Exclude devices from ad-blocking

Starting with Diversion 4.2.1, devices can be excluded from ad-blocking while still using the routers WAN DNS Server settings. This feature can be enabled in b

How does the exclude devices from ad-blocking work

Similar to the Alternate blocking list, Diversion starts a separate Dnsmasq instance, with its own configuration file.

This separate Dnsmasq instance is listening on its own virtual IP, same as pixelserv-tls is listening on its own virtual IP.
Specified clients (devices) within the routers LAN can then be directed via LAN/DNSFilter to use a Custom (user-defined) DNS.

Non-Diversion Dnsmasq directives in /jffs/scripts/dnsmasq.postconf are ignored. If found, /jffs/configs/dnsmasq.conf.add can optionally be included in the configuration file. This instance has no Dnsmasq log file and the activity will not be included in the Diversion stats.

Steps to enable exclude devices from ad-blocking

 

Step by step instructions

1. Select 10. Exclude devices from ad-blocking in b

2. Reserve an (additional) virtual IP address for the exclude devices Dnsmasq instance

Log into your routers WebUI and go to LAN / DHCP Server. Adjust the "IP Pool Starting Address".

In a standard router setup the starting IP pool address is 192.168.1.2

With Diversion Standard installed, this generally means increasing it from xxx.xxx.xxx.xx3 to xxx.xxx.xxx.xx4.
The reserved pixelserv-tls likely is set as xxx.xxx.xxx.xx2, so the new reservation would be xxx.xxx.xxx.xx3, or 192.168.1.3

With Diversion Lite installed, this generally means increasing it from xxx.xxx.xxx.xx2 to xxx.xxx.xxx.xx3.
The new reservation would be xxx.xxx.xxx.xx2, or 192.168.1.2

Make sure none of your devices uses the new reserved IP.

Click Apply in the WebUI.

3. Back in the SSH terminal, enter the reserved IP, the exclude devices IP address.

In this screenshot, the reserved IP 192.168.50.3 is entered. Use your reserved IP address, enter it into the terminal, then press Enter.

A couple of checks are done by Diversion. When successful, Diversion returns to the UI, informing that
Done Exclude devices from ad-blocking enabled.

4. Select clients to use exclude devices from ad-blocking

  • In the router WebUI, go to LAN / DNSFilter (or wherever your Asuswrt-Merlin's DNSFilter option is) and Enable DNS-based Filtering.
  • Set Global Filter Mode to "No Filtering" or whatever you have set it to, many have it set to "Router".
  • Enter the reserved IP address into the "Custom (user-defined) DNS 1" field (or DNS 2 field if the first one is populated)
  • Use the Client MAC address drop-down selector to select the first client and set the Filter Mode to "Custom 1" (or "Custom 2"), then click on the + icon on the right to add it to the list.
  • Repeat for every client you want to add
  • Click Apply and that's it.

 

Good to know

When entering b, 10, the options are now:

  • 1. Disable exclude devices from ad-blocking
  • 2. Change exclude devices IP address
  • 3. Use alternate upstream name server(s)
  • 4. Include dnsmasq.conf.add file. This option is only available if the file is present in /jffs/configs/

 

The dynamically generated alternate Dnsmasq config file can be viewed in sf under dnsmasq config file(s). Do not edit the file as it is written new every time Dnsmasq restarts.

Should ds Dnsmasq settings be enabled, any setting applied there will be included in this Dnsmasq instance.