Doubleclick.net regex blacklist not being blocked

ICwater · May 15, 2023, 5:56pm

Raspberry Pi 4
pi-hole v5.16.2 FTL v5.22 Web interface v5.19
OS Raspbian 10
ASUS 8288 Firewall
DNS set to IP of Pihole
Pihole DNS set to OPENDNS
Windows 11 with statically assigned IP and DNS - DNS is only IP of Pihole.

I have added doubleclick.net as regex
(.|^)doubleclick.net$
This is enabled and assigned to the default group. My workstation is in the default group.

Reading through these posts, someone had the same problem with a different domain (though theirs was caused by the filter being set to disabled) and the user was instructed to run:
pihole -q doubleclick.net
dig +short doubleclick.net 127.0.0.1

pi@raspberrypi:~ $ pihole -q doubleclick.net
Match found in regex blacklist
(.|^)doubleclick.net$
[i] Over 100 results found for doubleclick.net
This can be overridden using the -all option

pi@raspberrypi:~ $ dig +short doubleclick.net 127.0.0.1
142.250.69.238

All of that to say, when I ping doubleclick.net I get

ping request could not find host. (which is good)

and tailing the log for "blocked" i get

May 15 11:45:38 dnsmasq[523]: gravity blocked doubleclick.net is 0.0.0.0

which is good.

But I still get ad's from double click on websites. Image attached is a URL when I hover over the ad.

This is also sometimes happening with GoogleAdServices.com - though now going through the testing for this post regarding DoubleClick.net I have not been able to repeat that issue.

Bucking_Horn · May 15, 2023, 6:01pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

ICwater · May 15, 2023, 6:22pm

Sorry (usually it takes hours for people to reply) here is the log.

(moderator edit: explicit debug log removed)

ICwater · May 15, 2023, 6:23pm

And I just noticed again the same thing with googleAdServices.com as well.

ICwater · May 15, 2023, 6:27pm

What is this in the log file?
PIHOLE_DNS_1=208.67.222.222
PIHOLE_DNS_2=208.67.220.220****

That is not the DNS set on the NIC of the Raspberry, nor can I find it in the interface of Pi-hole.

Bucking_Horn · May 15, 2023, 6:50pm

We just ask for the token - for your own privacy and security, you should not post your full, unsanitised debug log publically.

Your debug log shows your router is distributing its own IP address as local DNS server besides Pi-hole:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers

   * Received 300 bytes from eth0:192.168.1.2
     Offered IP address: 192.168.1.193
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.1.3
      dns-server: 192.168.1.2
      router: 192.168.1.2

This would allow clients to by-pass Pi-hole via your router's 192.168.1.2 at their own discretion.

Pi-hole has to be the sole DNS server for your network.

ICwater · May 15, 2023, 7:14pm

Sorry, I did not see that part of the requesting only the token..

The Firewall\DHCP server does indeed hand out two DNS servers. But my workstation is statically assigned only the one DNS server. See attached print out of IPconfig.
Wireless LAN adapter Wi-Fi.txt (763 Bytes)

yubiuser · May 16, 2023, 5:45pm

This section indicates your used your Pi-device hosting Pi-hole for checking if the domain is blocked. However, this device is using Googles 8.8.8.8 DNS server for name resolution (/etc/resolv.conf).
If you want to use a specific upstream with dig you need to add an @

dig +short doubleclick.net @127.0.0.1

ICwater · May 17, 2023, 7:04pm

$ dig +short doubleclick.net @ 127.0.0.1
I ran it with the @ symbol - (note the space) that is because if I paste the command correctly I get the following error

"An error occurred: Sorry, new users can't mention other users."

so I omitted the @ from the example above.

Do i need to change 8.8.8.8 in the resolv.conf file?

rdwebdesign · May 17, 2023, 8:53pm

Put the command inside backtikcs:
`command with @symbol` will show like this: command with @symbol

You get the same effect if you select the text and press CTRL+E.

You can also use the button, on the comment editor bar:

Note:
You can also "escape" the @ character using a backslash "\" before it.

Bucking_Horn · May 18, 2023, 1:10pm

Please run:

dig doubleclick.net @127.0.0.1

and share the full output, including the command as typed.

ICwater · May 18, 2023, 6:34pm

I think we can close this ticket - I flushed DNS on my workstation and since then I see no ad's at all.
I think the issue was the DNS for doubleclick was cached from when this system was on another WiFi last week that is not behind the Pi.

Thank you for your help.

system · June 9, 2023, 8:35am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.