Blacklisting a domain doesnt work?

Help
1

Hi,

I installed Pi-hole on my Raspberry PI:

Linux raspberrypi 5.15.76-v7+ #1597 SMP Fri Nov 4 12:13:17 GMT 2022 armv7l GNU/Linux
Debian version: 11.5

Pi-hole is up to date:

  • Pi-hole [v5.16.2]
  • FTL [v5.22]
  • Web Interface [v5.19]

I used this tool to check how many ads, trackers and so on are blocked (with a Browser without Adblocker):

Result:
Total : 147
74 blocked
73 not blocked

The non-blocked is listed by the tool, for instance:
adtago.s3.amazonaws.com

So I added this domain to my Pi-Hole in the blacklist (did it manually throw the Pi-hole webinterface). And did the test again.

Expected Behaviour:

Domain Amazonaws is blocked.

Actual Behaviour:

Domain Amazonaws is not blocked.

I already tried the option Add domain as wildcard but didnt work ...

Help :slight_smile:

1 Like
2

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

3

Thanks!
https://tricorder.pi-hole.net/FMzROtxD/

4

From the client that you believe should be connected to the Pi-Hole for DNS (the one from which you see the ad domain not blocked), from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of

nslookup pi.hole

nslookup adtago.s3.amazonaws.com

5

Thanks.


C:\Users\parwes>nslookup pi.hole
Server:  fritz.box
Address:  fd00::b2f2:8ff:fed6:884f

*** Keine internal type for both IPv4 and IPv6 Addresses (A+AAAA)-Einträge für pi.hole verfügbar.

Translated: No internal type for both IPv4 and IPv6 Addresses (A+AAAA) entries available for pi.hole.

C:\Users\parwes>nslookup adtago.s3.amazonaws.com
Server:  fritz.box
Address:  fd00::b2f2:8ff:fed6:884f

*** Keine internal type for both IPv4 and IPv6 Addresses (A+AAAA)-Einträge für adtago.s3.amazonaws.com verfügbar.

C:\Users\parwes>ipconfig -all

Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : DESKTOP-RL48BUS
   Primäres DNS-Suffix . . . . . . . :
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : fritz.box

Ethernet-Adapter Ethernet:

   Verbindungsspezifisches DNS-Suffix: fritz.box
   Beschreibung. . . . . . . . . . . : Intel(R) I211 Gigabit Network Connection
   Physische Adresse . . . . . . . . : XXX
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : XXX
   Temporäre IPv6-Adresse. . . . . . : XXX
   Verbindungslokale IPv6-Adresse  . : XXX
   IPv4-Adresse  . . . . . . . . . . : 192.168.178.139(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Freitag, 14. April 2023 20:53:02
   Lease läuft ab. . . . . . . . . . : Dienstag, 25. April 2023 17:57:43
   Standardgateway . . . . . . . . . : fe80::b2f2:8ff:fed6:884f%14
                                       192.168.178.1
   DHCP-Server . . . . . . . . . . . : 192.168.178.1
   DHCPv6-IAID . . . . . . . . . . . : 538493005
   DHCPv6-Client-DUID. . . . . . . . : XXX
   DNS-Server  . . . . . . . . . . . : fd00::b2f2:8ff:fed6:884f
192.168.178.192
                                       fd00::b2f2:8ff:fed6:884f
   NetBIOS ĂĽber TCP/IP . . . . . . . : Aktiviert

I addes the IP from the Raspberry in my fritz.box (Router) for the primary DNS Server

6

This client is not using Pi-hole but your Fritzbox via IPv6 as DNS server. Read about FB IPv6 configuration here:

7

Thanks a lot, I really appreciate that.

I changed the settings for the ipv6 as dokumented. As you can see, my PC (Client) has no the ipv6 and ipv4 from the pi-hole:

ipv6
ipv6478Ă—414 9.75 KB

As far as I can see this is the same ipv6 adress. I copied that from pi-hole.


pi@raspberrypi:~ $ ip address | grep "inet6 fd"
    inet6 fdf6:9e7:f51c:0:3d40:255c:725a:2d11/64 scope global dynamic mngtmpaddr noprefixroute

And my fritz.box configuration:

fritz
fritz914Ă—1065 52.2 KB

I asked uncle google, changed setting in pi-hole like:

pihole 1
pihole 1988Ă—423 13.2 KB

And:

fritz2
fritz2961Ă—1058 63 KB

But if I add the url "stats.wp.com", it is listed in pi-hole but obviously not blocked ...

I used tracert to pi-hole.net

C:\Users\parwes>tracert www.pi-hole.net

Routenverfolgung zu pi-hole.net [3.18.136.52]
ĂĽber maximal 30 Hops:

  1    <1 ms    <1 ms    <1 ms  fritz.box [192.168.178.1]
  2     4 ms     3 ms     3 ms  100.124.1.44
  3    11 ms     7 ms     7 ms  100.127.1.148
  4     9 ms     7 ms     7 ms  100.127.1.147
  5    11 ms    11 ms     8 ms  185.22.46.177
  6    12 ms    11 ms     8 ms  ffm-bb1-link.ip.twelve99.net [62.115.114.88]
  7    12 ms    11 ms    11 ms  ffm-bb1-link.ip.twelve99.net [62.115.114.88]
  8    20 ms    19 ms    19 ms  prs-bb1-link.ip.twelve99.net [62.115.123.13]
  9   107 ms   103 ms   103 ms  ash-bb2-link.ip.twelve99.net [62.115.112.242]
 10   101 ms    99 ms    99 ms  ash-b2-link.ip.twelve99.net [62.115.123.125]
 11   100 ms   100 ms    99 ms  vadata-ic333118-ash-b2.ip.twelve99-cust.net [62.115.11.183]

The first step should be something with my Raspberry?

8

(stats.wp.com is no URL - it is a domain.)

Where did you add that domain?
Where does Pi-hole list it?
How is it obvious that it isn't blocked?

Why use pi-hole.net here?
Isn't your observation about blocked domains like adtago.s3.amazonaws.com or stats.wp.com?
And why use tracert?

You should use dig or nslookup to analyse DNS issues, and use it with the very domains that bother you.

Please share the output of

nslookup pi.hole

nslookup  flurry.com

nslookup  stats.wp.com 192.168.178.192

In addition, please upload a fresh debug log and share just the token URL.

9

Where did you add that domain?

On the pi-hole webinterface.

Where does Pi-hole list it?

Dont understand this question. In the pi-hole database?

blacklist
blacklist991Ă—1029 38.7 KB

How is it obvious that it isn't blocked?

Because, when I test it again. The same domain is not blocked again.
Test Ad Block - Toolz (d3ward.github.io)

Some of the domains are red, so blocked, some of them are green, not blocked.

blocked
blocked245Ă—211 7.19 KB

Why use pi-hole.net here?

I used tracert and a domain like pi-hole.net to see which way the packages take ... maybe this test not valide? I dont know. Did it on my PC not on the Raspberry.

pi@raspberrypi:~ $ nslookup pi.hole
Server:         fdf6:9e7:f51c:0:3d40:255c:725a:2d11
Address:        fdf6:9e7:f51c:0:3d40:255c:725a:2d11#53

Name:   pi.hole
Address: 192.168.178.192
Name:   pi.hole
Address: fdf6:9e7:f51c:0:3d40:255c:725a:2d11

pi@raspberrypi:~ $
pi@raspberrypi:~ $ nslookup flurry.com
Server:         fdf6:9e7:f51c:0:3d40:255c:725a:2d11
Address:        fdf6:9e7:f51c:0:3d40:255c:725a:2d11#53

Name:   flurry.com
Address: 0.0.0.0
Name:   flurry.com
Address: ::

pi@raspberrypi:~ $ nslookup stats.wp.com 192.168.178.192
Server:         192.168.178.192
Address:        192.168.178.192#53

Name:   stats.wp.com
Address: 0.0.0.0
Name:   stats.wp.com
Address: ::

pi@raspberrypi:~ $

I am not an expert. Sorry. Before the last update pi-hole should me something about 1 Miollion blocked addresses. After the last update, now, pi-hole shows me "only" 200.000 blokced addresses. So I wanted to test it. Used the testpage to see wich domains are not blocked anymore.

10

From your nslookup results, it is obvious that Pi-hole's blocking is operational, as it answers a 0.0.0.0 for blocked domains:

Those results show Pi-hole to block both flurry.com and stats.wp.com as expected.

If you'd search Pi-hole's Query Log for the entries corresponding to those nslookups, you'd find them listed as Blocked.

I am trying to make sense of your following statement:

That may be obvious to you, but you'd have to share those details that are obvious to you and how you'd determine those details. :wink:

I guess you are referring to:

That test is running in your browser, and it is testing for more than just domains (e.g. scripts or other resources).

EDIT: I also think that you may be reading that site's reports incorrectly (click for more).

According to your image, the green colour seems to indicate '80 ads blocked', whereas red stands for '67 ads not blocked'?

If I understand correctly, it is that Test Ad Block page that is claiming that stats.wp.com is not blocked?

If you open or reload that page, do the respective DNS queries register in Pi-hole's Query Log at all?

11

Can you please help me? Where can I find the Query Log? On the webinterface?

The only info I found is:

Match found in exact blacklist stats.wp.com Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts: stats.wp.com

Under "Search Adlists" menu

12

Yes.

Screenshot at 2023-04-16 22-10-06
Screenshot at 2023-04-16 22-10-06238Ă—245 5.62 KB

13

Also, clicking the link I've provided should take you there:

14

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.