Expect to block a domain with ip address explicitly spelled out, for example: http://107.189.165.31:443/
The web request always goes through, no matter how I tried with the blacklist. It is a free proxy on the web that kids use for watch youtube, after I blocked youtube directly.
no token needed.
This is not the expected behavior, for several reasons.
Pi-hole is a domain blocker, not an IP blocker. If a client asks for the IP of a domain that is blocked by Pi-hole, the client will not receive that IP. In your example, since the client already has the IP, there will be no domain name resolution.
Even with domains (lets assume domain chicken resolved to the IP you show), a domain blocker (or hosts file, etc) does not get involved in the port number. That is not part of the domain name system. You could block or allow the domain chicken, but that would not include a specific port at that domain IP.
To block a specific IP, you need a firewall. Some routers have this capability - check your router manual.
Thanks for the message. I agree with you, this might be more of a firewall issue.
Pihole does block the explicit IP address, because I can put the explicit ip address in the black list and it works as expected. However, with the port number at the end, this request always gets through.
A DNS server can't block an IP address. The client using that IP address will never query a DNS server and why would it if it already knows the IP address?
I have to say your logic is absolutely flawless. However, even though I know this day will come when kids start to memorize ip address, it comes too soon. Is there a way we can stretch pihole's functionality such way that we can block explicit IPs as well? Kindly regards.
Unlikely. Pi-hole is a domain blocker, not a firewall.
IP addresses change quite frequently for most sites due to CDNs. Once kids memorize IPv4 addresses then you throw IPv6 addresses at them and laugh as you walk away.
Pi-hole's efficacy on IP blocking is nil though, clients simply won't use DNS for direct IP access.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.