A single DNS request ASCII code 126 shows my home folder as DNS request

The issue I am facing:
I crafted a program in QB64 to test the sort of invalid DNS requests The Yacy search engine puts up.

Pic 1.
A single Malformed DNS request of ASCII code 126 shows my computers home folder as DNS request there are also quite a few of the extended set as well.
Pic 2.
A single Malformed Dns requests lists files in folder on my computer as DNS requests.
Pic 3.
A single Malformed DNS request of ASCII code 136 and 215 gives Blocked database busy.

Note: could be a fault with Ubuntu

Details about my system:
Ubuntu 22.04 HP prolient 360d G8 Pihole
Ubuntu 22.04 client

Screenshot from 2024-06-10 04-00-26

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

https://tricorder.pi-hole.net/qr7gmsLk/

Thanks

The issue is probably in your program.

The ASCII character 126 is ~,

Your program is expanding ~ into /home/nextcloud and querying something like dig /home/nextcloud.

Fix your program to not use bash expansion.

Edit:

Just to explain better:

  • dig ~ will be executed as dig $HOME (expanding the variable into the path).
  • dig "~" (or dig '~') will be executed as dig '~' and will try to query this domain: ~.

ok thanks that is the cause.

I've tried sending the same characters through Pi-hole, and it's handling them and correctly returning NXDOMAIN results. The Query Log shows placeholder characters on this elderly Mac.

Your screenshot shows a lookup for 136.com, not for ASCII code 136. As rdwebdesign says, this suggests your client software is handling these strings in ways which are not obvious, for example turning that character into a string of its value, or expanding a character into its meaning within the environment.

On a loosely related note, your log show a lot of invalid domains towards the end – various control characters and even entries with carriage returns. It would be best to delete these, re-entering them correctly if needed.

1 Like

I did that code to see what was going down to the pihole.

Shell "dig @192.168.1.55 " + domain$
    Shell "dig @192.168.1.55 " + Str$(a) + ".com"

The point being though that the screenshot shows a normal domain against the "database is busy" message, so this doesn't look related to any special characters messing Pi-hole around – I suspect you would have seen that message no matter what domain happened to be queried at that moment in time.

$ printf '\136\215' | nslookup
Server: 192.168.1.2
Address: 192.168.1.2#53
** server can't find ^\141: NXDOMAIN

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.