- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
AdBlocker Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I searched for an open topic on this, and found all of them closed, so heres a new one.
I'm running XR1000 V1 with latest firmware 1.0.0.74. The adblocker does not seem to work consistantly. Some sites defined in the lists are blocked while others are not. I read in another topic that it is suggested that blocking ads on the network is different than using a blocker extension in a browser. This makes little sense to me since from my technical experience it is simply a matter of string matching anything that comes through DNS and not looking up the IP and returning a 404 or other message instead of the requested URL. All devices on my network has 19.168.1.1 set as the DNS server, who then should be filtering for blocked domains, then sending the URL to the ISP DNS for resolution if it passes the adblock check.
Description of problem:
I see in default-list.txt that doubleclick.net is blocked, but anything that requests that in it's URL string is not blocked. Further more, if going directly to doubleclick.net in a browser, it is also not blocked. I've also created my own text list and blocked that URL and others, like ads.google.com, and those sites are not blocked.
Is it possible there is a limit to how many URLs the XR1000 can match against? What other possibilities for this not working?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the reply. You gave me a direction which helped me understand what is going on here. First I wish to make a comment about https, then I'll provide the steps I took which successfully blocked the sites I used as an example.
I may be wrong, and please call me out if I am, but even when using https, the domain name in the URL is still sent to DNS in the clear as per normal. There is no way to initiate a https connection until after the domain has been resolved to an IP. Then once an SSL connection is established, the majority of the URL is secured behind SSL, though the domain and the length of the URL still could be captured by a listener.
So, apparently FireFox has a feature I was not aware of, DNS over HTTPS, in which FireFox makes a SSL connection to a DNS server to query the domain. FireFox also caches all previous DNS queries, bypassing all downstream DNS lookups.
Steps to get URLs in AdBlocker to be blocked when using FireFox:
- Clear Windows DNS cache by going to command prompt and running:
- ipconfig /flushdns
- In FireFox Settings/Privacy & Security, turn off "DNS over HTTPS" in FireFox by setting "Enable DNS over HTTPS using:" to "Off".
- Clear FireFox DNS cache:
- Go to abbout:config in URL bar
- Set both network.dnsCacheExpiration and network.dnsCacheExpirationGracePeriod to 0. This will clear the cache immediately. You can then set it back to the default value if you wish.
Now any domain in the AdBlocker lists will be blocked, even if using https in your URL.
Final thoughs... I like the idea of DNS over https, though I would prefer it done at the router level rather than at the browser level. I looked around the settings in the XR1000 admin page and found nothing that would allow me to configure any DNS settings for the router. It seems currently this router is only functioning as a passthrough DNS where it first string matches for AdBlocked domains and Content Filters and then sends domain name to the ISP DNS. Does anyone know if any DNS settings for the XR1000 admin page are on the roadmap for future FW updates? Rapp maybe?
So as it stands, I've turned FireFoxes DNS over HTTPS back on, as I feel this is an important feature to have enabled and will have to just allow AdBlocker on the router to chop away at DNS queries from my Fire TV. I will also have to use an adblocker extention in FireFox to filter things at the browser level.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: AdBlocker Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the reply. You gave me a direction which helped me understand what is going on here. First I wish to make a comment about https, then I'll provide the steps I took which successfully blocked the sites I used as an example.
I may be wrong, and please call me out if I am, but even when using https, the domain name in the URL is still sent to DNS in the clear as per normal. There is no way to initiate a https connection until after the domain has been resolved to an IP. Then once an SSL connection is established, the majority of the URL is secured behind SSL, though the domain and the length of the URL still could be captured by a listener.
So, apparently FireFox has a feature I was not aware of, DNS over HTTPS, in which FireFox makes a SSL connection to a DNS server to query the domain. FireFox also caches all previous DNS queries, bypassing all downstream DNS lookups.
Steps to get URLs in AdBlocker to be blocked when using FireFox:
- Clear Windows DNS cache by going to command prompt and running:
- ipconfig /flushdns
- In FireFox Settings/Privacy & Security, turn off "DNS over HTTPS" in FireFox by setting "Enable DNS over HTTPS using:" to "Off".
- Clear FireFox DNS cache:
- Go to abbout:config in URL bar
- Set both network.dnsCacheExpiration and network.dnsCacheExpirationGracePeriod to 0. This will clear the cache immediately. You can then set it back to the default value if you wish.
Now any domain in the AdBlocker lists will be blocked, even if using https in your URL.
Final thoughs... I like the idea of DNS over https, though I would prefer it done at the router level rather than at the browser level. I looked around the settings in the XR1000 admin page and found nothing that would allow me to configure any DNS settings for the router. It seems currently this router is only functioning as a passthrough DNS where it first string matches for AdBlocked domains and Content Filters and then sends domain name to the ISP DNS. Does anyone know if any DNS settings for the XR1000 admin page are on the roadmap for future FW updates? Rapp maybe?
So as it stands, I've turned FireFoxes DNS over HTTPS back on, as I feel this is an important feature to have enabled and will have to just allow AdBlocker on the router to chop away at DNS queries from my Fire TV. I will also have to use an adblocker extention in FireFox to filter things at the browser level.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: AdBlocker Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: AdBlocker Issues
I guess I should have been more specific about my comments regarding DNS with the XR1000. I found those settings you're refering to, and if I'm not mistaken, those are "client side" configurations to tell the router what DNS to use. I'm interested in "server side" or at least "middle-man" DNS settings at the router level. Things like a flush DNS cache, TTL settings for the cache, heck, even a cache at all. Also, the ability to setup DNS over HTTPS at the router level would also be very nice.
Otherwise, I have a better understand about the AdBlocker Rapp on the router and what was getting in my way. Hopfully others will find it informative.
A few other things to note. Other browsers like chrome and edge also save their own cache, so if using one of those look into how to clear that before testing. Also, something I changed a few days before tackling this that may have had an effect, was change FireFox's default search engine to DuckDuckGo. This stopped Google from automatically searching URLs that were blocked or typed wrong and not giving me a 404.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more