Why is my Adguard Home not filtering ads?

[kosymodo]

I've had my Adguard Home set up on my RPi for a few months now, after some excellent advice from @Rainmaker however I'm noticing more and more that an increasing number of websites are displaying ads. I've no idea why, so thought of asking you knowledgable folk!

AGH is set up with the oisd full blocklist (374,364 rules) which was last updated yesterday evening.

An example of a website currently displaying ads, which I'm sure didn't use to, is speedtest.net. I see ads surrounding the speedtest results on all 4 sides.

I've checked the Query Log, and my laptop is definitely a client. I've also checked my DNS settings in Win 10, which show the RPi IP address as the DNS server.

I should mention that DNS settings are being taken from my USG, which again has the RPi IP address in the DNS server field.

Any ideas folks?

 

[kosymodo]

OK, so I've kinda answered my own question - it's something to do with VPN changes from my employer.

Our IT dept made some changes to reduce the number of MFA prompts we will see when using the VPN, and it seems that something they've changed has affected my name servers. With the VPN connected (which it generally is all day), I have ads appearing. As soon as I disconnect from the VPN, the ads disappear. Therefore, to me anyway, it seems the VPN client is setting the name servers somehow. The odd thing is that we have 2 VPN connections - 1 which is 'split' so only empployer-related traffic is supposed to be affected, and then an 'all traffic' VPN which obviously affects all traffic. I'm connecting to the split VPN, yet it's still affecting the name servers.

Running nslookup when the VPN is connected, my default server is ***.***.ac.uk and the address is ***.38.1.1. (Both redacted for privacy reasons) With the VPN disconnected, my default server is UnKnown and the address is 192.168.1.100 (as expected)

 

[kosymodo]

Bummer. Is using your employer's DNS mandatory? You could always set up DoH in AGH and then set Firefox (or Chromium/Brave/whatever) to use DoH to bypass the local nameservers set by the VPN. In Firefox it's Settings > Network Settings (scroll down the first page in settings), and in Chromium based browsers it's under chrome://flags/settings/security.

It's not so much that it's mandatory, it's that I can't access anything off-site without using it lol!

Got one of my colleagues, who used to manage the VPN service, to ask some questions internally. He reckons it might be something to do with staff having problems connecting to hosts on private addresses. Seems wrong to set it up in this way though, so maybe they'll adjust the settings