How does pi-hole handle blocking targets if I whitelist but the target is on a blocklist

Currently, is in one of my blocklists. How pi-hole handle this scenario:

  1. I whitelist
  2. I click a link that resolves to something else in my block list

Does pi-hole get to see where wants to redirect and therefore blocks it or is that redirection done outside of pi-hole?

Normally if a domain leads via a CNAME to another domain on the blocklist, the request for the first domain will be blocked.

When you whitelist the first domain, it will be loaded regardless of the domains that appear in the CNAME chain.

1 Like

So in this case, the blocked domain will be allowed if I understand your reply, yes?

Yes. Here's an example:


leads to CNAMES as follows:


where bad-domain is on a block list. If you don't whitelist good-domain, the query will be blocked when the CNAME path gets to bad-domain.

If you whitelist good-domain, then the CNAME check is skipped and the IP for good-domain is retrieved.

1 Like

Alright, thank you!

URL shortening services like do not use DNS records, but instead leverage URL redirection to forward a HTTP request, and as this is done through their servers, it potentially exposes you to third party tracking.
(As a a side note: You can test where a link would take you by appending a + to the URL, e.g. for checking )

Whitelisting does not affect blockage of the target domain:
Pi-hole sees the DNS request to the redirect domain as an additional, separate DNS query and would still be able to block it accordingly.

1 Like