The issue I am facing:
When launching and authenticating on the Ally Banking App, while on my wifi w/latest pihole, the app hangs and never leaves the auth screen. When i turn off wifi (on cell service) the app behaves normally. It is possible this is the doing of Ally Bank where they started using some trackers (seen a few while tailing the log). But was wondering if someone else encountered this problem (?)
Details about my system:
Linux rpi4B-Pihole1 5.10.17-v7l+ #1403 SMP Mon Feb 22 11:33:35 GMT 2021 armv7l GNU/Linux
PI-HOLE [V5.8.1]
FTL [V5.13]
WEB INTERFACE [V5.10.1]
What I have changed since installing Pi-hole:
1- updated pihole, ftl, & webui to latest builds
2- updated Ally app to latest but that works fine without pihole on multiple devices
What I have tested:
1- tested on ios 14.7 & 15.2 & 15.3 with pihole and without, always fails with pihole and succeeds without.
2- Currently on Quad9 (filtered, dnssec) -> tested pihole with different upstream dns (google, cloudflare, opendns) with same failure in Ally app.
Please help!! thx
3- I disbaled pihole IP/dns in my router settings, defaulting the dns to ISP's = ally app worked fine. re-enabled pihole dns setting in router, ally app broken again
That's thing - I already done that = tailed the log as the app launches all I find are below entries. I enabled/white-listed all of them but did not work. Incidentally, the desktop website works fine with my network and pihole (see below what was blocked). It is just the Ally iOS app that yaks with pihole.
iOS App (tail -f pihole.log | grep blocked):
Jan 31 11:23:06 dnsmasq[1884]: gravity blocked api.segment.io is NXDOMAIN:
Jan 31 11:23:14 dnsmasq[1884]: gravity blocked mobile.eum-appdynamics.com is NXDOMAIN
Jan 31 11:23:15 dnsmasq[1884]: gravity blocked dpm.demdex.net is NXDOMAIN
Jan 31 11:23:15 dnsmasq[1884]: gravity blocked mobile.launchdarkly.com is NXDOMAIN
Jan 31 11:23:15 dnsmasq[1884]: gravity blocked t.mookie1.com is NXDOMAIN
website - works just fine:
Jan 31 11:43:22 dnsmasq[1884]: gravity blocked events.launchdarkly.com is NXDOMAIN
Jan 31 11:43:22 dnsmasq[1884]: gravity blocked assets.adobedtm.com is NXDOMAIN
Jan 31 11:43:23 dnsmasq[1884]: gravity blocked rum-http-intake.logs.datadoghq.com is NXDOMAIN
Jan 31 11:43:23 dnsmasq[1884]: gravity blocked mobile.launchdarkly.com is NXDOMAIN
Jan 31 11:43:36 dnsmasq[1884]: gravity blocked api.segment.io is NXDOMAIN
Well, what's the update on this?
I have proven this is the doing of latest Pihole and nothing else.
Please see if someone with an Ally banking account can reproduce this problem.
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
It would seem Pi-hole is doing what you've configured it to do.
A precursory glance at the whitelist items you recently added for your Ally Banking App shows these entries:
id type enabled group_ids domain date_added comment
--- ---- ------- --------- ----------------------------- ------------------- -------------
152 0 1 0 smetrics.ally.com 01.02.2022 14:36:21 for ally bank
153 2 1 0 (\.|^)ally\.com$ 01.02.2022 14:36:54 for ally bank
154 0 0 0 mobile.eum-appdynamics.com 01.02.2022 14:38:08 for ally bank
155 0 0 0 dpm.demdex.net 01.02.2022 14:38:30 for ally bank
156 0 0 0 app-measurement.com 01.02.2022 14:40:48 for ally bank
157 0 0 0 mobile.launchdarkly.com 01.02.2022 14:42:15 for ally bank
Note that only the first two entries are active, i.e. enabled is 1.
If you match them with the domains you've showed as blocked above, you'll notice that either there are no matching whitelist entries or the respective whitelist entries are inactive.
You should revisit your domain settings in Pi-hole's Group Management and adjust them as required.
Bucking_Horn,
Thanks for the reply, I really appreciate it. But you got all wrong.
All the whitelist "for ally bank" are experiments by me to see if those are what's causing the problems with app auth. Nothing I enabled / disabled worked until I changed my router's DNS to default/ISP's. After that the app worked fine - since pihole wasnt in the middle anymore. Re-enabling pihole at the router (current state) breaks the app. Also tried many other UPSTREAM DNS SERVERS with same failure. BTW, this app worked fine with previous pihole, ftl, webui .etc.
I am hoping that jfb will have better insight; since i uploaded the debug file earlier.
Again thank you in any case, for taking a look and trying to help.
Bucking_Horn is looking at that log as well, and that is where the domain information came from.
If Pi-hole is interfering with your desired content, you will need to do some additional troubleshooting.
Check this FAQ and see if there are steps in there that can help you troubleshoot this.
If nothing is being blocked by Pi-hole, it is possible that the IP's being returned by your upstream DNS servers are not correct for your physical location. Have you tried using your ISP DNS server as the upstream in Pi-hole?
Guys,
Thanks again, but as I said earlier, I have tried various upstream dns servers listed in pihole's gui and also the user the spectrum dns servers:
71.10.216.1
71.10.216.2
209.18.47.61
209.18.47.62
71.10.142.101
That did not fix the problem with the Ally app on ios.
I also mentioned earlier in the thread that when i suspend pihole or take out completely, the problem goes away. I truly understand this foss, but think if this app is broken, then other are too.
I put all black/white list to what it was in previous version of pihole and still the problem persists. I am convinced the problem is with current pihole release. I guess you guys have already given up. I will not.
So I brought up an older build of pihole in a docker container and temp replaced my own Pi. The problem went away. I then upgraded the docker pihole to the latest with pihole -up and the problem exactly as in my orig pihole, returned.
I am not sure what else I can do to solve this with the new pihole build.
** Note the - the tools you pointed me to, are no helpful in this case.
thx again.**