What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Well which broser is used, if it is for example Firefox and it uses it own DoT (DNS over TLS) and if not configured correct this would mean, if I understand this correct, that Diverson on the router would be bypassed?
 
Have now gone through some settings, does that fit or do I have something else wrong?

View attachment 20971
View attachment 20972
View attachment 20973

I've followed these settings (or similar) and applied them to my setup which I have a VPN client running also. When doing so, I experience DNS leaks on ipleak.net. Is this normal expected behaviour, or are there any settings that one would change from this setup, when running a VPN and wishing to prevent DNS leaks?
 
Not a single ad on that page. Make sure your cache is cleared.


I've done that on my iMac and devices, but I'm still experiencing this issue. Diversion appears to be blocking according to the stats:

Code:
1.351M  blocked domains by  6  hosts file(s)
 481 t  481 w  0 n ads since Jan 22 23:00

But as you can see here I'm still getting some ads (the domains of these ads are being blocked by Diversion, so I don't know what is going on).

ojHmgrG_d.jpg
 
I've done that on my iMac and devices, but I'm still experiencing this issue. Diversion appears to be blocking according to the stats:

Code:
1.351M  blocked domains by  6  hosts file(s)
 481 t  481 w  0 n ads since Jan 22 23:00

But as you can see here I'm still getting some ads (the domains of these ads are being blocked by Diversion, so I don't know what is going on).

ojHmgrG_d.jpg

There's not a single ad on that page as you can see below.

7edc619aa49055b2ddc0bc6be38ffeab.png


And these are all the blocked domains Diversion is blocking for this page, compare your list with mine.

38a3ff98aec643b59fafc4142bef6a22.png
 
There's not a single ad on that page as you can see below.

7edc619aa49055b2ddc0bc6be38ffeab.png


And these are all the blocked domains Diversion is blocking for this page, compare your list with mine.

38a3ff98aec643b59fafc4142bef6a22.png


Thanks for the reply,

How do I see what is being blocked on a page like that in the screenshot?
 
Thanks for the reply,

How do I see what is being blocked on a page like that in the screenshot?

Open Diversion then press "f" to follow dnsmasq.log file, then press 4 "blocked domain by device IP" option and enter your iPhone/Mac device IP so that only domains from that devices show up in the list.
 
Open Diversion then press "f" to follow dnsmasq.log file, then press 4 "blocked domain by device IP" option and enter your iPhone/Mac device IP so that only domains from that devices show up in the list.


I've done as you have directed and there doesn't appear to be anything being blocked (I refreshed the page on my device a number of times too).

o0CC3b0.png
 
I've done as you have directed and there doesn't appear to be anything being blocked (I refreshed the page on my device a number of times too).

o0CC3b0.png

That means your device/devices are not using your Router's IP as thier DNS server IP and bypassing it somehow. Check the DNSFilter page in your router settings under LAN.

Also check your iPhone Wi-Fi settings page and make sure configure DNS is set to Automatic.
 
That means your device/devices are not using your Router's IP as thier DNS server IP and bypassing it somehow. Check the DNSFilter page in your router settings under LAN.

Also check your iPhone Wi-Fi settings page and make sure configure DNS is set to Automatic.

I checked my iMac, my iPhone, and my Router and all are now using the router for DNS.

I had the DNSFilter set to 'CleanBrowsing' and now it is set to 'Router'

Everything is working well.

Thank you for your help!
 
Well which broser is used, if it is for example Firefox and it uses it own DoT (DNS over TLS) and if not configured correct this would mean, if I understand this correct, that Diverson on the router would be bypassed?

Do a web search, you can turn this stuff off in your browser.
That way Diversion will do its goodness!
 
How relevant are the Plus Hosts files now, seeing how there have been no updates since August 2019? They inflate the blocking list greatly on smaller routers.

https://hosts-file.net/

It might be useful to write a script to compare which blocked hosts came from these plus hosts files (e.g. a hit count by list).

Something to think about.
 
How relevant are the Plus Hosts files now, seeing how there have been no updates since August 2019? They inflate the blocking list greatly on smaller routers.

https://hosts-file.net/

It might be useful to write a script to compare which blocked hosts came from these plus hosts files (e.g. a hit count by list).

Something to think about.

There have been some updates to individual files.
Refer here.....

https://hosts-file.net/?s=Download
 
I have disabled DNSFilter, all devices are using 192.168.50.1 for their DNS.

I added, for example, facebook to the blacklist and made sure the list was processed, and yet I'm still able to reach facebook on all devices and browsers.

Last time I setup diversion I didn't have these issues so I'm wondering if I've done something wrong.

Fa2yusb_d.jpg


But here is facebook, it's the same result on all devices using various browsers.

EkQvJ8g_d.jpg
 
I have disabled DNSFilter, all devices are using 192.168.50.1 for their DNS.

I added, for example, facebook to the blacklist and made sure the list was processed, and yet I'm still able to reach facebook on all devices and browsers.

Last time I setup diversion I didn't have these issues so I'm wondering if I've done something wrong.

Fa2yusb_d.jpg


But here is facebook, it's the same result on all devices using various browsers.

EkQvJ8g_d.jpg
Disabling dnsfilter is a bad move - some apps will simply ignore device dns settings in favour of hardcoded dns. Re-enable it and set global filter mode to router.
 
Disabling dnsfilter is a bad move - some apps will simply ignore device dns settings in favour of hardcoded dns. Re-enable it and set global filter mode to router.

I just tried that, I set DNSFilter to Global and tried different servers but I'm still getting the same result. This is odd.
 
I added, for example, facebook to the blacklist and made sure the list was processed, and yet I'm still able to reach facebook on all devices and browsers.
...
I just tried that, I set DNSFilter to Global and tried different servers but I'm still getting the same result. This is odd.
But can you log into FB once you've set those filters? The main page is likely cached, and your log shows the connection being blocked.

Restart the device or flush the cache to see if that fixes the situation.
 
I've followed these settings (or similar) and applied them to my setup which I have a VPN client running also. When doing so, I experience DNS leaks on ipleak.net. Is this normal expected behaviour, or are there any settings that one would change from this setup, when running a VPN and wishing to prevent DNS leaks?
The DNS Behavior section of this blog post will explain the inner workings of DNS + Policy Rules over the VPN tunnel when using Diversion.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top