DoH can still be manually disabled in Firefox.
Diversion Diversion - the Router Ad-Blocker
- Thread starter thelonelycoder
- Start date
DoH can still be manually disabled in Firefox.
V@no
Occasional Visitor
Is there a way follow Dnsmasq log file but filter by IP it requested from or at least show the IP at the end of each line? Having 15 devices on the network makes it impossible troubleshoot...
Thank you.
P.S.
I'm using the same lists that I use in Pi-Hole which have 1,537,825 unique domains, but Diversion shows 652,145 blocked domains. This is due to Diversion is required an IP (0.0.0.0) preppended to each line...it's redundant since it's creates it's own single hosts file with pixelserv-tls ip and makes the list 1/3 bigger...
Here is my list:
Thank you.
P.S.
I'm using the same lists that I use in Pi-Hole which have 1,537,825 unique domains, but Diversion shows 652,145 blocked domains. This is due to Diversion is required an IP (0.0.0.0) preppended to each line...it's redundant since it's creates it's own single hosts file with pixelserv-tls ip and makes the list 1/3 bigger...
Here is my list:
Code:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
https://gitlab.com/ookangzheng/dbl-oisd-nl/raw/master/dbl.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adaway.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adblock-nocoin-list/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/adguard-simplified/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/anudeepnd-adservers/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-ad/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-malvertising/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-malware/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/disconnect.me-tracking/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/easylist/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/easyprivacy/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/eth-phishing-detect/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.2o7net/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.dead/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.risk/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/fademind-add.spam/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/kadhosts/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomainlist.com/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomains.com-immortaldomains/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/malwaredomains.com-justdomains/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/matomo.org-spammers/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/mitchellkrogza-badd-boyz-hosts/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/pgl.yoyo.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/ransomwaretracker.abuse.ch/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/someonewhocares.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/spam404.com/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/stevenblack/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/winhelp2002.mvps.org/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/zerodot1-coinblockerlists-browser/list.txt
https://raw.githubusercontent.com/hectorm/hmirror/master/data/zeustracker.abuse.ch/list.txt
https://raw.githubusercontent.com/CHEF-KOCH/Audio-fingerprint-pages/master/AudioFp.txt
https://raw.githubusercontent.com/CHEF-KOCH/Canvas-fingerprinting-pages/master/Canvas.txt
https://raw.githubusercontent.com/CHEF-KOCH/WebRTC-tracking/master/WebRTC.txt
https://raw.githubusercontent.com/CHEF-KOCH/CKs-FilterList/master/Anti-Corp/hosts/NSABlocklist.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
https://www.stopforumspam.com/downloads/toxic_domains_whole.txt
Last edited:
dave14305
Part of the Furniture
You can enable extra logging in ds menu in Diversion. Turn option 6 on and then enable with option 1.
Code:
What do you want to do? ds
____________________________________________________
Dnsmasq settings:
See the Dnsmasq man page what these options do:
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
1. Disable Dnsmasq settings
2. log-async
3. cache-size
4. bogus-priv
5. domain-needed
6. log-queries=extra onHere’s me searching the log for a query I made from my iPad.
Code:
/tmp/mnt/apps/entware/var/log# grep 62785 dnsmasq.log
Sep 8 15:43:13 dnsmasq[24652]: 10655 192.168.1.86/62785 query[A] www.snbforums.com from 192.168.1.86
Sep 8 15:43:13 dnsmasq[24652]: 10655 192.168.1.86/62785 forwarded www.snbforums.com to 9.9.9.9
Sep 8 15:43:14 dnsmasq[24652]: 10655 192.168.1.86/62785 reply www.snbforums.com is 104.25.235.15
Sep 8 15:43:14 dnsmasq[24652]: 10655 192.168.1.86/62785 reply www.snbforums.com is 104.25.234.15dave14305
Part of the Furniture
Yes, but I’m thinking about preventing children from using it to bypass DNSFilter.
V@no
Occasional Visitor
Thank you, the menu is confusing, when disabled it just showed "6. log-queries=extra" which I assumed was already logging "extra"
Unfortunately it still doesn't show IP when filtered by blocked domains.
dave14305
Part of the Furniture
Option 6 must show “on” and then option 1 must be chosen to enable the extra settings, so option 1 will change description from Enable to Disable.
I’m very disturbed by your avatar.
dave14305
Part of the Furniture
I can get an NXDOMAIN by adding this line to /jffs/scripts/dnsmasq.conf.add:
Code:
address=/use-application-dns.net/Hello all,
I'm new to this forum so welcome everyone.
I'm using Diversion on Asus RT-AC86u with white & blacklists defined.
My whitelist (hosted whitelist) contains, among others,
2.android.pool.ntp.org
graph.facebook.com
cdn.jsdelivr.net
but Diversion still keeps blocking the addresses:
12:11:34 blocked by blacklist 2.android.pool.ntp.org
12:12:26 blocked by blacklist cdn.jsdelivr.net
12:18:26 blocked by blacklist graph.facebook.com
how can enable (whitelist) them?
Thanks!
I'm new to this forum so welcome everyone.
I'm using Diversion on Asus RT-AC86u with white & blacklists defined.
My whitelist (hosted whitelist) contains, among others,
2.android.pool.ntp.org
graph.facebook.com
cdn.jsdelivr.net
but Diversion still keeps blocking the addresses:
12:11:34 blocked by blacklist 2.android.pool.ntp.org
12:12:26 blocked by blacklist cdn.jsdelivr.net
12:18:26 blocked by blacklist graph.facebook.com
how can enable (whitelist) them?
Thanks!
thelonelycoder
Part of the Furniture
Remove those domains from the blacklist.
moreoever:
1) not all of them are within blacklist? And still being blocked?
Enter domain [e=Exit] 2.android.pool.ntp.org
no matches found in used hosts files
Enter domain [e=Exit] jsdelivr.net
no matches found in used hosts files
Enter domain [e=Exit] cdn.jsdelivr.net
no matches found in used hosts files
2) when I look at the main menu I see zero (0) entries on whitelist:
el edit lists 63 w 2833 b 0 wb
although the list is available:
What do you want to do? el
____________________________________________________
Edit lists options
The whitelist deletes exact domains found in
the blocking list.
The blacklist blocks exact domain not found in
the blocking list.
The wildcard-blacklist blocks everything
ending with *domain.com.
Edits are not active until processed
1. Whitelist hosted settings
2. Blacklist hosted settings
3. Edit wildcard-blacklist
4. Process all lists
5. List Settings: Colors on, Pagination 20
Auto-add www/non-www domain off (whitelist only)
6. Delete backup files (4)
Enter your selection [1-6 e=Exit] 1
____________________________________________________
URL of hosted whitelist:
https://xxx/wp-content/uploads/wajt.txt
1) not all of them are within blacklist? And still being blocked?
Enter domain [e=Exit] 2.android.pool.ntp.org
no matches found in used hosts files
Enter domain [e=Exit] jsdelivr.net
no matches found in used hosts files
Enter domain [e=Exit] cdn.jsdelivr.net
no matches found in used hosts files
2) when I look at the main menu I see zero (0) entries on whitelist:
el edit lists 63 w 2833 b 0 wb
although the list is available:
What do you want to do? el
____________________________________________________
Edit lists options
The whitelist deletes exact domains found in
the blocking list.
The blacklist blocks exact domain not found in
the blocking list.
The wildcard-blacklist blocks everything
ending with *domain.com.
Edits are not active until processed
1. Whitelist hosted settings
2. Blacklist hosted settings
3. Edit wildcard-blacklist
4. Process all lists
5. List Settings: Colors on, Pagination 20
Auto-add www/non-www domain off (whitelist only)
6. Delete backup files (4)
Enter your selection [1-6 e=Exit] 1
____________________________________________________
URL of hosted whitelist:
https://xxx/wp-content/uploads/wajt.txt
Last edited:
Mozilla claims they are trying to detect the presence of parental control services, and when they do they disable DoH support. how they achieve that and how reliable it is is unknown however.
This was one of the reasons why I think their decision to turn DoH on by default is retarded, and short-sighted. A browser should focus on web browsing, and let the OS resolver do the resolving.
layingback
New Around Here
New member here, who is so highly impressed with ASUS Merlin, Diversion, amtm, Skynet, YazFi that I'm upgrading from 68U to 86U (with an eye to AImesh eventually).
Have loaded ASUS Merlin latest on the 86U, and hand copied over all the parameters/settings for the router. But what about the USB stick and the settings for Diversion et al? I'm guessing that I can't just move the USB stick over, but is there something I can do rather than reformatting it and starting over with curl?
TIA, and thanks again for the great work!
Have loaded ASUS Merlin latest on the 86U, and hand copied over all the parameters/settings for the router. But what about the USB stick and the settings for Diversion et al? I'm guessing that I can't just move the USB stick over, but is there something I can do rather than reformatting it and starting over with curl?
TIA, and thanks again for the great work!
thelonelycoder
Part of the Furniture
Although the 86U supports 64-Bit Entware, it runs the standard 32-Bit that the 68U installed just as well, with no performance downside.
Plug the USB Device into the 86U and then run the amtm install command from the website: https://diversion.ch/amtm.html
In amtm, select to install Diversion.
It'll offer the options to restore the previous version or a fresh new install. Select to restore.
Everything Diversion related will be as with your old router.
Then select to install Skynet in amtm, it will find the previous installation and use those settings too (I believe).
I'm not sure about YazFi, it stores its files in jffs so you'll have to reconfigure that during installation.
thelonelycoder
Part of the Furniture
Diversion only uses lines in hosts files that are prepended by an IP address. Everything else is dropped. I have my reasons I do it that way and will not change it.
thelonelycoder
Part of the Furniture
There will be an option to add the canary domain to Dnsmasq with the next Diversion update.
thelonelycoder
Part of the Furniture
Select "4. Filtered by term" in f and enter the desired IP.
dave14305
Part of the Furniture
I was looking in /etc/dnsmasq.conf for another reason and noticed the ptr-record added by Diversion.
Code:
# start of Diversion directives #
ptr-record=192.168.1.2.in-addr.arpa,192.168.1.2
Code:
# start of Diversion directives #
ptr-record=2.1.168.192.in-addr.arpa,192.168.1.2V@no
Occasional Visitor
Um...ok...weird, but ok...
So if anyone needed, here is a PHP script that can be used to automatically convert lists into Diversion format. Simply point your list to it in Diversion, appending actual list as url query:
http://yourwebsiteaddress/get.php?u=https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
Last edited:
Similar threads
Similar threads
Similar threads
-
Diversion Diversion 5.3 - the Router Ad-Blocker, August 11, 2024
- Started by thelonelycoder
- Replies: 26
-
Diversion Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024
- Started by thelonelycoder
- Replies: 695
-
-
-
-
Diversion Diversion and Breezeline Customer Portal
- Started by Fox23
- Replies: 5
-
Is Diversion better than NextDNS, PiHole or AdGuard Home?
- Started by Logi
- Replies: 10
-
Diversion Diversion install is getting the best of me- Started by keef
- Replies: 10
-
Skynet SkyNet and Diversion have conflicts when using user defined DNS servers - SOLVED
- Started by grahamgo
- Replies: 16
Latest threads
-
-
-
ASUS GT-AX11000 Pro Firmware version 3.0.0.6.102_34721
- Started by Vogemic
- Replies: 0
-
Isolating IP cams and NVR from the rest of the network with VLAN
- Started by dissonance79
- Replies: 8
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!