Host.does.not.exist should not resolved to 127.0.0.1

How can I configure pi-hole to get NXDOMAIN for host.does.not.exist

Here is what pi-hole does ... (resolve to 127.0.0.1 with NOERROR)

$ dig a @192.168.1.118 host.does.not.exist

; <<>> DiG 9.8.3-P1 <<>> a @192.168.1.118 host.does.not.exist
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26484
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;host.does.not.exist.		IN	A

;; ANSWER SECTION:
host.does.not.exist.	300	IN	A	127.0.0.1

;; Query time: 7 msec
;; SERVER: 192.168.1.118#53(192.168.1.118)
;; WHEN: Mon Feb 27 21:05:37 2017
;; MSG SIZE  rcvd: 53

Here is what normaly expected (NXDOMAIN e.g. from google's 8.8.8.8)

$ dig a @8.8.8.8 host.does.not.exist

; <<>> DiG 9.8.3-P1 <<>> a @8.8.8.8 host.does.not.exist
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 451
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;host.does.not.exist.		IN	A

;; AUTHORITY SECTION:
.			86364	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2017022701 1800 900 604800 86400

;; Query time: 31 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 27 21:11:02 2017
;; MSG SIZE  rcvd: 112

Any hint will be helpful. / Thanks!

Is that a dig on the Pi-hole device itself? I'm getting different results here:

$ dig host.does.not.exist @192.168.30.2

; <<>> DiG 9.9.5-9+deb8u9-Raspbian <<>> host.does.not.exist @192.168.30.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1418
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;host.does.not.exist.		IN	A

;; Query time: 8 msec
;; SERVER: 192.168.30.2#53(192.168.30.2)
;; WHEN: Mon Feb 27 20:17:53 UTC 2017
;; MSG SIZE  rcvd: 48

Thanks for reply. Yes I get this from my pi-hole at 192.168.1.168. Intresting to see that you get NXDOMAIN .. but why I'am a bit confused.

Not sure here either, and why you have a different version of dig than I do. Which OS is running on the Pi-hole?

The dig is from my macOS. But that does not matter, I also tested from other linux hosts.

On the Pi-hole runs Raspbian GNU/Linux 8.

Did you have enabled additional adlists ... I have enabled/uncomented some from adlist.default, may I have to disable them first?

Could you do the following to help us debug your issue?

Run

sudo service dnsmasq restart
pihole -d

on your Pi-hole device. While it tells you to browse the web, run your dig command on one of your clients.

You can then upload the debug log and give us the token (it will be securely shared with the developers only) or manually look though the stored log at the location the debugger tells you (whatever you like to do). Restarting dnsmasq first is necessary to be sure that the cache is empty (mistakes might be masked otherwise).

That test was just on a stock Pi-hole, Raspbian Jessie Lite, and I get the same response with my Arch Linux client pointed to the Pi-hole. NXDOMAIN.

Hmm, I disabled all items in my addlist.default but does not help. Which dnsmasq version is installed on your pi-hole?

Dnsmasq version 2.72

OK, same here. So that not the reason. Do you have any ideas more for me?

Have a look at my message here for a followable path.

Sorry, I have overseen your post ... here is the token: dig host.does.not.exist 9rfy7wej4m

Please have a look into your /etc/dnsmasq.conf and if that didn't help into your /etc/hosts

Ups sorry for confusion. Yes, I inserted a server= entry into /etc/dnsmasq.conf which I droped now (nothing changed, dig continues to result into 127.0.01). I made a new log with token tawn3ak4tc can you give it a new try? Thanks!

Hmm, next idea would be a

cat /etc/hosts | nc tricorder.pi-hole.net 9999

It will give you a new token.

Aaargh, I'am a idiot, I added it to my /etc/hosts yesterday while had some problems with it. I forgott it and now I'am sitting since hours in front of my /etc/hosts without seeing the obvious.

I'am very sorry for the noise ... and thanks a lot for your help!!!

Glad we were able to resolve this strange behavior.