Domain/Subdomain whitelisting not working

kevindd992002 · April 2, 2020, 2:57pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

If domain example.com is whitelisted, all A records under that domain, e.g. 1.example.com, 2.example.com, etc., should also be whitelisted.
If domain subdomain.example.com is whitelisted, all A records under that subdomain, e.g. 1.subdomain.example.com, 2.subdomain.example.com, etc., should also be whitelisted.

This is why it's called "domain" and "subdomain" whitelisting in pihole. But this doesn't work.

Actual Behaviour:

The whitelisting only works for the exact FQDN you put in there. So if you put example.com, only example.com is whitelisted. If you put subdomain.example.com, only subdomain.example.com is whitelisted.

If this is the behavior, then might as well call it FQDN whitelisting and not domain/subdomain whitelisting.

Also, I know that regex/wildcard whitelisting is not yet available and I read in a post last year that it will be included in the "next major release". What major release version is this? 5.0? I'm using your docker container and it's currently at v4.4.

Debug Token:

https://tricorder.pi-hole.net/lr03px58sq

jfb · April 2, 2020, 3:27pm

In Pi-hole V4, this is not the expected behavior. ~~Wildcard blocking~~ Whitelisting is exact only.

This is not a correct interpretation of that page (the whitelist page from the web Admin GUI). A single domain is entered in that entry list, with no reference to wildcards. Contrast this to the blacklist page (blacklists do support wildcards), where a domain can be added as either an exact domain or a wildcard.

It is currently on the streets in the beta 5.0, which will be released as V5.0 sometime in the relatively near future. Since there is a very small team of developers (all volunteers), there is no defined timeline for the next release.

The beta 5.0 is available if you choose to see the new features. Note that this is a one-way upgrade only due to the significant changes in the new version. If you do upgrade to the beta, ensure you have a full backup so you can revert to what you have now.

https://pi-hole.net/2020/01/19/announcing-a-beta-test-of-pi-hole-5-0/

kevindd992002 · April 2, 2020, 3:40pm

What do you mean by "wildcard blocking is exact only"?

My interpretation of the whitelist page comes from the idea that that's the "standard" way of how domain hosting provider works. When you create a domain, everything under that domain is part of that domain. My understanding is that a domain whitelist is different from a wildcard whitelist:

1.) example.com whitelist: 1.example.com and 2.example.com included
2.) *.example.com wildcard whitelist: 1.example.com, 2.subdomain.example.com, 3.subdomain1.subdomain2.example.com included

But yes, I can see how it can be different for every case.

Is there a proper way of upgrading a docker container to beta? Do you provide a beta docker container?

jfb · April 2, 2020, 4:48pm

My error - sloppy typing. Whitelisting is exact only. I corrected the original reply.

In V5, if you wildcard whitelist example.com, the following domains would also be whitelisted (using your example):

1.example.com
2.example.com
2.sudomain.example.com
3.subdomain1.subdomain2.example.com

In Pi-hole v4, each of these individual domains would need to be entered as whitelist entries to block them all.

kevindd992002 · April 2, 2020, 4:51pm

I see that you have a beta tag for v5.0. So should I just change the tag on my docker-compose.yml file and the existing config files will get upgraded to v5.0 too (after the container upgrade that is)?

diginc · April 2, 2020, 5:00pm

You are free to test the pihole/pihole:beta-v5.0 image but please also read the link jfb posted and understand the new functionality and how/where to report beta bugs.

If the existing volumes/configs from v4.4 show any problems I'd suggest nuking them and starting fresh. As mentioned, keep a backup of them too.

kevindd992002 · April 2, 2020, 5:06pm

Yes, I did read the link already.

So are you saying that the v5.0 container wasn't tested with an existing v4.4 config volume yet? No offsense intended.

diginc · April 2, 2020, 5:31pm

It was manually at one point but we have automated deployments of the latest beta it has been re-built several times since then. I just don't want to put my foot in my mouth or say something without much authority such as "yes it worked with old configs a month ago but thats was an old image".

kevindd992002 · April 2, 2020, 5:36pm

Ok, fair enough. Is there a way to migrate the log files though?

kevindd992002 · April 6, 2020, 1:46am

@diginc, just following up on this? Thanks.

system · April 27, 2020, 1:46am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.