DNSMasq for GoogleSafeSearch not allow LOGIN google Account!

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
lumanga
DD-WRT Novice


Joined: 26 Aug 2018
Posts: 10
PostPosted: Sun Mar 22, 2020 14:53    Post subject: DNSMasq for GoogleSafeSearch not allow LOGIN google Account! Reply with quote
Dear all,
I have setted, with success, my TL-WR1043ND with DD-WRT v3.0-r36079 to have a NEW WiFi AP connection protected and filtered for my childrens:

- Setup: connection type= WAN (MY MODEM IP range is 192.168.1.*)
- Network setup= 192.168.3.1 (255.255.255.0)
- DHCP ON from 192.168.3.2 to 192.168.3.100

I have also enabled filter with OpenDSN Family filter.
Enabled and added in "Services > DNSMasq > Additional DNSMasq Options"

Code:

no-resolv
strict-order

address=/www.google.com/216.239.38.120
address=/www.google.it/216.239.38.120
address=/google.it/216.239.38.120

address=/facebook.com/0.0.0.0
address=/bing.com/0.0.0.0
address=/www.bing.it/0.0.0.0

address=/youtubei.googleapis.com/216.239.38.120
address=/youtube.googleapis.com/216.239.38.120
address=/www.youtube-nocookie.com/216.239.38.120
address=/yahoo.com/0.0.0.0
address=/yahoo.it/0.0.0.0
address=/itunes.apple.com/0.0.0.0

#  AMAZON, FireHD MENU vari in Home:
address=/amazon.com/0.0.0.0
address=/amazon.it/0.0.0.0
address=/amazonaws.com/0.0.0.0
address=/music.amazon.it/0.0.0.0
address=/music.amazon.com/0.0.0.0
address=/primevideo.com/0.0.0.0
address=/amzn/0.0.0.0
address=/apps/0.0.0.0
address=/com.amazon/0.0.0.0

# GOOGLE PLAY Ecc ecc:
address=/play.google.com/0.0.0.0
address=/play.google/0.0.0.0
address=/ggpht.com/0.0.0.0
address=/play.googleapis.com/0.0.0.0
address=/android.clients.google.com/0.0.0.0
address=/www.googleapis.com/0.0.0.0
address=/gvt1.com/0.0.0.0

# AD block:
address=/googlesyndication.com/0.0.0.0
address=/google-analytics.com/0.0.0.0
address=/doubleclick.net/0.0.0.0
address=/gstatic.com/0.0.0.0
address=/pubmatic.com/0.0.0.0
address=/adservice.google.it/0.0.0.0
address=/ebay.doubleclick.net/0.0.0.0
address=/google-analytics.com/0.0.0.0
address=/ssl.google-analytics.com/0.0.0.0
address=/fastclick.net/0.0.0.0
address=/www.google-analytics.l.google.com/0.0.0.0
address=/msn.com/0.0.0.0
address=/googletagservices.com/0.0.0.0
address=/googleads.g.doubleclick.net/0.0.0.0
address=/googleadservices.com/0.0.0.0
address=/amazonaws.com/0.0.0.0
address=/doubleclick.net/0.0.0.0
address=/googlecode.com/0.0.0.0

# OpenDNS FAMILY FILTER:
server=208.67.222.123
server=208.67.220.123


And the filtres works great, BUT I'm NOT ABLE TO LOGIN into google account and other necessary google services!

There is a way to still use the Google SafeSearch service but also allow other google service?? GoogleAccount, Gdrive, meet, hangshout etc??

thanks in advance.[/code]
Back to top View user's profile Send private message
Sponsor
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1447
Location: Appalachian mountains, USA
PostPosted: Sun Mar 22, 2020 15:34    Post subject: Reply with quote
I doubt you can safely block gstatic.com, but I could be wrong.

The thing to do in these situations is a sort of binary search for the problem. Remove half the site-blocking lines and see if your needed services are restored. You'll then know which half of your lines contains the problem. Then repeat using half of the problem half, etc. You'll figure it out in not too many steps.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14246
Location: Texas, USA
PostPosted: Sun Mar 22, 2020 15:37    Post subject: Reply with quote
Because you are blocking and redirecting them.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6447
Location: UK, London, just across the river..
PostPosted: Sun Mar 22, 2020 16:02    Post subject: Reply with quote
kernel-panic69 wrote:
Because you are blocking and redirecting them.


yep KP69 said it....there



In general blocking things via additional DNSmasq rules has a certain limits...
consider use of more sophisticated adblocking script
with whitelisting...it will help, many available in the forum...have a search...


as we don't know your router version i cannot recommend you an upgrade to a newer build, but im sure your reading/searching skills, will help you in that endeavor, as newer builds have a lots of updates especially regarding DNSmasq

ftp://ftp.dd-wrt.com/betas/2020/ last/old builds here

personally, i stay away from any GGL stuff, if you want safe search use DuckDuck...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
lumanga
DD-WRT Novice


Joined: 26 Aug 2018
Posts: 10
PostPosted: Mon Mar 23, 2020 15:27    Post subject: last and stable for my Router TP-LINK TL-WR1043N Reply with quote
Alozaros wrote:
as we don't know your router version i cannot recommend you an upgrade to a newer build...


I have the TP-LINK Router code TL-WR1043ND
Some months ago I asked which version of DD-WRT was the last and stable for my Router, and I have installed the release DD-WRT v3.0-r36079.

Do you know if a newer version is compatible with TL-WR1043ND ??

Thanks in advance!
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14246
Location: Texas, USA
PostPosted: Mon Mar 23, 2020 15:30    Post subject: Reply with quote
Newer firmware isn't going to fix a misconfiguration.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6447
Location: UK, London, just across the river..
PostPosted: Tue Mar 24, 2020 11:03    Post subject: Reply with quote
kernel-panic69 wrote:
Newer firmware isn't going to fix a misconfiguration.


yep, true so true...(Winnie-the-Pooh)

lumanga wrote:

I have the TP-LINK Router code TL-WR1043ND
Some months ago I asked which version of DD-WRT was the last and stable for my Router, and I have installed the release DD-WRT v3.0-r36079.

Do you know if a newer version is compatible with TL-WR1043ND ?? Thanks in advance!


nope i don't as we still don't know which is your router model version...
have a look at the sticker...and report...
or at general statistics menu...if you are lucky...
if you find it, have a look at the forum threads as this is your homework not mine..
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
siege
DD-WRT User


Joined: 23 Dec 2016
Posts: 90
PostPosted: Fri May 29, 2020 16:05    Post subject: Reply with quote
Google shows you how to do this here:
https://support.google.com/websearch/answer/186669?hl=en

What I have in my DNSMasq options is this:
Code:
no-resolv
domain-needed
server=208.67.222.222
server=208.67.220.220
dhcp-range=::1,::400,constructor:br0,slaac,ra-names,6h
dhcp-option=option6:dns-server,[::]
cname=www.youtube.com,m.youtube.com,youtubei.googleapis.com,youtube.googleapis.com,www.youtube-nocookie.com,restrictmoderate.youtube.com
cname=bing.com,www.bing.com,strict.bing.com
cname=duckduckgo.com,www.duckduckgo.com,start.duckduckgo.com,duck.com,www.duck.com,safe.duckduckgo.com
cname=pixabay.com,safesearch.pixabay.com
cname=google.com,www.google.com,forcesafesearch.google.com

This (along with the "Forced DNS Redirection" checkbox on the setup page) ensures that all of my devices are going to use OpenDNS (on which I have the family filters set), and that any requests for Google, Bing, etc., will go to their safe search counterparts.

(I also have all of Google's country-specific entries in there as well, but that's another ~200 lines I didn't want to copy above.)
Back to top View user's profile Send private message
woodwa
DD-WRT Novice


Joined: 17 Nov 2021
Posts: 1
PostPosted: Wed Nov 17, 2021 11:20    Post subject: Reply with quote
After some monkeying round I got dnsmasq and opendns to play nicely.

I'm sure it could be improved but it does the job
this article helped immensely: https://spotlightcybersecurity.com/openwrt-dnsmasq-google-youtube-bing-filtering.html

In the DNS setup screen i have all the DNS servers as 0.0.0.0

dnsmasq settings in the services tab

Code:

server=208.67.222.222
server=208.67.220.220
host-record=forcesafesearch.google.com,216.239.38.120
cname=www.google.com,forcesafesearch.google.com

# force bing family filter
host-record=strict.bing.com,204.79.197.220
cname=www.bing.com,strict.bing.com

# force youtube restricted mode
host-record=restrictmoderate.youtube.com,216.239.38.119
cname=www.youtube.com,restrictmoderate.youtube.com
cname=m.youtube.com,restrictmoderate.youtube.com
cname=youtubei.googleapis.com,restrictmoderate.youtube.com
cname=youtube.googleapis.com,restrictmoderate.youtube.com
cname=www.youtube-nocookie.com,restrictmoderate.youtube.com
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum