BLOCKINGMODE=NXDOMAIN is being ignored

I updated to Beta 5.0 on my secondary pihole server this past weekend (raspberry pi zero w). The update went perfectly and I had no issues other than having to reset the setting to make the blocking mode BLOCKINGMODE=NXDOMAIN. (I'm blocking several leaky homekit devices that try to spew .local addresses out to the internet, and they will store the 0.0.0.0 if they get it as a response.)

This morning I updated 5.0 to the latest release and two things are behaving strange.

  1. it is not respecting the BLOCKINGMODE=NXDOMAIN anymore
  2. when doing a nslookup against my secondary pihole it is inserting extra domain things into my query
    2a. for example, when i query localname.local it is instead querying localname.local.domainname.local
    2b. when i change the nslookup server to my primary, querying localname.local works as expected

Please send us the token generated by

pihole -d

or do it through the Web interface:

https://tricorder.pi-hole.net/qk78kj5cli

Also, for clarity, I also added the BLOCKINGMODE=NXDOMAIN to the setupVars file thinking it may have moved to there, but it didn’t help, and I didn’t remove that yet. It should still be set in the pihole-FTL.conf

image001.jpg

image002.jpg

Your debug log shows that NXDOMAIN is the selected blocking mode, but the DNS resolution test still shows 0.0.0.0 for the replies, as you noted.

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] syndication.exoclick.com is 0.0.0.0 via localhost (127.0.0.1)
[✓] syndication.exoclick.com is 0.0.0.0 via Pi-hole (10.20.48.10)
[✓] doubleclick.com is 172.217.11.238 via a remote, public DNS server (8.8.8.8)

  [2020-01-20 07:05:46.750 7527]    BLOCKINGMODE: NXDOMAIN for blocked domains

Let me test this on my 5.0 install.

This may be a bug, I haven't tested all the various blocking modes lately. They worked after the redesign last September. I will check this out later today.

I see the same behavior on my V5.0 install.

is there anything to the nslookup situation? I'm seeing that performing a nslookup against my primary pihole, or any other dns server works as expected. However, when doing the same query against the latest update to the 5.0 pihole it is always appending on my work domain's domain. I'm seeing no issue using dig from any other computer. Even if I do an nslookup for microsoft.com it still does microsoft.com.workdomainname.local.

I cannot fathom how this could be the fault of pihole, but I get expected results querying every other server.

This will be fixed by

You can try the fix by running
pihole checkout ftl fix/MODE_NXDOMAIN

edit It's now part of the v5.0 beta.

1 Like

That fixed it.

1 Like

In case anyone switched the branch: Please go back with

pihole checkout ftl release/v5.0

as the code has been merged into the beta and the other branch was deleted.

Can confirm everything is working as expected for me now. Thanks everyone.