NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
AdBlocker Issues
I searched for an open topic on this, and found all of them closed, so heres a new one. I'm running XR1000 V1 with latest firmware 1.0.0.74. The adblocker does not seem to work consistantly. Some...
Thank you for the reply. You gave me a direction which helped me understand what is going on here. First I wish to make a comment about https, then I'll provide the steps I took which successfully blocked the sites I used as an example.
I may be wrong, and please call me out if I am, but even when using https, the domain name in the URL is still sent to DNS in the clear as per normal. There is no way to initiate a https connection until after the domain has been resolved to an IP. Then once an SSL connection is established, the majority of the URL is secured behind SSL, though the domain and the length of the URL still could be captured by a listener.
So, apparently FireFox has a feature I was not aware of, DNS over HTTPS, in which FireFox makes a SSL connection to a DNS server to query the domain. FireFox also caches all previous DNS queries, bypassing all downstream DNS lookups.
Steps to get URLs in AdBlocker to be blocked when using FireFox:
- Clear Windows DNS cache by going to command prompt and running:
- ipconfig /flushdns
- In FireFox Settings/Privacy & Security, turn off "DNS over HTTPS" in FireFox by setting "Enable DNS over HTTPS using:" to "Off".
- Clear FireFox DNS cache:
- Go to abbout:config in URL bar
- Set both network.dnsCacheExpiration and network.dnsCacheExpirationGracePeriod to 0. This will clear the cache immediately. You can then set it back to the default value if you wish.
Now any domain in the AdBlocker lists will be blocked, even if using https in your URL.
Final thoughs... I like the idea of DNS over https, though I would prefer it done at the router level rather than at the browser level. I looked around the settings in the XR1000 admin page and found nothing that would allow me to configure any DNS settings for the router. It seems currently this router is only functioning as a passthrough DNS where it first string matches for AdBlocked domains and Content Filters and then sends domain name to the ISP DNS. Does anyone know if any DNS settings for the XR1000 admin page are on the roadmap for future FW updates? Rapp maybe?
So as it stands, I've turned FireFoxes DNS over HTTPS back on, as I feel this is an important feature to have enabled and will have to just allow AdBlocker on the router to chop away at DNS queries from my Fire TV. I will also have to use an adblocker extention in FireFox to filter things at the browser level.
- Clear Windows DNS cache by going to command prompt and running:
If you're using https as part of the URLs, remove that aspect and then they should block correctly
Thank you for the reply. You gave me a direction which helped me understand what is going on here. First I wish to make a comment about https, then I'll provide the steps I took which successfully blocked the sites I used as an example.
I may be wrong, and please call me out if I am, but even when using https, the domain name in the URL is still sent to DNS in the clear as per normal. There is no way to initiate a https connection until after the domain has been resolved to an IP. Then once an SSL connection is established, the majority of the URL is secured behind SSL, though the domain and the length of the URL still could be captured by a listener.
So, apparently FireFox has a feature I was not aware of, DNS over HTTPS, in which FireFox makes a SSL connection to a DNS server to query the domain. FireFox also caches all previous DNS queries, bypassing all downstream DNS lookups.
Steps to get URLs in AdBlocker to be blocked when using FireFox:
- Clear Windows DNS cache by going to command prompt and running:
- ipconfig /flushdns
- In FireFox Settings/Privacy & Security, turn off "DNS over HTTPS" in FireFox by setting "Enable DNS over HTTPS using:" to "Off".
- Clear FireFox DNS cache:
- Go to abbout:config in URL bar
- Set both network.dnsCacheExpiration and network.dnsCacheExpirationGracePeriod to 0. This will clear the cache immediately. You can then set it back to the default value if you wish.
Now any domain in the AdBlocker lists will be blocked, even if using https in your URL.
Final thoughs... I like the idea of DNS over https, though I would prefer it done at the router level rather than at the browser level. I looked around the settings in the XR1000 admin page and found nothing that would allow me to configure any DNS settings for the router. It seems currently this router is only functioning as a passthrough DNS where it first string matches for AdBlocked domains and Content Filters and then sends domain name to the ISP DNS. Does anyone know if any DNS settings for the XR1000 admin page are on the roadmap for future FW updates? Rapp maybe?
So as it stands, I've turned FireFoxes DNS over HTTPS back on, as I feel this is an important feature to have enabled and will have to just allow AdBlocker on the router to chop away at DNS queries from my Fire TV. I will also have to use an adblocker extention in FireFox to filter things at the browser level.
- Well done on getting it resolved and thanks for posting the solution. You can change DNS on the Internet Setup page - the first page on Settings
I guess I should have been more specific about my comments regarding DNS with the XR1000. I found those settings you're refering to, and if I'm not mistaken, those are "client side" configurations to tell the router what DNS to use. I'm interested in "server side" or at least "middle-man" DNS settings at the router level. Things like a flush DNS cache, TTL settings for the cache, heck, even a cache at all. Also, the ability to setup DNS over HTTPS at the router level would also be very nice.
Otherwise, I have a better understand about the AdBlocker Rapp on the router and what was getting in my way. Hopfully others will find it informative.
A few other things to note. Other browsers like chrome and edge also save their own cache, so if using one of those look into how to clear that before testing. Also, something I changed a few days before tackling this that may have had an effect, was change FireFox's default search engine to DuckDuckGo. This stopped Google from automatically searching URLs that were blocked or typed wrong and not giving me a 404.