Troubleshooting Adblocking with DNS
Overview
With the recent changes to my internal network with the goal of blocking ads by null-routing domains that are well-known to serve ads, come a few issues. Certain sites are broken, particularly some shopping sites. I have conducted some troubleshooting and developed some tools and processes that will help if I need to troubleshoot in the future.
Troubleshooting
When a site shows up with missing assets, and you absolutely need these assets, you have to learn all the domains in use so that you can whitelist them in the adblock-via- dns process. Visit the site in a Mozilla-based browser, and press F12 to open the developer tools. Select the "Network" tab. Reload the page. Right-click in any non-link area of the Network tab, so that you get the context menu. Select "Copy all as HAR" and save down the file. To process a HAR and show all the unique domains that were requested, use this jq snippet.
<input.har jq ".log.entries" | jq --raw-output "[.[] | .request.url] | sort | unique | .[]" | awk -F'/' '!x[$3]++ {print $3}'
This command is adapted from reference 2.
C program for looking up domain names
I wrote a C program, named full_resolver, which accepts domain names on
standard input, and outputs the fully resolved IP addresses. This is useful
for determining if any domains are resolving to 0.0.0.0. This is my first C
program with a real use! See reference
4 for source code.
Solving the problem
Find all the domains, from the HAR file. Pipe them to full_resolver when
your system resolvers (in /etc/resolv.conf) are the local dns servers with
ad blocking. Any zeroed-out domains, i.e., 0.0.0.0, should be whitelisted in
the /etc/installed/dns-whitelist file on the local dns server.
Comments