Blacklist not work

Expected Behaviour:

[I add in a website to the blacklist. Let's say the website is google.com or paypal.com. When adding them in I shouldn't be able to connect to the website.]

Actual Behaviour:

[When I type in google.com or paypal.com I am still able to connect to them.]

Debug Token:

[https://tricorder.pi-hole.net/a2iy1fiwou]

NOTE: I am just adding in google.com or www.google.com and not anything with "https" or "/". I did try using wildcard and regex as well but to an avail. I did a cat /etc/pihole/blacklist.txt and see that my sites that I add in are indeed in that txt file. I have disabled IPv6. I have flushed my dns. On my router and computer the only dns I have is the one that is my rasiberry pi (i think?). I am VERY new to this so I could have doing something wrong.

The latest entries from the log shows that nothing is configured to be blocked.

   [2019-09-12 00:24:27.549 908] Received SIGHUP, reloading cache
   [2019-09-12 00:24:27.549 908] Blocking status is enabled
   [2019-09-12 00:24:27.549 908] Skipping empty regex filter on line 1
   [2019-09-12 00:24:27.549 908] Compiled 0 Regex filters and 0 whitelisted domains in 0.3 msec (0 errors)
   [2019-09-12 00:24:27.781 908] /etc/pihole/black.list: parsed 0 domains (took 0.1 ms)
   [2019-09-12 00:24:28.524 908] /etc/pihole/gravity.list: parsed 115964 domains (took 742.4 ms)

Adding a domain to the blacklist just blocks that exact domain. google.com would not block www.google.com or photos.google.com. You would need to wildcard block google.com to block everything.

What is the output of this command? Your debug log reports this file to be empty.

There are some incorrect domains listed in the lighttpd error log, which indicates you may have tried to enter them into local lists.

   2019-09-11 22:30:00: http://www.minitokyo.net is not a valid domain
   2019-09-11 22:49:06: https://www.amazon.com/dp/B00NJNJ6O6?ref=dacx_dp_9208816480401_2095420370601&me=ATVPDKIKX0DER&tag=ss-us-20&aaxitk=vq1IxyrGERKol7PmPjeYLw is not a valid domain

pi@raspberrypi:~ $ cat /etc/pihole/blacklist.txt
www.google.com
google.com
malwarebytes.com
www.malwarebytes.com
www.store.steampowered.com
store.steampowered.com

I'm still able to enter those sites. I also may be understanding regex wrong here. If I add "^something" as regex it should block any domain starting with something? Or "com&" and it should block any domain ending in com right?

Please upload a new debug log and post the new token. The previous debug did not show this blacklist.

Edit - Also, please post the output of the following commands from the Pi terminal:

pihole -q -adlist -exact www.google.com

sudo grep www.google.com /etc/pihole/gravity.list

https://tricorder.pi-hole.net/pc1pexvg65

See my edit above for two additional outputs.

pi@raspberrypi:~ $ pihole -q -adlist -exact www.google.com
Exact match found in Blacklist

pi@raspberrypi:~ $ sudo grep www.google.com /etc/pihole/gravity.list
www.google.com-document-view.alibabatradegroup.com
www.google.com.1.302br.net

The domains are in the blacklist, but not in gravity. Let's rebuild gravity and see if that resolves it:

pihole -g -f

Then repeat the two commands.

pi@raspberrypi:~ $ pihole -g -f
  [✓] Deleting existing list cache
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: Retrieval successful

  [i] Target: sysctl.org (hosts)
  [✓] Status: Retrieval successful

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: Retrieval successful

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: Retrieval successful

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: Retrieval successful

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: Retrieval successful

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 138194
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 115964
  [i] Number of whitelisted domains: 0
  [i] Number of blacklisted domains: 6
  [i] Number of regex filters: 5
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] Force-reloading DNS service
  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
pi@raspberrypi:~ $ pihole -q -adlist -exact www.google.com
 Exact match found in Blacklist
pi@raspberrypi:~ $ sudo grep www.google.com /etc/pihole/gravity.list
www.google.com-document-view.alibabatradegroup.com
www.google.com.1.302br.net

doesn't seem like the two commands change

Output of

cat /etc/pihole/regex.list

ls -lh /etc/pihole

pi@raspberrypi:~ $ cat /etc/pihole/regex.list
^malware&
^malware
com&
(^|\.)google\.com$
(^|\.)www\.wikipedia\.org$
pi@raspberrypi:~ $ ls -lh /etc/pihole
total 13M
-rw-r--r-- 1 root   root      381 Sep 11 22:13 adlists.list
-rw-r--r-- 1 root   root      114 Sep 12 10:13 black.list
-rw-r--r-- 1 root   root      114 Sep 12 09:46 blacklist.txt
-rw-r--r-- 1 pihole pihole      0 Sep 11 22:36 dhcp.leases
-rw-r--r-- 1 root   root      592 Sep 11 22:19 dns-servers.conf
-rw-r--r-- 1 root   root       18 Sep 11 23:43 GitHubVersions
-rw-r--r-- 1 root   root     2.6M Sep 12 10:13 gravity.list
-rw-r--r-- 1 root   root     1.2K Sep 11 22:19 install.log
-rw------- 1 root   root     1.3M Sep 12 10:13 list.0.raw.githubusercontent.com.domains
-rw------- 1 root   root     582K Sep 12 10:13 list.1.mirror1.malwaredomains.com.domains
-rw------- 1 root   root     624K Sep 12 10:13 list.2.sysctl.org.domains
-rw------- 1 root   root       53 Sep 12 10:13 list.3.zeustracker.abuse.ch.domains
-rw------- 1 root   root      613 Sep 12 10:13 list.4.s3.amazonaws.com.domains
-rw------- 1 root   root      43K Sep 12 10:13 list.5.s3.amazonaws.com.domains
-rw------- 1 root   root     1.7M Sep 12 10:13 list.6.hosts-file.net.domains
-rw-r--r-- 1 root   root     2.6M Sep 12 10:13 list.preEventHorizon
-rw-r--r-- 1 root   root       20 Sep 12 10:50 localbranches
-rw-r--r-- 1 root   root       46 Sep 12 10:13 local.list
-rw-r--r-- 1 root   root       40 Sep 12 10:50 localversions
-rw-r--r-- 1 root   root      234 Sep 11 22:19 logrotate
-rw-r--r-- 1 root   root     2.3M Sep 11 22:19 macvendor.db
-rw-rw-r-- 1 pihole root       15 Sep 11 22:19 pihole-FTL.conf
-rw-r--r-- 1 pihole pihole   556K Sep 12 10:56 pihole-FTL.db
-rw-rw-r-- 1 pihole www-data   70 Sep 12 10:02 regex.list
-rw-r--r-- 1 root   root      298 Sep 11 22:23 setupVars.conf
-rw-r--r-- 1 root   root        0 Sep 11 22:29 whitelist.txt

What is the output of dig www.google.com

pi@raspberrypi:~ $ dig www.google.com

; <<>> DiG 9.10.3-P4-Raspbian <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48705
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         2       IN      A       0.0.0.0

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 12 13:06:43 EDT 2019
;; MSG SIZE  rcvd: 59
``

This shows that the domain is being blocked. IF you are able to load that specific domain in your browser, the browser likely has the IP in cache from before you blocked it.

Let's get back to your original problem. Clear the browser cache, re-launch the browser and load the web page. Use these tools to help determine why things are not being blocked as you expected and if other domains are providing the content.

You can also enable regex debugging to get visibility on what regex filters are blocking content - this can help identify ineffective regex.

https://docs.pi-hole.net/ftldns/configfile/

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.