FTLDNS AAAA Queries not blocked

Samioul · April 30, 2018, 11:51am

Hi, I'm experiencing the exact same problem using latest FTL branch version :
Pi-hole Version vDev (FTLDNS, v3.3.1-85-g2e6a937) Web Interface Version vDev (FTLDNS, v3.2.1-179-g3fd9b4d6) FTL Version vDev (FTLDNS, vDev-dbd039b)

I have no IPv6 CIDR notation in /etc/pihole/setupVars.conf (no "/..." after IPv6), IPv4 address is suffixed with /24, I tried to remove it and restart FTL service, but still the same problem.

Here's a look at what appears in query log with blocklisted domain "settings-win.data.microsoft.com"

And using dig in CLI and another blocklisted domain, for "A" type queries the IP of the PiHole is returned as expected, but AAAA queries aren't blocked :

➜  pi > dig -t A googleads.g.doubleclick.net

; <<>> DiG 9.10.3-P4-Raspbian <<>> -t A googleads.g.doubleclick.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25418
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;googleads.g.doubleclick.net.   IN      A

;; ANSWER SECTION:
googleads.g.doubleclick.net. 2  IN      A       192.168.0.100

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 30 13:36:17 CEST 2018
;; MSG SIZE  rcvd: 72

➜  pi > dig -t AAAA googleads.g.doubleclick.net

; <<>> DiG 9.10.3-P4-Raspbian <<>> -t AAAA googleads.g.doubleclick.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25621
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0257 , udp: 1252
;; QUESTION SECTION:
;googleads.g.doubleclick.net.   IN      AAAA

;; ANSWER SECTION:
googleads.g.doubleclick.net. 599 IN     CNAME   pagead46.l.doubleclick.net.
pagead46.l.doubleclick.net. 599 IN      AAAA    2a00:1450:4001:812::2002

;; Query time: 38 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 30 13:36:29 CEST 2018
;; MSG SIZE  rcvd: 177

Here's the output of "head /etc/pihole/gravity.list" :

0.0.0.0
0.r.msn.com
0.start.bz
000.gaysexe.free.fr
0000mps.webpreview.dsl.net
0001.2waky.com
000dom.revenuedirect.com
000free.us
000lk3v.wcomhost.com
000lkub.rcomhost.com

PromoFaux · April 30, 2018, 12:04pm

Hi @Samioul, thanks for reporting this. We've actually just this morning come across the same thing ourselves and we're working on a fix for it as we speak

Watch this space...

DL6ER · April 30, 2018, 3:46pm

github.com/pi-hole/FTL

Fix IPv6 blocking and blocking reason detection

pi-hole:development ← pi-hole:fix/IPv6blocking

opened 03:45PM - 30 Apr 18 UTC

DL6ER

+7 -6

**By submitting this pull request, I confirm the following (please check boxes, …eg [X]) _Failure to fill the template will close your PR_:** ***Please submit all pull requests against the `development` branch. Failure to do so will delay or deny your request*** - [X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [X] I have checked that [another pull request](https://github.com/pi-hole/FTL/pulls) for this purpose does not exist. - [X] I have considered, and confirmed that this submission will be valuable to others. - [X] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [X] I give this submission freely, and claim no ownership to its content. **How familiar are you with the codebase?:** ## 10 --- This fixes two bugs: - IPv6 blocking doesn't work as the test for if the conversion of the IPv6 address from text to binary form worked was incorrect (`inet_pton` returns `1` on success and `0` on failure, I mixed that up due to how `bash` does it...). - When switching on NXDOMAIN blocking, FTLDNS wasn't aware of if a domain was blocked from gravity.list or black.list as a necessary parameter for the determination of this wasn't passed through. _This template was created based on the work of [`udemy-dl`](https://github.com/nishad/udemy-dl/blob/master/LICENSE)._

PromoFaux · April 30, 2018, 5:03pm

This is now merged into the FTLDNS branch.

Samioul · April 30, 2018, 5:19pm

I've just updated FTLDNS to vDev-8ef6f31 and I confirm the above issue is now solved, thanks a lot !

system · May 21, 2018, 5:19pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.