Exact blacklist entry not working

Help
1

Expected Behaviour:

Blacklist entry should block query on that domain

Actual Behaviour:

The blacklisted domains (4 and 5 below) are the top permitted domains.

pi@pi-hole:~ $ pihole -b -l
Displaying blacklist:
  1: www.belkin.com (enabled, last modified Fri, 08 Jul 2022 10:52:03 -0600)
  2: brw002268c4f5a2.hsd1.co.comcast.net (enabled, last modified Mon, 11 Jul 2022 14:06:36 -0600)
  3: wpad.hsd1.co.comcast.net (enabled, last modified Mon, 11 Jul 2022 14:07:01 -0600)
  4: pi4.hsd1.co.comcast.net.hsd1.co.comcast.net (enabled, last modified Wed, 13 Jul 2022 20:56:47 -0600)
  5: pi4.hsd1.co.comcast.net (enabled, last modified Thu, 14 Jul 2022 16:46:44 -0600)

piholetopdomains
piholetopdomains974×155 13.1 KB

Also with pihole -q:

pi@pi-hole:~ $ pihole -q pi4.hsd1.co.comcast.net
 Match found in exact blacklist
   pi4.hsd1.co.comcast.net.hsd1.co.comcast.net
   pi4.hsd1.co.comcast.net

pi-hole is a recent bog-standard install on a pi 3b+. The pi4 in question is running Raspbian 10 (buster), and is used primarily as a SMB file server for a couple of external drives, and has a small web server using Python bottle and rocket to serve some local files. It doesn't do much else. If my image posts right, you can see the blacklist works on domains 1 and 2 in the list, but not on 4 and 5 (the pi 4).

In 50+ years as a programmer I've managed to learn not much about networking, just enough to set up my home LAN with Comcast cable and a separate Linksys WRT3200ACM router. I reserved the pi-hole's IP address in the router's DHCP reservations page via its MAC address and set that address as Static DNS 1 (and no other DNS addresses set). The pi-hole works great except for this puzzle.

Also, what is with these hsd1.co.comcast.net queries from pi4? And from my printer (the brw0022... queries)? And with the www.belkin.com requests? Is my router trying to phone home every minute or two? And my printer? And why are there two domains for pi4.hsd1... etc.? What is making these requests and why?

Debug Token:

https://tricorder.pi-hole.net/t4oNqhVa/

2

The last two domains in your domain list are not assigned to any groups, thus are not effective. Assign them to the default group.

*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)
   id     type  enabled  group_ids     domain                                                                                                date_added           date_modified        comment                                           
   -----  ----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
...                                 
   7       1          1  0             wpad.hsd1.co.comcast.net                                                                              2022-07-11 14:07:01  2022-07-11 14:07:01                                                    
   8       1          1                pi4.hsd1.co.comcast.net.hsd1.co.comcast.net                                                           2022-07-12 11:13:02  2022-07-13 20:56:47                                                    
   9       1          1                pi4.hsd1.co.comcast.net                                                                               2022-07-12 11:13:13  2022-07-14 16:46:44

Did you perhaps turn them on/off from the Blacklist menu or edit the comments there?

You might be affected by: Domains edited from Black/Whitelist page lose Group assignment · Issue #2260 · pi-hole/web · GitHub

To workaround until the fix is released: use Group management/Domains instead of Black/Whitelist pages.

Unrelated, but noted in your debug log many instances of this log entry. Update your Pi-hole to pick up a fix that was released for this:

 -----tail of FTL.log------
   [2022-07-19 14:30:18.888 606/T607] Accepting new telnet connection at socket 11
...

Your router is appending your local LAN domain name to the queries.

     domain-name: "hsd1.co.comcast.net"

Look in your query log or the dnsmasq log at /var/log/pihole/pihole.log for additional details (requesting client, etc.)

3

Thank you. I did use the Blacklist page to create and edit those entries, not knowing about group management. I fixed it (and updated pi-hole too). I find that blocking pi4.hsd1... had the effect of blocking my local web server on the pi 4, so I had to unblock it. But I have not yet had the flood of queries on that domain that I had before. I still don't understand what was querying it up to thousands of times a day or why. Also do not understand what is querying my printer brw0022... 5400 times yesterday, or why. I assume it's my Linksys router that queries belkin.com every 30 seconds. I wish I knew what it was trying to send or request from Belkin so I'd know if I want to block it.

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.