/scripts/dnsmasq.conf.add:
Code:
address=/use-application-dns.net/
 
Hello all,
I'm new to this forum so welcome everyone.

I'm using Diversion on Asus RT-AC86u with white & blacklists defined.
My whitelist (hosted whitelist) contains, among others,

2.android.pool.ntp.org
graph.facebook.com
cdn.jsdelivr.net

but Diversion still keeps blocking the addresses:

12:11:34 blocked by blacklist 2.android.pool.ntp.org
12:12:26 blocked by blacklist cdn.jsdelivr.net
12:18:26 blocked by blacklist graph.facebook.com

how can enable (whitelist) them?

Thanks!
 
Hello all,
I'm new to this forum so welcome everyone.

I'm using Diversion on Asus RT-AC86u with white & blacklists defined.
My whitelist (hosted whitelist) contains, among others,

2.android.pool.ntp.org
graph.facebook.com
cdn.jsdelivr.net

but Diversion still keeps blocking the addresses:

12:11:34 blocked by blacklist 2.android.pool.ntp.org
12:12:26 blocked by blacklist cdn.jsdelivr.net
12:18:26 blocked by blacklist graph.facebook.com

how can enable (whitelist) them?

Thanks!

Remove those domains from the blacklist.
 
Enter domain [e=Exit] graph.facebook.com

graph.facebook.com
was found in the following list(s):

adblock.mahakala.is


===========
how can now I remove it? I'm using "composition Medium"
 
moreoever:

1) not all of them are within blacklist? And still being blocked?

Enter domain [e=Exit] 2.android.pool.ntp.org
no matches found in used hosts files

Enter domain [e=Exit] jsdelivr.net
no matches found in used hosts files

Enter domain [e=Exit] cdn.jsdelivr.net
no matches found in used hosts files


2) when I look at the main menu I see zero (0) entries on whitelist:
el edit lists 63 w 2833 b 0 wb

although the list is available:


What do you want to do? el
____________________________________________________

Edit lists options

The whitelist deletes exact domains found in
the blocking list.
The blacklist blocks exact domain not found in
the blocking list.
The wildcard-blacklist blocks everything
ending with *domain.com.

Edits are not active until processed

1. Whitelist hosted settings
2. Blacklist hosted settings
3. Edit wildcard-blacklist
4. Process all lists
5. List Settings: Colors on, Pagination 20
Auto-add www/non-www domain off (whitelist only)
6. Delete backup files (4)

Enter your selection [1-6 e=Exit] 1
____________________________________________________

URL of hosted whitelist:
https://xxx/wp-content/uploads/wajt.txt
 
Last edited:
Yes, but I’m thinking about preventing children from using it to bypass DNSFilter.

Mozilla claims they are trying to detect the presence of parental control services, and when they do they disable DoH support. how they achieve that and how reliable it is is unknown however.

This was one of the reasons why I think their decision to turn DoH on by default is retarded, and short-sighted. A browser should focus on web browsing, and let the OS resolver do the resolving.
 
moreoever:

1) not all of them are within blacklist? And still being blocked?

Enter domain [e=Exit] 2.android.pool.ntp.org
no matches found in used hosts files

Enter domain [e=Exit] jsdelivr.net
no matches found in used hosts files

Enter domain [e=Exit] cdn.jsdelivr.net
no matches found in used hosts files


2) when I look at the main menu I see zero (0) entries on whitelist:
el edit lists 63 w 2833 b 0 wb

although the list is available:


What do you want to do? el
____________________________________________________

Edit lists options

The whitelist deletes exact domains found in
the blocking list.
The blacklist blocks exact domain not found in
the blocking list.
The wildcard-blacklist blocks everything
ending with *domain.com.

Edits are not active until processed

1. Whitelist hosted settings
2. Blacklist hosted settings
3. Edit wildcard-blacklist
4. Process all lists
5. List Settings: Colors on, Pagination 20
Auto-add www/non-www domain off (whitelist only)
6. Delete backup files (4)

Enter your selection [1-6 e=Exit] 1
____________________________________________________

URL of hosted whitelist:
https://xxx/wp-content/uploads/wajt.txt
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-182#post-513090
 
New member here, who is so highly impressed with ASUS Merlin, Diversion, amtm, Skynet, YazFi that I'm upgrading from 68U to 86U (with an eye to AImesh eventually).

Have loaded ASUS Merlin latest on the 86U, and hand copied over all the parameters/settings for the router. But what about the USB stick and the settings for Diversion et al? I'm guessing that I can't just move the USB stick over, but is there something I can do rather than reformatting it and starting over with curl?

TIA, and thanks again for the great work!
 
New member here, who is so highly impressed with ASUS Merlin, Diversion, amtm, Skynet, YazFi that I'm upgrading from 68U to 86U (with an eye to AImesh eventually).

Have loaded ASUS Merlin latest on the 86U, and hand copied over all the parameters/settings for the router. But what about the USB stick and the settings for Diversion et al? I'm guessing that I can't just move the USB stick over, but is there something I can do rather than reformatting it and starting over with curl?

TIA, and thanks again for the great work!
Although the 86U supports 64-Bit Entware, it runs the standard 32-Bit that the 68U installed just as well, with no performance downside.

Plug the USB Device into the 86U and then run the amtm install command from the website: https://diversion.ch/amtm.html

In amtm, select to install Diversion.
It'll offer the options to restore the previous version or a fresh new install. Select to restore.
Everything Diversion related will be as with your old router.

Then select to install Skynet in amtm, it will find the previous installation and use those settings too (I believe).
I'm not sure about YazFi, it stores its files in jffs so you'll have to reconfigure that during installation.
 
I'm using the same lists that I use in Pi-Hole which have 1,537,825 unique domains, but Diversion shows 652,145 blocked domains. This is due to Diversion is required an IP (0.0.0.0) preppended to each line...it's redundant since it's creates it's own single hosts file with pixelserv-tls ip and makes the list 1/3 bigger...
Diversion only uses lines in hosts files that are prepended by an IP address. Everything else is dropped. I have my reasons I do it that way and will not change it.
 
This is probably more of a general dnsmasq question, but applicable to Diversion users with Firefox browsers on their networks.

Based on Mozilla’s recent announcement (DoH on by default soon), is there a way to add a NXDOMAIN response for the canary domain they query to determine if DoH should be disabled?

https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https

This seems to be the month for everyone to throw obstacles for all the Diversion users.
There will be an option to add the canary domain to Dnsmasq with the next Diversion update.
 
Is there a way follow Dnsmasq log file but filter by IP it requested from or at least show the IP at the end of each line? Having 15 devices on the network makes it impossible troubleshoot...
Select "4. Filtered by term" in f and enter the desired IP.
 
Diversion 4.0.8 is now available

What's new in Diversion v4.0.8

- Adds pointer record (ptr-record) for pixelserv-tls IP to /etc/dnsmasq.conf
I was looking in /etc/dnsmasq.conf for another reason and noticed the ptr-record added by Diversion.
Code:
# start of Diversion directives #
ptr-record=192.168.1.2.in-addr.arpa,192.168.1.2
My question is, shouldn’t the IP be reversed?
Code:
# start of Diversion directives #
ptr-record=2.1.168.192.in-addr.arpa,192.168.1.2
I don’t know much about ptr records, but I’m wondering if this is working as designed.
 
Diversion only uses lines in hosts files that are prepended by an IP address. Everything else is dropped. I have my reasons I do it that way and will not change it.
Um...ok...weird, but ok...
So if anyone needed, here is a PHP script that can be used to automatically convert lists into Diversion format. Simply point your list to it in Diversion, appending actual list as url query:
http://yourwebsiteaddress/get.php?u=https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt

 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top