1

I'm trying to create a server-side adblocking mechanism through dnsmasq, but I only get results on the server itself, not the computers attached to my local network.

First of all, my router is the default DNS server, so I have to setup all my devices to use the dnsmasq server as primary DNS. I can check it works when I try to access one of my self-hosted websites: if I can access them locally then the dnsmasq dns works. In this regards, all is OK.

Then the ad-blocking part. I check if the blocking works by entering this command on both my server and my main computer:

# nslookup doubleclick.net

On the server I get:

Server:     192.168.1.51
Address:    192.168.1.51#53

Name:   doubleclick.net
Address: 192.168.1.51

So it works there.

On my computer I get:

Server:     80.67.0.2
Address:    80.67.0.2#53

Non-authoritative answer:
Name:   doubleclick.net
Address: 70.32.146.212

So here it doesn't...

My setup is as thus:

  • I setup the config dir of dnsmasq:

    conf-dir=/usr/local/etc/dnsmasq.d

  • Put the file dnsmasq.adlist.conf there populated by a script which fetch an ad servers list from a site and compile them in dnsmasq readable entries.

So to make it short, domains blocked by dnsmasq are correctly redirected from within the server, but not from the other devices. It's like dnsmasq fails to broadcast the newly added domain list.

I can provide any information you like to help me with resolving this issue. It may also point to a misconfiguration from before this adblocking experiment. Anyway, I hope that this is easy to nail down...

My server is on FreeBSD 9.3

Jeez
  • 13
  • 2
  • delete the DNS cache of your OS and check again. additionally you can tell nslookup which server to use for the DNS query. – Dennis Nolte May 04 '15 at 14:48
  • You were right, my DNS cache had to be flushed for the new entries to be taken into account, so the system works now. Just have to make a few arrangements. – Jeez May 06 '15 at 14:50

2 Answers2

1

I havent used nslookup in some time, but doesnt that result mean that the name resolution was performed against 80.67.0.2 and not 192.168.1.51 (which I assume is your router)?

I'd guess that somehow your computer is not using your dnsmasq instance to do name resolution.

Kenned
  • 403
  • 4
  • 11
  • Well it is using dnsmasq's name resolution since I can access my local websites from within my networks. See my answer to Dennis Nolte. – Jeez May 06 '15 at 14:48
0

The issue might happen if something caches your request and you do not flush your DNS cache.

Often the OS caches DNS entries which makes changes in DNS not be seen directly.

For Windows f.e. you can clear your DNS cache by something like. 

ipconfig /flushdns
Dennis Nolte
  • 2,881
  • 4
  • 27
  • 37