You are digging for a URL, which will not work. Dig is a process for DNS resolution, and works at the domain level. The correct command would be:
dig kisker.czisza.hu
You will likely find the domain blocked by Pi-hole, since the domain is on one of the blocklists that ships with Pi-hole. This will not stop Pi-hole from attempting to load a blocklist at that domain, since Pi-hole bypasses itself for blocklist downloads.
pihole -q kisker.czisza.hu
Match found in https://mirror1.malwaredomains.com/files/justdomains:
kisker.czisza.hu
What is the output of this command from your Pi terminal - this will print all your current adlists:
sqlite3 /etc/pihole/gravity.db "SELECT address FROM adlist;"
Hi,
Thanks for digging into my question.
Your rectification on howto search is both helpfull and not..
dig kisker.czisza.hu
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> kisker.czisza.hu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12378
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;kisker.czisza.hu. IN A
;; ANSWER SECTION:
kisker.czisza.hu. 2 IN A 0.0.0.0
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 17 13:27:11 CEST 2020
;; MSG SIZE rcvd: 50
pi@RPI3:~ $ pihole disable
[i] Disabling blocking
[✓] Flushing DNS cache
[✓] Pi-hole Disabled
pi@RPI3:~ $ dig kisker.czisza.hu
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> kisker.czisza.hu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17715
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;kisker.czisza.hu. IN A
;; AUTHORITY SECTION:
czisza.hu. 3600 IN SOA ns1.webspacecontrol.com. domreg.dotroll.com. 202010 1703 86400 7200 3600000 3600
;; Query time: 152 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 17 13:27:38 CEST 2020
;; MSG SIZE rcvd: 119
When I dig bing.com, there is an ANSWER SECTION which is filled with existing IP addresses
;; ANSWER SECTION:
bing.com. 3600 IN A 13.107.21.200
bing.com. 3600 IN A 204.79.197.200
The non-existing IP address of (in this example) kisker.czisza.hu does not popp an ANSWER section but an AUTHORITY SECTION saying czisza.hu. 3600 IN SOA ns1.webspacecontrol.com. domreg.dotroll.com. 202010 1703 86400 7200 3600000 3600
PiHole is doing what it should do:
What I am trying to ask is this:
Apparently kisker.czisza.hu does no longer exist because no matching IP address can be retrieved.
So my conclusion is that this address and many others in the list do no longer exist and do no longer need being blocked.
These addresses can be skipped from the list, I think.
Or do I miss something here.
And both combined to hosts-combined. hosts-combined.txt (1010.1 KB)
This reduced total hosts from 82377 to 51498 sites.
For a computer this is no big deal.
For me it was a nice awk and sed excercise.
Why do you want to check every domain on your lists for NXDOMAIN responses?
Checking all of them is pretty much a waste of CPU cycles and bandwidth. If the domains (almost all of which you will never attempt to load in actual use of your network) resolve to NXDOMAIN, then the client gets nothing in return. There is no benefit to checking them all and removing those that are NXDOMAIN. This might reduce RAM use by a few percent at most, but the tradeoff is that you had to look up every domain on the list.
@jfb & @DanSchaper
Thank you for looking into this.
Like I mentioned before for the RPI it is no big deal to have to scan 50.000 or 100.000 records, so it's trivial to check and clean those lists.
Because it's Corona time and I was looking at those lists out of curiosity.
What triggered me was that when I picked some sites at random the majority of these picks were answered negative in a dig lookup.
So that's were I started to sharpen my Linux skills.
It even triggered a warning from my provider.
What I'd like the developers to do with this information is to think of using a list that is being maintained on a regular basis lik fi this one.
Bottomline
In the end the choices being made are not really important.
On this forum I see several requests for additional hosts files but those don't add much as long as the hosts files being used by PiHole cover mainstream sites to be blocked.
In fact I am in favor of the way Privoxy handles filtering but it's not a real alternative as it turns out to be dead slow.
One could even bring up the question if PiHole is needed (not mentioning the added bonusses) because one can easily import a hosts file in RPI or any other computer.
So I'm using PiHole because of the ease and sophistication and I'm gratefull to guys for developing and maintaining it.