search

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home.html
GNU General Public License v3.0
24.47k stars 1.77k forks source link

Doesn't block ads #4256

Closed Ikif closed 2 years ago

Ikif commented 2 years ago

Issue Details

Expected Behavior

Expect to block ads

Actual Behavior

Doesn't block ads

Additional Information

Just installed AdGuard Home from Home Assistant on Raspberry Pi4 (Rasbian 64). As I started AdGuard Home it blocked 28 requests , and after that it stopped to block at all. I see [DNS Queries] changes , but counter of block stopped on 28.

EugeneOne1 commented 2 years ago

@Ikif, hello. Are you sure about the version? FYI, it's shown in the bottom right corner of the dashboard under the language selector: image

Also, could you please collect a verbose log to help us troubleshoot the issue? You may either post it here or send to devteam@adguard.com.

ainar-g commented 2 years ago

Hello.

v4.4.4

This is probably the version of the Home Assistant addon, not of AdGuard Home itself.

As I started AdGuard Home it blocked 28 requests , and after that it stopped to block at all.

We don't support the Home Assistant addon, so we cannot tell if that's an HA issue or an AdGuard Home one. Please follow our guide to diagnose some common issues as well as making sure that you have configured the clients. You may also need to inspect some of the addon's documentation.

Ikif commented 2 years ago

Version: v0.107.3 At the morning I see the counter of [Blocked by Filters] is increased , but I don't see that it block ads at all. I also added blocklists from "Adblock Plus" where it works properly and AdGuard Home doesn't block the same ads.

Ikif commented 2 years ago

IP of my RPi there. image

Ikif commented 2 years ago

image

Ikif commented 2 years ago

In “Block domains using filters and hosts files” I added all block lists. I also enabled "Parental Control", " Browsing security web service". "DNS allowlists" , "DNS rewrites" and "Custom filtering rules" are empty.

Ikif commented 2 years ago

I tried to add Amazon and Youtube in "Blocked services". On my laptop I still open these sites.... In "Query Log" : image

ainar-g commented 2 years ago

When you're doing nslookup, is the IP address in the Address: field (the one with the red X) the address of the Raspberry Pi with AdGuard Home?

Also, how did you configure the clients? Did you configure your DHCP server to send the IP address of AdGuard Home for both primary and secondary DNS? If the clients in that Wi-Fi network don't receive AdGuard Home IP addresses only, DNS queries will go around it.

Ikif commented 2 years ago

Yes , the IP (nslookup) is of RPi with AdGuard Home.

IP of RTPi in DNS fields of router: image

I didn't changed configuration of DHCP in the router only added IP of RPi to DNS field : image

ainar-g commented 2 years ago

Does the nslookup work if you request an FQDN instead of a domain name? E.g.:

nslookup ad.doubleclick.net.

(N.B. the dot at the end.)

I've only now noticed that that record in the query log has .net.intel.com attached to it for some reason. It may be that your machine has a local network suffix for some reason.

Ikif commented 2 years ago

Amazon address I put to block service: image

My PC properties (work laptop) : image

ainar-g commented 2 years ago

Sorry, I'm out of ideas. Perhaps, someone who had a similar setup could chime in either here, or on the Home Assistant forums.

ghost commented 2 years ago

AdGuard Home is your only upstream DNS server correct? Also, I notice you're on a Windows machine, if you have IPv6 enabled on a Windows machine it bypasses local filtering, no idea why, but it does. Also, you should go into filters and enable the OISD blocklist, it is really good and will help catch more ads.

agneevX commented 2 years ago

Well, if the query is hitting AdGuard and not being blocked, it could be because of incorrect settings:

Just double-checking, is this option checked, @Ikif?

Screenshot (124)

agneevX commented 2 years ago

As @ainar-g points out, this could be because of DNS suffix.

What does Connection-specific DNS Suffix in ipconfig /all print out?

Ikif commented 2 years ago

As @ainar-g points out, this could be because of DNS suffix.

What does Connection-specific DNS Suffix in ipconfig /all print out?

Connection-specific DNS Suffix . : ger.corp.intel.com

agneevX commented 2 years ago

So, the suffix is added for all queries to DNS servers that does not begin with www.

I'm not too familiar with work machines and DNS, but you could technically create a blocklist from existing ones and append .intel.corp to each rule using tools online.

That could be a short-term solution but since it's a work machine, I'd clear it with IT first.