pelangi
November 29, 2020, 11:18pm
1
Hi all,
I subscribe to New Yorker newsletter and it seems that articles linked from this email are blocked by pi-hole. The URL starts with https://link.newyorker.com/click
I checked my "List of configured adlists" and could not find that (sub) domain on the list. Not sure how pi-hole blocks this. I don't want to put it on the whitelist before understanding first why this URL is blocked. Would appreciate any input on this. Thanks.
jfb
November 30, 2020, 2:24am
2
What is the output of the following from the Pi terminal:
pihole -q link.newyorker.com
pelangi
November 30, 2020, 3:55am
3
[i] No results found for link.newyorker.com within the block lists
That's actually interesting. Does it mean that pihole doesn't actually block it? But if I use my mobile data, it works.
jfb
November 30, 2020, 4:25am
4
Yes. Perhaps another domain is the problem:
Block ads or fix broken sites
This FAQ is written in the context of finding out how to block an ad that isn't blocked automatically, but the same steps can be used to troubleshoot issues with sites that don't function properly. An example is that sometimes certain payment gateways try to collect metrics on the sale, but these domains are blocked by Pi-hole, so the payment cannot be processed. Also, some links send you through several referrers and if one of them is blocked, you may land on a …
pelangi
November 30, 2020, 4:34am
5
Thanks @jfb . I will look into that.
The domain, link.newyorker.com , is blocked by a default list, StevenBlack, via it's CNAME cb.sailthru.com .
Running dig against the pihole instance returns no results:
$ dig link.newyorker.com @192.168.1.4 -p 53
; <<>> DiG 9.11.24-RedHat-9.11.24-2.fc32 <<>> link.newyorker.com @192.168.1.4 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35330
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;link.newyorker.com. IN A
;; Query time: 46 msec
;; SERVER: 192.168.1.4#53(192.168.1.4)
;; WHEN: Sun Nov 29 21
But running dig against the upstream unbound instance does return results:
dig link.newyorker.com @192.168.1.4 -p 8053
; <<>> DiG 9.11.24-RedHat-9.11.24-2.fc32 <<>> link.newyorker.com @192.168.1.4 -p 8053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35160
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;link.newyorker.com. IN A
;; ANSWER SECTION:
link.newyorker.com. 169 IN CNAME cb.sailthru.com.
cb.sailthru.com. 60 IN CNAME ha-link.sailthru.com.
ha-link.sailthru.com. 60 IN A 3.226.166.212
ha-link.sailthru.com. 60 IN A 162.208.117.53
;; Query time: 26 msec
;; SERVER: 192.168.1.4#8053(192.168.1.4)
;; WHEN: Sun Nov 29 21:59:02 PST 2020
;; MSG SIZE rcvd: 127
And running the query command with the CNAME does return the results:
pihole -q cb.sailthru.com
Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
cb.sailthru.com
It looks like the query check only checks if the domain name is in block list and does not check if it has a CNAME that is blocked.
Pi-hole's Query Log is also a good starting point to look for information on what is blocked by Pi-hole.
In your case, that should have looked similar to:
jfb
November 30, 2020, 9:07pm
8
The solution in this case is to whitelist link.newyorker.com
Whitelisting the domain will take precedence over any blocking of that domain, including via the CNAME path.
system
Closed
December 7, 2020, 9:07pm
9
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.