Domain being blocked but shown as not blocked in query


#53

What you greped for is misleading. Try to grep for one the query IDs as I suggested instead of the domain to shed some more light on the issue!

I see this now. Sorry, I lost your previous posts in this already 40+ posts long thread… A phone is really not a great place for accessing the web.


Anyway, I used the Internet in the shopping center not too far from me today and tried to reproduce what you’re seeing. However, I couldn’t get my Pi-hole to give such strange outputs, see below.

Screenshot%20from%202018-10-13

Log output of the test - everything is correct:

Oct 13 15:12:17 dnsmasq[9199]: 21105 127.0.0.1/53789 query[A] abc.abc from 127.0.0.1
Oct 13 15:12:17 dnsmasq[9199]: 21105 127.0.0.1/53789 /etc/pihole/black.list abc.abc is 0.0.0.0

Oct 13 15:12:22 dnsmasq[9199]: 21106 127.0.0.1/33971 query[A] adups.com from 127.0.0.1
Oct 13 15:12:22 dnsmasq[9199]: 21106 127.0.0.1/33971 /etc/pihole/regex.list adups.com is 0.0.0.0

Oct 13 15:12:37 dnsmasq[9199]: 21107 127.0.0.1/34829 query[A] doubleclick.net from 127.0.0.1
Oct 13 15:12:37 dnsmasq[9199]: 21107 127.0.0.1/34829 /etc/pihole/gravity.list doubleclick.net is 0.0.0.0

Query Log:

Do you have custom configurations on your Pi-hole? Like additional (non-standard) addn-hosts=... lines?


#54

I don’t have any addn-hosts=

My current setup. Pi-hole DEV and Unbound 1.8.1

dnsmasq.d/99-ipbinding.conf

except-interface=lo
listen-address=192.168.xx.xx
bind-interfaces

setupVars.conf

WEBPASSWORD=99.....
BLOCKING_ENABLED=true
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.xx.xx/16
IPV6_ADDRESS=xxx../64
QUERY_LOGGING=false
INSTALL_WEB_SERVER=false
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=false
DNSMASQ_LISTENING=all
PIHOLE_DNS_1=127.0.0.1#53
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false

pihole-FTLconf

MAXDBDAYS=2
DBINTERVAL=10.0
DBIMPORT=yes
IGNORE_LOCALHOST=yes

pi.hole/admin - system - DNS

Selected Listen on all interfaces, permit all origins

Interface listening behavior
    Listen on all interfaces
    Allows only queries from devices that are at most one hop away (local devices)
    Listen only on interface eth0
    Listen on all interfaces, permit all origins

Listening on:

:~# netstat -tulpn | grep :53
tcp  192.168.xx.xx:53       0.0.0.0:*    LISTEN      14329/pihole-FTL
tcp  127.0.0.1:53           0.0.0.0:*    LISTEN      12488/unbound
udp 192.168.xx.xx:53        0.0.0.0:*                14329/pihole-FTL
udp 127.0.0.1:53            0.0.0.0:*                12488/unbound

#55

Why is your unbound instance listening on 53. for proper separation and setup change the unbound config to use 5353 as piholke should be listening on 127.0.0.1 as well as your 192.168.x.x


#56

I had already used a reverted version a few days ago but the result was the same.

Using Unbound on 127.0.0.1 to avoid during update or repair the DNS resolution. It is separated and when I am on my Pi-hole then I have to dig @192.168.xx.xx pi-hole.net to use the Pi-hole and dig pi-hole.net to use Unbound.
This can be done because my hosts file TLD entries are in Unbound because of the 2 sec TTL setting. In the hosts file are only entries that are local and and pi.hole and no other TLD.
I think that pi.hole can also moved to Unbound but I test that on a later time…

I have a 4.0 version running on my backup PI and after updating to DEV I get the problem. Downgrading to 4.0 the problem is solved.

No changes made in the config only the change from Master to DEV and back.


#57

I tested it with NXDOMAIN blocking and even gets stranger:

I remember reading the that the blacklist is read into cache on start…


#61

I don’t know what exact you mean, i feel sorry about it.
Anyway, if i ping, the domain is blocked.
My point is, as far as i know and can see in pihole.log, that the domain sometimes is blocked and sometimes seems to be not blocked, anyway, that’s my conclusion, is that right ?
What is wrong in my mind/conclusion ? Because i get confused :rofl:


Blacklisting and Whitelisting doesn´t work