Yes, this is expected. If you specify it using a dnsmasq-instruction, you effectively add the domain wizaly.com to dnsmasq's DNS cache. If you query this domain (or any of its subdomains) directly, you will get the reply from the cache. During a CNAME traversal, however, dnsmasq does not look at its cache at all (at least not at if there are parts of it already known).
Black- and whitelists (may it be regex or exact) are an FTL feature and are always checked and are to be used here.
Is this then a correct entry to block all possible CNAME entries for wizaly.com? Or do you recommend something else to achieve blocking the CNAME domains, referred here? I'm asking, since we are all new to CNAME blocking, and probably want to use an entry, matching what the developers intended.
Wildcard block wizaly.com. If it shows up in a direct query, it will be blocked. If it shows up as a CNAME for a different domain query, it will be blocked. There really isn't any behavior to change for CNAMEs, block what you want blocked and let FTL handle the internals.
I hoped so, been busy all afternoon to get this script working, see here. If you have any comments, feel free to shoot. The goal of the script is to read the domains from the file and enter them directly into the database. Tested, works, but comments are expected.
I wrote this, because pihole has no facilities to achieve this.
Yeah, strange as in: I would not have expected it to work.
You script only updated the database but did not made FTL check for new/deleted regex.
As FTL does not compile (= load) the regex at the end of your script. So it probably worked only by chance because you're restarted FTL at some point or did some changes to the lists using either the CLI or the web interface (both will run the reload-lists for you).
I am reasonably good in breaking down a problem into the steps, needed to solve the problem, terrible when turning the steps into code (trial and error, using duckduckgo examples to translate a step into code).
This sometimes ends up in simply rebooting, due to a watchdog trigger (max-load-15), or manual intervention if the system is still responsive.
I'm using this to look at the database, but it's a lousy way to apply massive changes (remove all regex entries to avoid falsifying the test result).
I also tried to remove all blocklists (except one) from the database, but failed (timeout). It even looks like you cannot remove a blocklist from the database, only enable/disable it (can you confirm or deny this?).
Anyway, I rebooted, that caused FTL to read (compile).
Those domains (and many others) all seem to CNAME to ghochv3eng.trafficmanager.net (see https://securitytrails.com/list/cname/ghochv3eng.trafficmanager.net).
We have added it to our CNAME cloaking blocklist (that can be used with Pi-hole):
This comment refers to the blocklist discussed here.
A script, I'm running weekly (cron) to add possible new entries (one this week) to pihole (regex blacklist) can be found here
result, for the new entry, referred in the reddit article:
jpgpi250, you can host your scripts there and post links to your external repo. Discourse is not the place for script snippets that users will find years after it's no longer supported by the script author.