Cname not decoded

Okay, you've got cb.sailthru.com on your blocklists. You've asked for link.freebooksy.com.

In version 4 we would just check for link specifically on the blocklists. Advertisers have become more deceiving in their methods and have now started to make thinks like link as alternate names (CNAMEs) to actually go to other domains. They hide the domains you want blocked behind other names.

Version 5 takes the query for link and checks all the names that link means. In this case link is actually cb.sailthru.com and since you want cb blocked, we block it and any other name that it appears as.

So in this case link is hiding the fact that it's actually cb.sailthru and doing what you've asked.

If you instead want to allow cb then whitelist cb. If you just want to allow link and not cb everywhere then whitelist link.

OK just tried to whitelist via the web page and got READ ONLY
Worked via cli

If it is getting blocked then the log should show BLOCKED surely?
Maybe if this linking is happening then a blocked [via link] might be in order

OK whitelisted it but get a Website blocked message

Beta 5.0 with stock lists

image1128×296 31.8 KB

Showing in the whitelisted management domain list but still getting blocked.

Match found in exact whitelist
link.freebooksy.com

restarted dns but still same

Edit - ignore all that follows.

This isn't what is being blocked, it appears. One of the CNAMES for this domain is on a blacklist. It is cb.sailthru.com that you want to whitelist.

OK so I have just whitelisted cb.sailthru.com

Does the page now load properly?

As I said earlier the webpage is showing direct links at the moment, and I don't have an email to check it via.
Will check them tomorrow when I get a new email

"Beta 5.0 with stock lists

image1128×296 31.8 KB

Why am I not seeing this on my pihole? It didn't show as blocked just NODATA as I posted earlier.

Which upstream DNS server do you use?

google

Please run

pihole restartdns

and then try again.

done that 17 min ago

Please send us the token generated by

pihole -d

or do it through the Web interface:

Your debug token is: https://tricorder.pi-hole.net/5fy3gvx3hq

You're not using our lighttpd configuration.

-rw-r--r-- 1 root root 2038 May 31  2019 /etc/lighttpd/lighttpd.conf
   server.modules = (
   	"mod_indexfile",
   	"mod_access",
   	"mod_alias",
    	"mod_redirect",
   )
   server.document-root        = "/var/www"
   server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
   server.errorlog             = "/var/log/lighttpd/error.log"
   server.pid-file             = "/var/run/lighttpd.pid"
   server.username             = "www-data"
   server.groupname            = "www-data"
   server.port                 = 80
   server.http-parseopts = (
     "header-strict"           => "enable",
     "host-strict"             => "enable",
     "host-normalize"          => "enable",
     "url-normalize-unreserved"=> "enable",
     "url-normalize-required"  => "enable",
     "url-ctrls-reject"        => "enable",
     "url-path-2f-decode"      => "enable",
    
     "url-path-dotseg-remove"  => "enable",
    
    
   )
   index-file.names            = ( "index.php", "index.html" )
   url.access-deny             = ( "~", ".inc" )
   static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
   compress.cache-dir          = "/var/cache/lighttpd/compress/"
   compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "/usr/share/lighttpd/create-mime.conf.pl"
   include "/etc/lighttpd/conf-enabled/*.conf"
   server.modules += (
   	"mod_compress",
   	"mod_dirlisting",
   	"mod_staticfile",
   )```

Not with v5. If you whitelist the first domain (link.freebooksys.com) then the CNAMEs are not checked for blocking. No need to whitelist cb. as that would allow any domain that points to that CNAME through.

You are correct - I had forgotten this detail of the new version.

We had some discussion about how to handle this condition. The end idea was that whitelisting the CNAME makes the CNAME blocking kind of pointless. Users are expecting to see the direct domain so that is the domain allowed. DL's work ends up with a whitelist match causing any further checks against blocklists / CNAMEs to be skipped.