adblock - Help me - How to [something like pi-hole]

Questions and mods regarding system management may go here
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
MacUser
Trainee
Trainee
Posts: 16
Joined: Thu Jul 28, 2011 1:02 am

adblock - taskmanager failure

Unread post by MacUser » Tue Jun 05, 2018 8:42 am

An addition to my posting above:

Starting ad-blocker.sh as root via sh ./ad-blocker.sh gives

Code: Select all

 <root@BS58-NAS>[0,31;47m~ $:sh ./ad-blocker.sh 
Error: database is locked
Same error sends the task manager.

I'm a little bit confused now. Which database used by ad-blocker.sh is locked for root-access?
MacUser's migrating to Linux - only about 10% computertime left on MacOS and steadily decreasing.

User avatar
dMajo
Knowledgeable
Knowledgeable
Posts: 365
Joined: Sun Aug 19, 2012 12:26 pm
Location: Italy
Contact:

Re: adblock - Help me - How to [something like pi-hole]

Unread post by dMajo » Tue Jun 05, 2018 10:50 am

@MacUser

I have a few bug-fix/improvement made over the latest version that was not published on this forum (thanks to Briolet and his intensive tests).
I don't know if any of them fixes your issues. I do not have access to any 6.2 system. Most of mine NASes are production ones and thus upgrades delayed by some month to be sure not to introduce any instability/incompatibility.


Regarding the DB lock the script writes minor information to the DNSServer's log. The log with prior versions was file-based while with the latest versions is DB (SQLight) based. The script, according to DNSServer version 2.2.1-3051 choose the right place/method to write the info.
It is possible that Synology has changed something in the DB handling with latest DSNServer version.
to avoid DB logging is enough you comment line 83 in the script

Code: Select all

#			sqlite3 $LogDB "INSERT INTO LOGS (TIME,TAG,CATAGORY,MODULE,SEVERITY,CONTENT) VALUES ('${DTStamp}','','adblock','ad-blocker.sh','$4','AdBlocker: ${LogMsg}');"
For better debug you can also comment lines 101 and 102 which then preserves the temp folder and extended log file which than becomes incremental. Don't worry: for everything that should be clean (eg. files that append information) is taken care to clean it into the script itself.


When enough spare time I will try to upgrade a DS115 test system to see DSM6.2 in action. As soon as I will test the script on the new OS I will report results and/or fix it if needed.

Regards
  • APCSMT2200I+AP9631
  • Vigor2830Vn+: LoadBal 2xADSL(20M/1M.mcr512K,8IP)+1x4G/LTE
  • D-Link DGS1210-28P (CoreSW, PoE+)
    • 4x IntelliJack NJ2000G, 4x IntelliJack NJ220
    • 2x Netgear GS108T
    • 2x VigorAP900
  • DS1815+: DSM61(15152u3),16GB,2x845DCPro,4xWD60EFRX,2xWD60PURX;LAN:1+2,3,4
  • RS3617xs+: DSM61(15152u3),8GB,8xWD40FFWX;LAN:1+2+3,4,5+6
  • RS2414RP+: DSM52(5644u8),4GB,8xWD30EFRX;LAN:1+2+3,4
  • MME:
    • DENON AVR4311
    • TV: UE55ES8000Q,UE32ES6800Q,UE22F5410AY
    • Gigaset: 2xDX800A,1xSL910H,2xDA210
    • Galaxy Note3,A5; Nokia N8

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - v2 and DSM 6.2

Unread post by Briolet » Tue Jun 05, 2018 11:53 am

MacUser wrote:
Fri Jun 01, 2018 12:33 pm
…Without having enough time to further analyse that line I changed the "::2" to " :2":

Code: Select all

if [[ "${Now}" -ne "${CurrSN: -2}" || ${#CurrSN} -lt ${#Now} ]]; then
The script runs withour error message now but a…
I'll look deeper into your error messages. I use a modified version of dMajo's script and that runs without problems with DSM 6.2. And I don't think my modifications change the compatibility of dMajo's script.

When above changes suppress the error, it is likely that you created the masterzone with the wrong serial format. You would not be the first, so I added in my script the next check before running above code:

Code: Select all

		if [[ "${CurrSN}" -eq "1" || ${#CurrSN} -ne 10 ]]; then
		    LogThis "Wrong serial format detected for the null.zone.file" 0 "toDNS"
		    LogThis "Delete the null.zone.file and create a new one with a date as serial format" 1 "toDNS"
		fi

MacUser
Trainee
Trainee
Posts: 16
Joined: Thu Jul 28, 2011 1:02 am

Re: adblock - Help me - How to [something like pi-hole]

Unread post by MacUser » Wed Jun 06, 2018 7:59 pm

Hi all,

thanks for your input.

I commented out the sqlite command and reverted back to
if [[ "${Now}" -ne "${CurrSN::-2}" || ${#CurrSN} -lt ${#Now} ]]; then

The script is running though without error now.
I get a data/null.zone.file with a current time stamp with

Code: Select all

zone "null.zone.file" {
	type master;
	file "/etc/zone/master/null.zone.file";
	allow-transfer {any;};
	allow-update {none;};
	allow-query {any;};
};
include "/etc/zone/data/ad-blocker.db";
There is also a master/null.zone.file with a current timestamp with

Code: Select all

$TTL 86400				; one day
@ IN	SOA	ns.null.zone.file. mail.null.zone.file. (
			2018060602	; serial number YYYYMMDDNN
			86400		; refresh	1 day
			7200		; retry		2 hours
			864000		; expire	10 days
			86400 )		; min ttl	1 day
		NS	ns.null.zone.file.
		A	127.0.0.1
		AAAA	::1
* IN	A	127.0.0.1
* IN	AAAA	::1
Looks ok to me - but don't give to much on my experience with DNS and named because there isn't too much.

dig still brings the real IP-addresses.

I tried a reload.sh and restart.sh as well, no change.
MacUser's migrating to Linux - only about 10% computertime left on MacOS and steadily decreasing.

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by Briolet » Thu Jun 07, 2018 4:34 pm

Sometimes the blocklists contains chracters the script is not prepared for. This results in not using the blocklist at all. You will see this in the log of dns server itself. Something like "Encountered an illegal character in line xxx".

If so, give those lines. (and the blocklists you use)

e,g. a line like "0.0.0.0 dimeprice.com # "spam bugs"" in a source blocklist will result in an illegal character in the resulting blocklist.

If so, I have a patch for the script. (I send it a few months ago to dMajo). But none of the default installed blocklist contained such lines.

MacUser
Trainee
Trainee
Posts: 16
Joined: Thu Jul 28, 2011 1:02 am

Re: adblock - Help me - How to [something like pi-hole]

Unread post by MacUser » Sun Jun 17, 2018 6:06 pm

Made checks with named-checkzone after

Code: Select all

cd /var/packages/DNSServer/target/named/etc/zone
:

Code: Select all

/volume1/@appstore/DNSServer/bin/named-checkzone mydomain.tld data/null.zone.file 
dns_master_load: data/null.zone.file:1: syntax error
dns_master_load: data/null.zone.file:1: isc_lex_gettoken() failed: unbalanced quotes
dns_master_load: data/null.zone.file:1: unbalanced quotes
data/null.zone.file:2: record with inherited owner (zone.mydomain.tld) immediately after $ORIGIN (mydomain.tld)
data/null.zone.file:2: unknown RR type 'type'
data/null.zone.file:3: unknown RR type 'file'
data/null.zone.file:4: unknown RR type 'allow-transfer'
data/null.zone.file:5: unknown RR type 'allow-update'
data/null.zone.file:6: unknown RR type 'allow-query'
dns_master_load: data/null.zone.file:7: unexpected end of line
dns_master_load: data/null.zone.file:7: unexpected end of input
zone mydomain.tld/IN: loading from master file data/null.zone.file failed: syntax error
zone mydomain.tld/IN: not loaded due to errors.
I don't have enough knowledge in named configuration to decide what's going wrong here.
MacUser's migrating to Linux - only about 10% computertime left on MacOS and steadily decreasing.

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by Briolet » Mon Jun 18, 2018 2:46 pm

The first error is about "unballanced quotes". That smells as the problem in my previous post were the raw blocklist contained certain quotes in the comment and weren't correctly filtered out.

For me it helped by replacing lines 182-187

Code: Select all

	2) LogThis "Cleaning type 2 files ..." 0 # [2]Standard hosts file
	#	sed -r -n -e '/(localhost| local[[:space:]]*\n|0\.0\.0\.0[[:space:]]*0\.0\.0\.0)/{d;n;}' -e '/^(127\.0\.0\.1|0\.0\.0\.0)[[:space:]]*([A-Za-z0-9]|-|_|\.)*\.([A-Za-z])*/{p;n;}' adbListType$BL_Index.raw > adbListType$BL_Index.p01 # Clean and Validate
	sed -r -n -e '/(localhost|local[[:blank:]]*\n|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.255|0\.0\.0\.0[[:blank:]]+0\.0\.0\.0)/d' -e '/^(127\.0\.0\.1|0\.0\.0\.0)[[:blank:]]+(\w|\-|\~|\.)+\.[A-Za-z]{2,}/p' adbListType$BL_Index.raw > adbListType$BL_Index.p01 # Clean and Validate (2018.02.04)
	#	sed -r -e 's/(127\.0\.0\.1|0\.0\.0\.0)[[:space:]]+/zone "/g' adbListType$BL_Index.p01 >> adbListAll.raw # Add line head
	sed -r -e 's/^(127\.0\.0\.1|0\.0\.0\.0)[[:space:]]+/zone "/g' adbListType$BL_Index.p01 >> adbListAll.raw # Add line head (2018.01.07 M4RC)
	;;
by

Code: Select all

	2) LogThis "Cleaning type 2 files ..." 0 # [2]Standard hosts file
	sed -r -n -e '/(localhost|local[[:blank:]]*\n|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.255|0\.0\.0\.0[[:blank:]]+0\.0\.0\.0)/d' -e '/^(127\.0\.0\.1|0\.0\.0\.0)[[:blank:]]+(\w|\-|\~|\.)+\.[A-Za-z]{2,}/p' adbListType$BL_Index.raw > adbListType$BL_Index.p01 # Clean and Validate (2018.02.04)
	sed -r -e 's/[[:blank:]]*[\#\/].*$//g' adbListType$BL_Index.p01 > adbListType$BL_Index.p02 # remove comment
	sed -r -e 's/^(127\.0\.0\.1|0\.0\.0\.0)[[:space:]]*/zone "/g' adbListType$BL_Index.p02 >> adbListAll.raw # Add line head (2018.01.07 M4RC)
	;;

MacUser
Trainee
Trainee
Posts: 16
Joined: Thu Jul 28, 2011 1:02 am

Re: adblock - Help me - How to [something like pi-hole]

Unread post by MacUser » Sun Jun 24, 2018 7:14 pm

Changed it - started ad-blocker.sh (without logging, line with sqlite commented out) - got the sed-error:

Code: Select all

sed: can't read /var/packages/DNSServer/target/script/ad-blocker-blacklist.db: No such file or directory
not too astonishing, there is no ad-blocker-blacklist currently.

Got a new data/null.zone.file

Code: Select all

cat ../named/etc/zone/data/null.zone.file 
zone "null.zone.file" {
	type master;
	file "/etc/zone/master/null.zone.file";
	allow-transfer {any;};
	allow-update {none;};
	allow-query {any;};
};
include "/etc/zone/data/ad-blocker.db";
it's the same like before, a new data/ad-blocker.db and a new master/null.zone.file

Code: Select all

cat ../named/etc/zone/master/null.zone.file 
$TTL 86400				; one day
@ IN	SOA	ns.null.zone.file. mail.null.zone.file. (
			2018062400	; serial number YYYYMMDDNN
			86400		; refresh	1 day
			7200		; retry		2 hours
			864000		; expire	10 days
			86400 )		; min ttl	1 day
		NS	ns.null.zone.file.
		A	127.0.0.1
		AAAA	::1
* IN	A	127.0.0.1
* IN	AAAA	::1
but even an own ./reload.sh or ./restart.sh doesn't change the behavior. A "dig zzhomes.com" shows that named is doing it's job on resolving the domain-name to ip-address but not it's job in changing it to 127.0.0.1.
MacUser's migrating to Linux - only about 10% computertime left on MacOS and steadily decreasing.

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by Briolet » Wed Jun 27, 2018 4:22 pm

MacUser wrote:
Sun Jun 24, 2018 7:14 pm
A "dig zzhomes.com" shows that named is doing it's job on resolving the domain-name to ip-address but not it's job in changing it to 127.0.0.1.
But, are you shure that "zzhomes.com" in any of your blocklists? I have several blocklist active with a total of 49835 domains and subdomains, but "zzhomes.com" is not among them.

And why using "dig"? The command "host" gives a more readable output. Just the info you need for this test.

MacUser
Trainee
Trainee
Posts: 16
Joined: Thu Jul 28, 2011 1:02 am

Re: adblock - Help me - How to [something like pi-hole]

Unread post by MacUser » Sun Jul 01, 2018 10:03 pm

Yes, zzhomes.com is in my ad-blocker.db

Code: Select all

[...]
zone "z.zeroredirect.com" { type master; notify no; file "/etc/zone/master/null.zone.file"; allow-transfer {none;}; allow-update {none;}; allow-query {any;}; };
zone "zzha.net" { type master; notify no; file "/etc/zone/master/null.zone.file"; allow-transfer {none;}; allow-update {none;}; allow-query {any;}; };
zone "zzhomes.com" { type master; notify no; file "/etc/zone/master/null.zone.file"; allow-transfer {none;}; allow-update {none;}; allow-query {any;}; };
zone "zzmyw.com" { type master; notify no; file "/etc/zone/master/null.zone.file"; allow-transfer {none;}; allow-update {none;}; allow-query {any;}; };
zone "zzptzdhugavot.review" { type master; notify no; file "/etc/zone/master/null.zone.file"; allow-transfer {none;}; allow-update {none;}; allow-query {any;}; };
[...]
I'm using dig because I'm used to do it ... ok, not an argument, I'll give host a try. Well, the output is shorter but unfortunately shows the IP-Address of zzhomes.com.
MacUser's migrating to Linux - only about 10% computertime left on MacOS and steadily decreasing.

xgoldpt
I'm New!
I'm New!
Posts: 5
Joined: Sun Feb 21, 2016 9:25 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by xgoldpt » Sun Jul 08, 2018 6:26 pm

Hi there.
Are Sy-Hole working in DMS 6.2? (or even pi-hole or any adblock)?
Thanks ;)

PS: My NAS is Synology DS215j

MacUser
Trainee
Trainee
Posts: 16
Joined: Thu Jul 28, 2011 1:02 am

Re: adblock - Help me - How to [something like pi-hole]

Unread post by MacUser » Wed Aug 01, 2018 11:46 am

All supporters of ad-blocker,
thanks for your precious commitment to ad-blocker!

At first, the new version of ad-blocker V2 from Briolet didn't work, too. I looked into it and couldn't find any hint, what should have been wrong in the script concerning my setup (nothing special or complex in there). Then I decided to delete and reinstall DNS Server from scratch. Afterwards I prepared for ad-blocker (created null.zone.files) and ran the script again.

And now, voila, it works again. :D

But sorry, I couldn't find out what actually went wrong with my former setup. I still have a copy of the zone directory but that doesn't look any different (even for diff) from the now working zone directory. :?

And "yes" to xgoldpt: ad-blocker V2 from Briolet works on DSM 6.2 (DSM 6.2-23739 Update 2) on a DS216+II
MacUser's migrating to Linux - only about 10% computertime left on MacOS and steadily decreasing.

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by Briolet » Wed Aug 01, 2018 12:04 pm

My script is a modification of the original script. (I only send a downloadlink to MacUser).

Glad to hear that the script basically works with DSM 6.2 and it was something in the basic setup of the zone file that gave the problem. I added one additional check for a wrong setup of the zone file. But that was apparently not the problem in your setup.

I changed a lot in that script. The biggest change is that al sourcefiles are kept so they don't need to be be downloaded again if there was no change in certain lists.

BobW
Beginner
Beginner
Posts: 28
Joined: Wed Sep 18, 2013 3:32 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by BobW » Sun Sep 16, 2018 7:34 am

Is it possible to setup the “null.zone.fill” as an slave zone on a secondary nas? Will it work?
Or do I have to setup a new master zone for it to work.

I have it already setup on my main NAS and l would like to set it up on a secondary NAS.

Briolet
Experienced
Experienced
Posts: 145
Joined: Sun Jun 23, 2013 4:47 pm

Re: adblock - Help me - How to [something like pi-hole]

Unread post by Briolet » Sun Sep 16, 2018 9:19 am

At the https://www.synology-forum.nl/dns-serve ... dleiding)/ I have a modification of the script that can export the null.zone.file to a special location on your nas. From there the second nas can pick it up with a short script you have to write yourself. (The download link of the script is at the end of the first post)

That was an adition for someone that used a raspbery pi as second dns server.

But, that is not a slave zone. It only makes that you don't have to do the download, calculation and maintainance of the white/blacklists twice.

Why not just try if creating a slavezone on the secondary nas works?

Locked

Return to “System Managment Mods”