Can visit a blocked and blacklisted domain?!

The domain 'coin-hive.com' is already in some of my added block lists.
However added it ('coin-hive.com' and 'www.coin-hive.com') also to 'Blacklist' in the webinterface.

A Pi reboot, a client reboot and more than 12 hours later ... I still can visit the domain on several clients (Safari on macOS, Safari on iPhone). The browser cache was cleared.

Seems related to Safari, because I can't visit the domain in Chrome (on macOS).
And: after disabling IPv6 on macOS the domain is blocked even in Safari.

Pi-hole is my DNS and DHCP server (both disabled in the router).

Pi-hole Version v3.1.4, Web Interface Version v3.1, FTL Version v2.10

Run pihole -d for a debug token. Do you have IPv6 internet access? ipv6-test.com

After re-enabling IPv6 in the operating system:

• your posted website shows IPv6 support (score 18/20)
• I can visit the blocked domain again (with Safari)

My router: Telekom Speedport Hybrid (DHCP: off, ULA (IPv6): on).

Pi-hole settings:

• configured IPv6 address ("fd01:...") - should be the ULA IPv6 address
• "DHCP server enabled": on
• "Enable IPv6 support (SLAAC + RA)": off
• "Upstream DNS Servers": IPv4: both checked, IPv6: both not checked

Token: nrxbrkivu0

Tried adding that domain as a wildcard?

Like I said, the domain is already in some added block lists.

I think it has something to do with Safari and/or IPv6.
By the way, why have my clients at all IPv6 addresses?!

The reason:

you can only deactivate the IPv4 DHCP and DNS server in the (Telekom-) router. The IPv6 DHCP and DNS server in the router are active all the time, no way to shut them down. The clients always get several IPv6 addresses from the router and always ask the router for IPv6 requests (means, the IPv6 DNS requests are handled by the router, and not by Pi-hole).

My clients automatically get this DNS configuration:
192.168.2.xxx (Pi-hole)
fe80::1 (Router)

http(s) and I've found other sites can be added to blocklists and still not be blocked unless they are added as a wildcard

You'll have to manually set the correct IPv6 DNS server then if you can't switch off the router's IPv6

@mibere ok here the tutorial how to deactivate the ipv6 dhcp and put the ipv6 dns to your pihole:

Requirements:

• pihole with static ipv6 and ipv4
• a good text editing software like notepad++

Ok the very first and most important step is: Make a backup of the Speedport settings and put it somewhere safe if something goes wrong! (the option for that is under Setting>Backup settings (from there it should be pretty obvious what to do)

find out what firmware you have ( either
xxxxxx.03.xx.xxx or xxxxxx.02.xx.xxx )
get this userscript for greasemonkey or tampermonkey (depending what browser you use)

this is for the V2

this for the V3

you may have to add it manually too your script list.

basically what this script does: when your are logged in your speedport instead of the manual in the upper right it will lead to the engineer-menu (basically alot of stuff that a normal user shouldn't see).
and this script enables editing of the DNS section of the menu

(you can change alot of other things in there but most of it is "hidden" in the code. you can just edit the sites code to show it and it works just fine)

so once you enabled that script login into your speedport and go into the engineer menu with the new button in the upper right.
from there you go to the DNS tab on the left site.
you might have to press the refresh button on down left.
there you can change both DNS server. in the "Primary DNS server" you put the ipv6 adress of your pi and change from "Online Receved Entry" to "Manual Entry" and press submit.

The "Tertiary DNS server" should be already showing the ipv4 adress of your pi but if it doesnt change that too.

that was the first easy part.

Now you need to deactivate the ipv6 DHCP server but you cant do that in the enginner menu sadly.

now make a "backup" of your Speedport again but put that in a folder where you can find it again.
get this program and launch it: https://github.com/Stricted/SPHDecode/releases/download/v1.6/SPHDecode.zip
this will decrypt the config so that we can edit it.
to use this program just start it and press "source file" and point it to your encrypted config.
press "Save File" and point somewhere where you can find it. (name it decrypted.config or something).
now press decrypt and it should make a config that is editable.

now you can edit that config with Notepad++.
now search this piece

 <Server Enable="1">

(there should be only this one. this is the dhcpv6 server setting inside the config.)
set that to 0 .

now open the "SphDecode" program again and point as source file your edited config and press save file and point it where you want it do be saved.
now press encrypt and it should make a config file that we can put into the speedport.
now go back into the speedport settings and instead of making the backup Restore the edited "backup"

that should be it. there alot of other stuff you can do with that config editing but always keep a backup of your working config.

if you can understand german there is even a whole forum about the Speedport Hybrid editing: Stricted.net

Thanks

It's not enough to just change/set the IPv6 DNS address (your step 1, spheng.user.js)?

By the way, the V3 script has 3 errors (missing semicolon).

despite the errors it should work. i havent made that script.

edit: yes it might be just enough to set the ipv6 dns address.

Your linked v3 script, is it the same (identical source code) as this one?

P.S. I'm from Germany

yes it is.
actually that your are from germany that makes alot of things easier i guess :V

Does this work with the Speedport W 724V Typ C?