Based on Mozilla’s recent announcement (DoH on by default soon), is there a way to add a NXDOMAIN response for the canary domain they query to determine if DoH should be disabled?
DoH can still be manually disabled in Firefox.
Based on Mozilla’s recent announcement (DoH on by default soon), is there a way to add a NXDOMAIN response for the canary domain they query to determine if DoH should be disabled?
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
https://gitlab.com/ookangzheng/dbl-oisd-nl/raw/master/dbl.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adaway.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adblock-nocoin-list/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adguard-simplified/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/anudeepnd-adservers/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-ad/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-malvertising/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-malware/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-tracking/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/easylist/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/easyprivacy/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/eth-phishing-detect/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.2o7net/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.dead/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.risk/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.spam/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/kadhosts/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomainlist.com/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomains.com-immortaldomains/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomains.com-justdomains/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/matomo.org-spammers/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/mitchellkrogza-badd-boyz-hosts/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/pgl.yoyo.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/ransomwaretracker.abuse.ch/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/someonewhocares.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/spam404.com/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/stevenblack/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/winhelp2002.mvps.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/zerodot1-coinblockerlists-browser/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/zeustracker.abuse.ch/list.txt
https://raw.githubusercontent.com/CHEF-KOCH/Audio-fingerprint-pages/master/AudioFp.txt
https://raw.githubusercontent.com/CHEF-KOCH/Canvas-fingerprinting-pages/master/Canvas.txt
https://raw.githubusercontent.com/CHEF-KOCH/WebRTC-tracking/master/WebRTC.txt
https://raw.githubusercontent.com/CHEF-KOCH/CKs-FilterList/master/Anti-Corp/hosts/NSABlocklist.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
https://www.stopforumspam.com/downloads/toxic_domains_whole.txt
You can enable extra logging in ds menu in Diversion. Turn option 6 on and then enable with option 1.Is there a way follow Dnsmasq log file but filter by IP it requested from or at least show the IP at the end of each line? Having 15 devices on the network makes it impossible troubleshoot...
What do you want to do? ds
____________________________________________________
Dnsmasq settings:
See the Dnsmasq man page what these options do:
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
1. Disable Dnsmasq settings
2. log-async
3. cache-size
4. bogus-priv
5. domain-needed
6. log-queries=extra on
/tmp/mnt/apps/entware/var/log# grep 62785 dnsmasq.log
Sep 8 15:43:13 dnsmasq[24652]: 10655 192.168.1.86/62785 query[A] www.snbforums.com from 192.168.1.86
Sep 8 15:43:13 dnsmasq[24652]: 10655 192.168.1.86/62785 forwarded www.snbforums.com to 9.9.9.9
Sep 8 15:43:14 dnsmasq[24652]: 10655 192.168.1.86/62785 reply www.snbforums.com is 104.25.235.15
Sep 8 15:43:14 dnsmasq[24652]: 10655 192.168.1.86/62785 reply www.snbforums.com is 104.25.234.15
Yes, but I’m thinking about preventing children from using it to bypass DNSFilter.DoH can still be manually disabled in Firefox.
Thank you, the menu is confusing, when disabled it just showed "6. log-queries=extra" which I assumed was already logging "extra"You can enable extra logging in ds menu in Diversion. Turn option 6 on and then enable with option 1.
Option 6 must show “on” and then option 1 must be chosen to enable the extra settings, so option 1 will change description from Enable to Disable.Thank you, the menu is confusing, when disabled it just showed "6. log-queries=extra" which I assumed was already logging "extra"
Unfortunately it still doesn't show IP when filtered by blocked domains.
I can get an NXDOMAIN by adding this line to /jffs/scripts/dnsmasq.conf.add:This is probably more of a general dnsmasq question, but applicable to Diversion users with Firefox browsers on their networks.
Based on Mozilla’s recent announcement (DoH on by default soon), is there a way to add a NXDOMAIN response for the canary domain they query to determine if DoH should be disabled?
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
This seems to be the month for everyone to throw obstacles for all the Diversion users.
address=/use-application-dns.net/
Hello all,
I'm new to this forum so welcome everyone.
I'm using Diversion on Asus RT-AC86u with white & blacklists defined.
My whitelist (hosted whitelist) contains, among others,
2.android.pool.ntp.org
graph.facebook.com
cdn.jsdelivr.net
but Diversion still keeps blocking the addresses:
12:11:34 blocked by blacklist 2.android.pool.ntp.org
12:12:26 blocked by blacklist cdn.jsdelivr.net
12:18:26 blocked by blacklist graph.facebook.com
how can enable (whitelist) them?
Thanks!
Yes, but I’m thinking about preventing children from using it to bypass DNSFilter.
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-182#post-513090moreoever:
1) not all of them are within blacklist? And still being blocked?
Enter domain [e=Exit] 2.android.pool.ntp.org
no matches found in used hosts files
Enter domain [e=Exit] jsdelivr.net
no matches found in used hosts files
Enter domain [e=Exit] cdn.jsdelivr.net
no matches found in used hosts files
2) when I look at the main menu I see zero (0) entries on whitelist:
el edit lists 63 w 2833 b 0 wb
although the list is available:
What do you want to do? el
____________________________________________________
Edit lists options
The whitelist deletes exact domains found in
the blocking list.
The blacklist blocks exact domain not found in
the blocking list.
The wildcard-blacklist blocks everything
ending with *domain.com.
Edits are not active until processed
1. Whitelist hosted settings
2. Blacklist hosted settings
3. Edit wildcard-blacklist
4. Process all lists
5. List Settings: Colors on, Pagination 20
Auto-add www/non-www domain off (whitelist only)
6. Delete backup files (4)
Enter your selection [1-6 e=Exit] 1
____________________________________________________
URL of hosted whitelist:
https://xxx/wp-content/uploads/wajt.txt
Although the 86U supports 64-Bit Entware, it runs the standard 32-Bit that the 68U installed just as well, with no performance downside.New member here, who is so highly impressed with ASUS Merlin, Diversion, amtm, Skynet, YazFi that I'm upgrading from 68U to 86U (with an eye to AImesh eventually).
Have loaded ASUS Merlin latest on the 86U, and hand copied over all the parameters/settings for the router. But what about the USB stick and the settings for Diversion et al? I'm guessing that I can't just move the USB stick over, but is there something I can do rather than reformatting it and starting over with curl?
TIA, and thanks again for the great work!
Diversion only uses lines in hosts files that are prepended by an IP address. Everything else is dropped. I have my reasons I do it that way and will not change it.I'm using the same lists that I use in Pi-Hole which have 1,537,825 unique domains, but Diversion shows 652,145 blocked domains. This is due to Diversion is required an IP (0.0.0.0) preppended to each line...it's redundant since it's creates it's own single hosts file with pixelserv-tls ip and makes the list 1/3 bigger...
There will be an option to add the canary domain to Dnsmasq with the next Diversion update.This is probably more of a general dnsmasq question, but applicable to Diversion users with Firefox browsers on their networks.
Based on Mozilla’s recent announcement (DoH on by default soon), is there a way to add a NXDOMAIN response for the canary domain they query to determine if DoH should be disabled?
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
This seems to be the month for everyone to throw obstacles for all the Diversion users.
Select "4. Filtered by term" in f and enter the desired IP.Is there a way follow Dnsmasq log file but filter by IP it requested from or at least show the IP at the end of each line? Having 15 devices on the network makes it impossible troubleshoot...
I was looking in /etc/dnsmasq.conf for another reason and noticed the ptr-record added by Diversion.Diversion 4.0.8 is now available
What's new in Diversion v4.0.8
- Adds pointer record (ptr-record) for pixelserv-tls IP to /etc/dnsmasq.conf
# start of Diversion directives #
ptr-record=192.168.1.2.in-addr.arpa,192.168.1.2
# start of Diversion directives #
ptr-record=2.1.168.192.in-addr.arpa,192.168.1.2
Um...ok...weird, but ok...Diversion only uses lines in hosts files that are prepended by an IP address. Everything else is dropped. I have my reasons I do it that way and will not change it.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!