Cname not decoded

DL6ER · February 21, 2020, 5:12pm

@hairybiker If you have the web interface http://pi.hole/admin installed, you can go to the Query Log which will directly show you which of the domains along the CNAME path was blocked. Else you can do what Dan suggested and query the blocking lists for the contained domains.

Deep CNAME inspection is a new feature that comes with v5.0. It will help to block ads covering under CNAMEs.

hairybiker · February 21, 2020, 5:15pm

@DanSchaper
Not in any blocklist
" [i] No results found for link.freebooksy.com within the block lists"

@DL6ER the log results were from the Query log

DanSchaper · February 21, 2020, 5:18pm

Those domains.

hairybiker · February 21, 2020, 5:18pm

[i] No results found for freebooksy.com within the block lists

I could access the website fine, but if I clicked on any of the links (or the email links) it just timed out.

jfb · February 21, 2020, 5:19pm

What is the output of these commands from the Pi terminal:

grep freebooksy /var/log/pihole.log

grep sailthru /var/log/pihole.log

jfb · February 21, 2020, 5:20pm

These are likely not served from the same domain. These tools can help determine why your desired content is not served:

hairybiker · February 21, 2020, 5:21pm

root@PiHole:~# grep freebooksys /var/log/pihole.log
root@PiHole:~# grep sailthru /var/log/pihole.l

The domains you asked for, 1st is blocked 2nd isn't

jfb · February 21, 2020, 5:22pm

What was the output of the commands?

hairybiker · February 21, 2020, 5:22pm

That was the o/p. Direct copy paste
@jfb I DON'T want to block them they link to Amazon ebooks.
As I said it was working perfectly before upgrading to 5.0.
Today the website is doing direct links to Amazon, yesterday it was via link.freebooksy.com
@DL6ER
root@PiHole:~# pihole -v
Pi-hole version is v4.3.2-421-gb73580f (Latest: v4.3.2)
AdminLTE version is v4.3.2-426-gdd7b2b2 (Latest: v4.3.3)
FTL version is vDev-61d67ff (Latest: v4.3.1)

DL6ER · February 21, 2020, 5:26pm

What is the output of pihole -v?

The fact that status 9 is Unknown suggests that your beta installation is not complete.

DanSchaper · February 21, 2020, 5:28pm

Can anyone with stock lists just check those domains to see if they are blocked? Use the tools pihole -q or the web interface.

hairybiker · February 21, 2020, 5:31pm

When I installed it yesterday, it wouldn't update the ftl, said it was already up to date.
Doing an pihole -up now. Found update

Now
Current Pi-hole version is v4.3.2-424-g85c15a7
Current AdminLTE version is v4.3.2-426-gdd7b2b2
Current FTL version is vDev-1b2318

DL6ER · February 21, 2020, 5:35pm

Please check again the Query Log if you see additional details to the blocked queries.

hairybiker · February 21, 2020, 5:35pm

|2020-02-21 17:35:21|AAAA|links.freebooksy.com|localhost|OK (cached)|NODATA (0.6ms)|Blacklist|

|2020-02-21 17:35:21|A|links.freebooksy.com|localhost|OK (cached)|NXDOMAIN (0.8ms)|

DL6ER · February 21, 2020, 5:36pm

The first one is blocked by Steven Black's list.

$ pihole -q cb.sailthru.com
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   cb.sailthru.com

$ pihole -q link-nj1.sailthru.com
  [i] No results found for link-nj1.sailthru.com within the block lists

Bucking_Horn · February 21, 2020, 5:37pm

Can confirm sailthru.com is on Steven Black's master list:

 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   ak.sailthru.com
   api.sailthru.com
   cb.sailthru.com
   cdn.sailthru.com
   condenast-a.sailthru.com
   condenast-b.sailthru.com
   condenast-c.sailthru.com
   horizon.sailthru.com
   horizon-nj1.sailthru.com
   njmta-173.sailthru.com
   ny1mta-31.sailthru.com
   ny1mta-56.sailthru.com
   ny1mta-58.sailthru.com
 Match found in https://hosts-file.net/ad_servers.txt:
   cdn.sailthru.com
   horizon.sailthru.com

DanSchaper · February 21, 2020, 5:37pm

links does not exist.
link does but it points to a domain you've asked Pi-hole to block.

hairybiker · February 21, 2020, 5:47pm

I am a bit dyslexic so my fault I mistyped
but " link does but it points to a domain you’ve asked Pi-hole to block." I am NOT asking to BLOCK it but to ALLOW it.

2020-02-21 17:52:50 A link.freebooksy.com octo.lan Unknown (9) CNAME (48.1ms)

DanSchaper · February 21, 2020, 5:53pm

Okay, you've got cb.sailthru.com on your blocklists. You've asked for link.freebooksy.com.

In version 4 we would just check for link specifically on the blocklists. Advertisers have become more deceiving in their methods and have now started to make thinks like link as alternate names (CNAMEs) to actually go to other domains. They hide the domains you want blocked behind other names.

Version 5 takes the query for link and checks all the names that link means. In this case link is actually cb.sailthru.com and since you want cb blocked, we block it and any other name that it appears as.

So in this case link is hiding the fact that it's actually cb.sailthru and doing what you've asked.

If you instead want to allow cb then whitelist cb. If you just want to allow link and not cb everywhere then whitelist link.

hairybiker · February 21, 2020, 5:54pm

OK just tried to whitelist via the web page and got READ ONLY
Worked via cli

If it is getting blocked then the log should show BLOCKED surely?
Maybe if this linking is happening then a blocked [via link] might be in order