AdList not working when clicking on a domaine name in a Google search

tchekAmar · May 30, 2025, 12:02pm

Hi Guy,
I have setup DNS Adlist and it is working when i enter the domain name directly in the address bar of my browser.

On the computer the DNS server is the Mikrotik lan ip address and on the Mirkrotik router i have set up 2 NAT rules for DNS interception and redirection to the router on port 53 tcp and udp.

The problem is that when i make a Google search of a domain name on the blacklist and I click on it inside the google result page, the website open successfully.

I have setup a pihole server with the same Adlist and it’s working even if i go through google search.

Did i miss something ?

Regards

ToTheFull · May 30, 2025, 12:29pm

Clear Browser cache

Windows command promt
ipconfig /flushdns

Mikrotik Terminal
/ip/dns/cache/flush

Does your Adlist load properly
/ip/dns/adlist/print

While your at it give us a readout
/ip/dns/export

tchekAmar · May 30, 2025, 2:26pm

Thanks for your answer, i had done clearing browser cache, flushing mikrotik and windows dns but i got the same result.

My Adlist load properly (see image below), i set my DNS cache size to 40Mb
Capture d’écran du 2025-05-30 15-22-05.png
/ip/dns/export

Regards,

ToTheFull · May 30, 2025, 3:05pm

It has to be to do with something else then, mine works 100% but I’m not redirecting. Maybe someone else will be able to help.

Here is my working config with DoH you can try just to rule out the NAT.

Enable internal certs 7.19 On >>>>>

/certificate/settings/set builtin-trust-anchors=trusted

/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=40000KiB doh-max-concurrent-queries=200 doh-max-server-connections=6
max-concurrent-queries=200 max-concurrent-tcp-sessions=40 use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns adlist
add url=https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/pro.txt
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
add address=1.1.1.1 name=cloudflare-dns.com type=A
add address=1.0.0.1 name=cloudflare-dns.com type=A

Obviously use your ip where 192.168.88.1 is

Block incoming firewall rules to port 53

add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp

ToTheFull · May 30, 2025, 3:44pm

Block port 53 then filter DoH servers

https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/doh.txt

tchekAmar · May 30, 2025, 10:29pm

Hi @ToTheFull, thanks for your clarification. It’s working now after updating my ROS from v18.2 to v19 and configuration certificates settings and blocking incoming to port 53 from internet.

When i enabled doh like you did, my clients failed to resolve DNS queries so i keep it disabled.

Regards,

ToTheFull · May 31, 2025, 7:27am

Let me just clarify, the above list would block ALL DoH. you would need to white list the dns you wanted to use.
Example:

0.0.0.0 dns.233py.com.cdn.cloudflare.net
0.0.0.0 dns.cloudflare.com
0.0.0.0 cloudflare-dns.com
0.0.0.0 1dot1dot1dot1.cloudflare-dns.com
0.0.0.0 chrome.cloudflare-dns.com
0.0.0.0 dns64.cloudflare-dns.com
0.0.0.0 dooh.cloudflare-dns.com
0.0.0.0 family.cloudflare-dns.com
0.0.0.0 mozilla.cloudflare-dns.com
0.0.0.0 odoh.cloudflare-dns.com
0.0.0.0 opera.cloudflare-dns.com
0.0.0.0 security.cloudflare-dns.com
0.0.0.0 tor.cloudflare-dns.com
0.0.0.0 cloudflare-gateway.com
0.0.0.0 api.cloudflareclient.com
0.0.0.0 cloudflareresolve.com

Glad you got it working!

tchekAmar · May 31, 2025, 8:23am

Oh my god, I assumed cloudflare-dns.com wasn’t in this list because you’re using it.

It’s ok now.

Thanks