Amazon Page does not load properly if at all on Chrome

History:

Installed Pi-hole three days ago on Raspberry Pi 3 B+ using DietPi image. Installed and configured unbound as well and all is working as expected according to dig returned results. Have NordVPN installed on Win10 client but not the Pi-hole DNS server. All site accessible except for Amazon. I noted using the Firefox browser there is no issue connecting to amazon so likely the DNS over https (DoH) bypasses the Pi-hole DNS server. Incognito sometimes brings up the page but most of the time without any images just text. Received message from amazon during my attempt to connect to their site and they wanted to confirm that is was me by requesting a returned text message. It seemed they questioned my identity. This was the first time I tried to connect to them since the install of the pi-hole DNS server. All other site have not had any issues connecting and rendering.

Expected Behaviour:

To be able to see the Amazon website or white list it so it may be viewable as it has prior to implementing Pi-hole. I have added it to the white list and I believe correclty. A good question would be if it is blacklisted will the white list over right the black list? I search the black list for Amazon and aws and found no returns. All other websites that I have visited since the deployment are working as expected.

Actual Behavior:

The amazon page sometimes loads after many refreshs or not at all. Sometimes only text appears but no background images are present. Amazon wanted to confirm and verify my identity with a CAPTCHA and a text message. I knew about Firefox's DoH solution so I downloaded and there where no issues rendering the amazon site. I do use NordVPN but it has not been a problem reaching Amazon in the past. Here is the Amazon nslookup on the Win10 client and you can see the NordVPN DNS listed IP address which I believe would be as expected. The Debugging Token is printed below as requested Thank you.

nslookup amazon.com
Server: UnKnown
Address: 103.86.99.99 → One of NordVPN listed DNS servers

Non-authoritative answer:
Name: amazon.com
Addresses: 54.239.28.85
176.32.103.205
205.251.242.103

Follow up 26Feb21
Interesting find is I am now able to launch amazon without any issue using chrome. However, the query log does not show any time entry for amazon.com. I have used the Firefox browser with DoH enabled to load Amazon.com prior to the problem. Perhaps the Amazon domain got cached in the Pi hole DNS this way? Does the query log not show items that are cached in the Pi hole DNS server system? All devices through the DHCP server (router) are pointing to only the Pi hole DNS server. Thank you.

[✓] Your debug token is: https://tricorder.pi-hole.net/0ggp0tsqlf

As long as your observations relate to clients that were by-passing Pi-hole at the time, it is impossible that Pi-hole is involved at all.

With DoH, a browser's DNS requests will by-pass Pi-hole, and using VPN client software will usually do so as well for all DNS traffic from a device (as confirmed by your nslookup listing NordVPN's DNS server).

Pi-hole does take the necessary steps to signal Firefox it should disable DoH (by providing the appropriate answer for Mozilla's canary domain).
Still, if you'd have explicitly configured your Firefox to always use DoH, it will do so and thus by-pass Pi-hole.

For other browsers, you also want to verify that DoH is switched off to avoid Pi-hole by-passes.

You should first establish a verified configuration that is not by-passing Pi-hole by any means. Also make sure to clear your OS's and browser's DNS caches.

Then repeat your tests with the Amazon website, and if you run into blocking issues then, How do I determine what domain an ad is coming from? may be helpful.

Thank you Bucking_Horn for your reply and explanations. I will verify by switching off DoH in Firefox which is I believe turned on by default and see if the Amazon results change. I will also learn how to change my VPN's DNS to Pi-hole's IP. Thanks again for your response and assistance. It has been a good learning experience and hopefully others who read this will feel the same.

If this is a setting that you have not toggled to OFF and back to ON (and it is actually in the default position as installed by Firefox), Firefox will respect the canary domain reply from Pi-hole and not use DoH.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.