Currently, bit.ly is in one of my blocklists. How pi-hole handle this scenario:
Does pi-hole get to see where bit.ly wants to redirect and therefore blocks it or is that redirection done outside of pi-hole?
Normally if a domain leads via a CNAME to another domain on the blocklist, the request for the first domain will be blocked.
When you whitelist the first domain, it will be loaded regardless of the domains that appear in the CNAME chain.
So in this case, the blocked domain will be allowed if I understand your reply, yes?
Yes. Here's an example:
good-domain
leads to CNAMES as follows:
another-good-domain
bad-domain
where bad-domain is on a block list. If you don't whitelist good-domain, the query will be blocked when the CNAME path gets to bad-domain.
If you whitelist good-domain, then the CNAME check is skipped and the IP for good-domain is retrieved.
Alright, thank you!
URL shortening services like bit.ly do not use DNS records, but instead leverage URL redirection to forward a HTTP request, and as this is done through their servers, it potentially exposes you to third party tracking.
(As a a side note: You can test where a bit.ly link would take you by appending a + to the URL, e.g. https://bitly.com/bbZkLH+ for checking https://bitly.com/bbZkLH )
Whitelisting bit.ly does not affect blockage of the target domain:
Pi-hole sees the DNS request to the redirect domain as an additional, separate DNS query and would still be able to block it accordingly.