Adblock package release for turris omnia

dibdot · April 13, 2020, 5:55pm

Interesting, could you give me a working config example? Thanks!

michalko58 · April 13, 2020, 6:14pm

I am on HBL at least one month, and before that few months on HBD, due to 160MHz wifi channel support

michalko58 · April 13, 2020, 6:15pm

I am afraid I am not so skilled to set it all up correctly…

vcunat · April 13, 2020, 6:24pm

Docs should be a good source: https://knot-resolver.readthedocs.io/en/stable/modules-view.html#example-configuration

BTW, we’re working on more powerful RPZ implementation. In particular, injecting address records already works in current WIP, I think, but CNAMEs probably won’t be done in this iteration (or soon).

viktor · April 13, 2020, 7:06pm

It was response to unsupported RPZ.

Maxmilian_Picmaus · April 15, 2020, 8:43pm

i had “pihole” in lxc just for “guest” wlan, it worked pretty well. Now i have it for all nets/subnets as secondary dns (tos is primary of course), And just for some devices i made “manual setup” where i have “pihole” as primary.

ad_lxc: i have like three containers running vsftpd(s), nginx/apache,ngircd(s), znc, eggdrop(s) , pihole and so far no significant performance drop. When i activated netdata and nextcloud it became a bit glitchy during some operations (i just have 1G ram), so those i do not have anymore. With 2G it would not be a problem to keep netdata/nextcloud active. But for sure “adblock” on TOS should require less resources than pihole in lxc … …in that perspective it is OP solution :)) (but people love the pihole dashboard

michalko58 · April 16, 2020, 7:16am

I was using pihole on TOS 3.x.x Omnia at my parents, which are sharing internet connection with their neightbour (pihole for parents, neightbour on VLAN without any ad blocking). Just yesterday, I have deleted that LXC with pihole.
Now I am planning to update that Omnia to TOS 5.x and I think, that I will try only AdBlock with only few basic source lists for both LAN and VLAN.

Leonardo · May 16, 2020, 2:41am

“SafeSearch” can be implemented by manually by adding the restricted DNS entries in /etc/hosts.
Hopefully kresd/adblock will get it working.

vcunat · May 29, 2020, 1:50pm

You needed A and AAAA records in the RPZ zones? That should work with kresd >= 5.1.0. Current Turris OS status is RC for 3.x and HBT(esting) (number-wise: 3.11.17 and recent 5.0.0).

dibdot · May 29, 2020, 9:07pm

In the past I’ve tried only the bind cname syntax within the rpz file, e.g.

 www.bing.com CNAME strict.bing.com.
*.www.bing.com CNAME strict.bing.com.
[...]

that doesn’t work even with kresd 5.1.1 (in hbt branch). What’s the correct IP-based syntax for A/AAAA records?

vcunat · May 29, 2020, 9:15pm

CNAME redirection won’t work… it wouldn’t be hard for the module to return CNAME in answer, but it would need larger changes to also follow the CNAME. Overriding other records should work, e.g.

some.example.com             A       192.0.2.66

(I might have misunderstood that it’s sufficient for your purposes.)

dibdot · May 30, 2020, 4:20am

Many thanks!
I’ve implemented and tested this safesearch variant in adblock 4.0.5-3, should arrive in hbt branch soon as it has been already backported to OpenWrt 19.07, too.

adblock: update 4.0.5-3

* fix oisd_nl source parser (format has been changed)
* enable safesearch support for kresd (ip based)

freshdax · June 14, 2020, 2:31pm

Hi @dibdot

after some failed downloads of dshield, which was shown in the log, I followed up on it.
On the download address page:

https://dshield.org/feeds/suspiciousdomains_Low.txt

…you were reading this:

DShield.org Suspicious Domain List
** © 2020 DShield.org**
** some rights reserved. Details http://creativecommons.org/licenses/by-nc-sa/2.5/**
** use on your own risk. No warranties implied.**
** primary URL: http://www.dshield.org/feeds/suspiciousdomains_Low.txt**

** comments: info@dshield.org**
** updated: Wed Jun 3 04:04:03 2020 UTC**

** This list consists of Low Level Sensitivity website URLs**
** Columns (tab delimited):**

** (1) site**

** Site**

** Service Suspended**

** END**

** finished list generation: Wed Jun 3 04:04:03 2020 UTC**

So this service is no longer active since early June, wanted to inform you!

Best regards

vcunat · June 14, 2020, 2:39pm

The site suggests that it may become non-empty again in future:

Upon recently reviewing some of our sources for this service, we noticed how pretty much none of them are producing current data anymore (thanks to a reader for pointing this out to us). The lists will be empty until we find a way to resume this service.

freshdax · June 14, 2020, 3:11pm

Thanks for the info, then we wait.
So the service comes back.

dibdot · June 14, 2020, 6:30pm

@freshdax @vcunat thanks for the heads up!

jiberjaber · June 17, 2020, 12:25pm

Hi @dibdot I don’t seem to be able to find any docs on the DNS report filter and blocklist query?

Could you point me to them, eg how can I filter Refresh DNS Report to show only blocked Answers?
(if I put answer=nx it returns blank, if I put nx I get domains with nx in them… )

dibdot · June 17, 2020, 5:50pm

Just filter for capital letters “NX”

Edit: BTW, great that it finally works for you!

jiberjaber · June 17, 2020, 10:59pm

Thankyou ‘NX’ does indeed work !

JardaB · April 26, 2021, 2:49pm

Can AdBlock in TOS 5 HBS be prevented from displaying these ugly sheds by some settings ?

Adblock package release for turris omnia

image1091×736 168 KB