ROKU Issues with pfBlockerNG (CBS All Access, PBS, CNET) not working
-
I can only assume that the Roku devices are attempting to connect to this domain via HTTPS, and are not timing out as expected… DNSBL uses port forwards to redirect the DNS blocked request to the lighttod webserver. So for HTTPS blocked domains, the browser or app will see that the Certificate of the DNSBL Webserver doesn't match the requested domain and it should immediately timeout and close the connection....
The next version of the package will have an option to utilize "0.0.0.0" instead of the DNSBL VIP... So that might address this issue for these particular situations. You could temporarily whitelist this domain in DNSBL and add a host override in Unbound for this domain and point it to "0.0.0.0"...
-
I should also report that I have two other routers running ASUS Merlin 380.66_2. On these routers I use an ad blocking solution https://www.ab-solution.info/ which also blacklists pubads.g.doubleclick.net. But CBS, PBS and CNET work fine on those routers with the Roku 4 and I don't have to whitelist the pubads.g.doubleclick.net site on that ad blocking solution.
You can see from the website link that you provided above, that pixelserv is MITM'ing the domains by creating false certificates… obviously something that I want to avoid:
pixelserv-tls.add: Added option to purge auto-generated pixelserv-tls certificates.
-
Thanks for the explanation BBcan117. Your contribution to the pfSense community is huge! I look forward to the next version.
-
A quick follow-up. I followed BBCan117's suggestion to use a host override for pubads.g.doubleclick.net and the CNAME partnerads.l.doubleclick.net.
The Roku channels still work, and the ads are not appearing. Problem solved.
-
A quick follow-up. I followed BBCan117's suggestion to use a host override for pubads.g.doubleclick.net and the CNAME partnerads.l.doubleclick.net.
The Roku channels still work, and the ads are not appearing. Problem solved.
Does my host overrides look correct (see attachment)? This is a new one for me on pfSense.
Also, did you keep the Custom Domain Whitelist entry for pubads.g.doubleclick.net in the DNSBL Configuration screen?
Regards, Xentrk
-
Your host override isn't quite right. Make it look like the attached image. Keep the domains in your whitelist. I kept the whitelist for both domains. I'm not sure if DNSBL or the host override is processed first, but it seems to work this way.
-
Your host override isn't quite right. Make it look like the attached image. Keep the domains in your whitelist. I kept the whitelist for both domains. I'm not sure if DNSBL or the host override is processed first, but it seems to work this way.
Thanks you reisender and BBCan177 for the help. With the DNS Resolver change, I no longer see ads on those channels. I will need to watch more to make sure. A nice benefit for sure. I'm happy to get those channels working again though. I never thought it was my firewall blocking them for two months as they worked okay before the last part of April. I then saw on the Roku forums that others were having an issue as well. I posted the fix on the Roku forum site. Having access to TV in USA enhances my expat life here in the land of smiles.
Because of this issue, I learned features of pfBlockerNG and DNS Resolver that I was not aware of. I appreciate your help and educating me along the way! I am very grateful for the help you all provided.
Regards, Xen
-
Thanks you reisender and BBCan177 for the help. With the DNS Resolver change, I no longer see ads on those channels. I will need to watch more to make sure. A nice benefit for sure. I'm happy to get those channels working again though. I never thought it was my firewall blocking them for two months as they worked okay before the last part of April. I then saw on the Roku forums that others were having an issue as well. I posted the fix on the Roku forum site. Having access to TV in USA enhances my expat life here in the land of smiles.
Because of this issue, I learned features of pfBlockerNG and DNS Resolver that I was not aware of. I appreciate your help and educating me along the way! I am very grateful for the help you all provided.
Regards, Xen
NP your welcome… ;)
-
Your host override isn't quite right. Make it look like the attached image. Keep the domains in your whitelist. I kept the whitelist for both domains. I'm not sure if DNSBL or the host override is processed first, but it seems to work this way.
reisender,
Is CBS all access still working for you? It stopped working for me last night. When I select a video to watch, I get a little spinning symbol for a few seconds followed by a black screen. I can watch live TV okay. It is just the on demand videos that are the issue. It works okay on my ASUS router using AB-Solution.info ad blocker. But I do see ads. Maybe it is time to pay the extra $$ for the ad free version.
-
Your host override isn't quite right. Make it look like the attached image. Keep the domains in your whitelist. I kept the whitelist for both domains. I'm not sure if DNSBL or the host override is processed first, but it seems to work this way.
reisender,
Is CBS all access still working for you? It stopped working for me last night. When I select a video to watch, I get a little spinning symbol for a few seconds followed by a black screen. I can watch live TV okay. It is just the on demand videos that are the issue. It works okay on my ASUS router using AB-Solution.info ad blocker. But I do see ads. Maybe it is time to pay the extra $$ for the ad free version.
I have it working again. I was unable to determine the domain or host file causing the issues. I did some testing with hosts file on my ASUS router using AB-Solution. I had issues when I went to higher levels of hosts files. I found the right combination that made it work on the ASUS. I replicated that on the pfSense. I started with this list:
http://someonewhocares.org/hosts/hosts http://sysctl.org/cameleon/hosts http://winhelp2002.mvps.org/hosts.txt http://www.malekal.com/HOSTS_filtre/HOSTS.txt http://www.malwaredomainlist.com/hostslist/hosts.txt https://zeustracker.abuse.ch/blocklist.php?download=hostfile http://www.hostsfile.org/Downloads/hosts.txt http://www.securemecca.com/Downloads/hosts.txt http://hosts-file.net/exp.txt http://hosts-file.net/ad_servers.txt http://hosts-file.net/emd.txt http://hosts-file.net/hjk.txt http://hosts-file.net/fsa.txt http://hosts-file.net/grm.txt http://hosts-file.net/psh.txt http://hosts-file.net/mmt.txt http://hosts-file.net/hfs.txt http://hosts-file.net/pha.txt http://hosts-file.net/wrz.txt http://raw.githubusercontent.com/michaeltrimm/hosts-blocking/master/_hosts.txtAnd narrowed it down to this list
https://adaway.org/hosts.txt http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext&useip=0.0.0.0 http://someonewhocares.org/hosts/zero/hosts http://winhelp2002.mvps.org/hosts.txt http://www.malwaredomainlist.com/hostslist/hosts.txt http://hosts-file.net/ad_servers.txt http://hosts-file.net/emd.txt http://hosts-file.net/grm.txt http://hosts-file.net/mmt.txtPerhaps one of these days, I will take some the hosts files back in one by one until I determine which one caused me the grief.
-
The above solution was a false positive. It did not work. I ended up removing the Host Overrides in DNS Resolver to get it working. However, ads are now appearing. We'll, I am paying for the lower tier with ads. So I can live with it. Enjoying it ad free was nice while it lasted though.
