I'm having the same problem. Every time it updates, I have to add new sites to my White list and re-boot it. It started blocking NASA's web site and amazon.ca
Please describe your problem in more detail. When what updates?
Please upload a debug log and post just the token generated by
pihole -d
allowing to upload when prompted, or do it through the Web interface:
Tools > Generate Debug Log
Ubuntu's Auto Update for the Raspberry Pi said there were updates available and requested permission to update and re-boot (It had a big "A" symbol for the application). On the list of updates it had Pi-Hole listed. After the update, I could no longer access NASA. The previous time was when I manually updated the gravity list, and after I could no longer access Amazon.ca. I had to add them both to the white list.
I'm not familiar with this behavior, since I don't run Ubuntu. Pi-hole is not installed with a package installer, so I'm curious how Ubuntu identified this as an update candidate.
Debug token?
I also had another issue but probably unrelated and will need to be posted else where. I found that some computers could not access the Pi-Hole admin page on my network. If I pinged the pi-hole Windows would say that the device did not respond. I tried adding the IP addresses of the computers to the white list (just to see what would happen), and nothing. But it responded to one computer after re-booting the pi. I haven't tried with the other because I don't have the machine any more.
What is the output of the following from the Pi terminal:
pihole -q nasa.gov
From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of
nslookup nasa.gov
nslookup nasa.gov 192.168.2.3
Also, a note from review of your debug log. These entries (IP's only) have no effect, since Pi-hole blocks on domain names and not on IP's. If a client already has an IP, it won't request domain name resolution from Pi-hole (or from any DNS server).
*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)
id type enabled group_ids domain date_added date_modified comment
---- ---- ------- ------------ ---------------------------------------------------------------------------------------------------- ------------------- ------------------- --------------------------------------------------
25 0 1 0 192.168.2.138 2020-12-31 14:11:00 2020-12-31 14:11:00
39 0 1 0 192.168.2.187 2021-01-11 19:06:33 2021-01-11 19:06:33 Local Computer
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: nasa.gov
Address: 23.22.39.120
Name: nasa.gov
Address: 52.0.14.116
Name: nasa.gov
Address: 2600:1f18:1f:db01:11af:58af:ae11:f645
Name: nasa.gov
Address: 2600:1f18:1f:db00:807b:f1f4:d01b:30b1
nslookup nasa.gov 192.168.2.3
Server: 192.168.2.3
Address: 192.168.2.3#53
Non-authoritative answer:
Name: nasa.gov
Address: 23.22.39.120
Name: nasa.gov
Address: 52.0.14.116
Name: nasa.gov
Address: 2600:1f18:1f:db00:807b:f1f4:d01b:30b1
Name: nasa.gov
Address: 2600:1f18:1f:db01:11af:58af:ae11:f645
Note: I've removed the IP addresses from the White list.
This client is not using Pi-hole for DNS resolution. It is using Cloudflare and the queries are not going to Pi-hole.
When you query Pi-hole directly, it is not blocking the domains, as expected.
sorry, that was from the pi-hole machine, hold on a sec...
This is from the client
nslookup nasa.gov
Server: UnKnown
Address: 2606:4700:4700::1111
*** UnKnown can't find nasa.gov: No response from server
nslookup nasa.gov 192.168.2.3
Server: Black-Hole
Address: 192.168.2.3
Non-authoritative answer:
Name: nasa.gov
Addresses: 2600:1f18:1f:db01:11af:58af:ae11:f645
2600:1f18:1f:db00:807b:f1f4:d01b:30b1
52.0.14.116
23.22.39.120
This client is also not using Pi-hole for DNS. It may be getting an IPV6 DNS server from the router.
The answer from Pi-hole is the expected answer.
How do I get an IPv6 address for the Pi-Hole that I can set in the router?
I've set the IPV6 options on my router to "Local Only". IPV4 Settings are set to the Pi-Hole address (as they were before). This is the result now:
nslookup nasa.gov
Server: dlinkrouter
Address: 192.168.2.2
Non-authoritative answer:
Name: nasa.gov
Addresses: 2600:1f18:1f:db00:807b:f1f4:d01b:30b1
2600:1f18:1f:db01:11af:58af:ae11:f645
23.22.39.120
52.0.14.116
nslookup nasa.gov 192.168.2.3
Server: Black-Hole
Address: 192.168.2.3
Non-authoritative answer:
Name: nasa.gov
Addresses: 2600:1f18:1f:db01:11af:58af:ae11:f645
2600:1f18:1f:db00:807b:f1f4:d01b:30b1
23.22.39.120
52.0.14.116
This appears to be working correctly. The client is using Pi-hole, and Pi-hole is not blocking the requested domain.
OK, I will remove NASA from the white list and see what happens.
You never did post the output of this command.
pihole -q nasa.gov
[i] No results found for nasa.gov within the block lists
Also from the Windows computer:
Hmmmm... can't reach this page
www.nasa.gov refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
When I add it back on the white list, it works again.
This shows that Pi-hole is not blocking the domain. There may be another domain blocked that is causing problems loading the page.
Here is what came up in the log when I went to www.nasa.gov
Jan 17 00:23:11 dnsmasq[1075]: query[A] mobile.pipe.aria.microsoft.com from 192.168.2.2
Jan 17 00:23:11 dnsmasq[1075]: gravity blocked mobile.pipe.aria.microsoft.com is 192.168.2.3
Jan 17 00:23:12 dnsmasq[1075]: query[A] www.walmart.ca from 192.168.2.2
Jan 17 00:23:12 dnsmasq[1075]: cached www.walmart.ca is <CNAME>
Jan 17 00:23:12 dnsmasq[1075]: forwarded www.walmart.ca to 1.0.0.1
Jan 17 00:23:12 dnsmasq[1075]: reply www.walmart.ca is <CNAME>
Jan 17 00:23:12 dnsmasq[1075]: reply www.walmart.ca.edgekey.net is <CNAME>
Jan 17 00:23:12 dnsmasq[1075]: reply e6712.x.akamaiedge.net is 23.38.132.95
Jan 17 00:23:12 dnsmasq[1075]: query[A] www.google.ca from 192.168.2.2
Jan 17 00:23:12 dnsmasq[1075]: forwarded www.google.ca to 1.0.0.1
Jan 17 00:23:12 dnsmasq[1075]: reply www.google.ca is 172.217.9.67
Jan 17 00:23:15 dnsmasq[1075]: query[A] www.nasa.gov from 192.168.2.2
Jan 17 00:23:15 dnsmasq[1075]: cached www.nasa.gov is <CNAME>
Jan 17 00:23:15 dnsmasq[1075]: forwarded www.nasa.gov to 1.0.0.1
Jan 17 00:23:15 dnsmasq[1075]: reply www.nasa.gov is <CNAME>
Jan 17 00:23:15 dnsmasq[1075]: reply www.nasawestprime.com is <CNAME>
Jan 17 00:23:15 dnsmasq[1075]: reply d30etcnkn29cv0.cloudfront.net is 99.84.254.45
Jan 17 00:23:15 dnsmasq[1075]: reply d30etcnkn29cv0.cloudfront.net is 99.84.254.113
Jan 17 00:23:15 dnsmasq[1075]: reply d30etcnkn29cv0.cloudfront.net is 99.84.254.13
Jan 17 00:23:15 dnsmasq[1075]: reply d30etcnkn29cv0.cloudfront.net is 99.84.254.15
Jan 17 00:23:17 dnsmasq[1075]: query[A] dap.digitalgov.gov from 192.168.2.2
Jan 17 00:23:17 dnsmasq[1075]: gravity blocked dap.digitalgov.gov is 192.168.2.3
Jan 17 00:23:17 dnsmasq[1075]: query[A] script.crazyegg.com from 192.168.2.2
Jan 17 00:23:17 dnsmasq[1075]: gravity blocked script.crazyegg.com is 192.168.2.3
Jan 17 00:23:19 dnsmasq[1075]: query[A] gateway.answerscloud.com from 192.168.2.2
Jan 17 00:23:19 dnsmasq[1075]: gravity blocked gateway.answerscloud.com is 192.168.2.3
Jan 17 00:23:20 dnsmasq[1075]: query[A] universal.iperceptions.com from 192.168.2.2
Jan 17 00:23:20 dnsmasq[1075]: gravity blocked universal.iperceptions.com is 192.168.2.3
Jan 17 00:23:20 dnsmasq[1075]: query[A] s7.addthis.com from 192.168.2.2
Jan 17 00:23:20 dnsmasq[1075]: gravity blocked s7.addthis.com is 192.168.2.3
Jan 17 00:23:21 dnsmasq[1075]: query[A] settings-win.data.microsoft.com from 192.168.2.2
Jan 17 00:23:21 dnsmasq[1075]: cached settings-win.data.microsoft.com is <CNAME>
Jan 17 00:23:21 dnsmasq[1075]: forwarded settings-win.data.microsoft.com to 1.0.0.1
Jan 17 00:23:21 dnsmasq[1075]: reply settings-win.data.microsoft.com is <CNAME>
Jan 17 00:23:21 dnsmasq[1075]: reply settingsfd-geo.trafficmanager.net is 52.183.220.149
Jan 17 00:23:38 dnsmasq[1075]: query[A] ctldl.windowsupdate.com from 192.168.2.2
Jan 17 00:23:38 dnsmasq[1075]: cached ctldl.windowsupdate.com is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: cached au-bg-shim.trafficmanager.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: cached audownload.windowsupdate.nsatc.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: cached au.download.windowsupdate.com.hwcdn.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: forwarded ctldl.windowsupdate.com to 1.0.0.1
Jan 17 00:23:38 dnsmasq[1075]: reply ctldl.windowsupdate.com is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: reply au-bg-shim.trafficmanager.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: reply audownload.windowsupdate.nsatc.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: reply wu.azureedge.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: reply wu.ec.azureedge.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: reply wu.wpc.apr-52dd2.edgecastdns.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: reply hlb.apr-52dd2-0.edgecastdns.net is <CNAME>
Jan 17 00:23:38 dnsmasq[1075]: reply cs11.wpc.v0cdn.net is 72.21.81.240
What Pi-Hole logs when nasa is removed from the White list:
Jan 17 02:50:52 dnsmasq[1075]: query[A] www.nasa.gov from 192.168.2.2
Jan 17 02:50:52 dnsmasq[1075]: forwarded www.nasa.gov to 1.1.1.1
Jan 17 02:50:52 dnsmasq[1075]: query[A] dap.digitalgov.gov from 192.168.2.2
Jan 17 02:50:52 dnsmasq[1075]: gravity blocked dap.digitalgov.gov is 192.168.2.3
Jan 17 02:50:52 dnsmasq[1075]: reply www.nasa.gov is <CNAME>
Jan 17 02:50:52 dnsmasq[1075]: reply www.nasawestprime.com is <CNAME>
Jan 17 02:50:52 dnsmasq[1075]: reply d30etcnkn29cv0.cloudfront.net is blocked during CNAME inspection
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.