Issue with Apple App Store and NEST

Please follow the below template, it will help us to help you!

Expected Behaviour:

Allow acess to NEST account and Apple App Store

Actual Behaviour:

I have two NEST thermostats - with PiHole specified as it's DNS, ONE of them would not communicate with the NEST server. Also, my new iPhone 10R and my wife's iPhone 8 returned "unable to access App Store" - DISABLING PiHole did NOT solve the issue; but, taking the PiHole out of my DNS spec altogether solved BOTH issues.

Debug Token

960qke6zby

A few problems noted in your debug log:

Your gravity list is empty (likely is corrupted). Rebuild gravity with pihole -g

This may not correct your NEST problem, but it will correct the gravity problem. After you do this, look at NEST performance.

*** [ DIAGNOSING ]: Gravity list
-rw-r--r-- 1 root root 1 Jan 27 10:18 /etc/pihole/gravity.list
   -----head of gravity.list------
   
   -----tail of gravity.list------

This empty gravity list resulted in this:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve  via localhost (127.0.0.1)
[✗] Failed to resolve  via Pi-hole (192.168.75.5)

What are your upstream DNS servers in Pi-Hole? Both local IP addresses.

Ok – did this:

sudo pihole -g

[i] Pi-hole blocking is disabled

[i] Neutrino emissions detected...

[â] Pulling blocklist source list into range

[i] Target: raw.githubusercontent.com (hosts)

[â] Status: Retrieval successful

[i] Target: mirror1.malwaredomains.com (justdomains)

[â] Status: No changes detected

[i] Target: sysctl.org (hosts)

[â] Status: No changes detected

[i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)

[â] Status: No changes detected

[i] Target: s3.amazonaws.com (simple_tracking.txt)

[â] Status: No changes detected

[i] Target: s3.amazonaws.com (simple_ad.txt)

[â] Status: No changes detected

[i] Target: hosts-file.net (ad_servers.txt)

[â] Status: No changes detected

[â] Consolidating blocklists

[â] Extracting domains from blocklists

[i] Number of domains being pulled in by gravity: 135381

[â] Removing duplicate domains

[i] Number of unique domains trapped in the Event Horizon: 112751

[i] Number of whitelisted domains: 29

[i] Number of blacklisted domains: 0

[i] Number of regex filters: 0

[â] Parsing domains into hosts format

[â] Cleaning up stray matter

[â] Force-reloading DNS service

[â] DNS service is running

[â] Pi-hole blocking is Disabled

And now I see this:

pi@pihole:~ $ ls -lrt /etc/pihole/gravity*

-rw-r--r-- 1 root root 1 Jan 27 10:18 /etc/pihole/gravity.list

-rw-r--r-- 1 root root 2639430 Jan 28 07:20 /etc/pihole/gravity.list.bck

pi@pihole:~ $ file /etc/pihole/gravity*

/etc/pihole/gravity.list: very short file (no magic

/etc/pihole/gravity.list.bck: ASCII text

Just uploaded a new -d token 5pil1pl81f

Yes – I have two internal DNS servers. I think I (now – D’oh!) get why that might be problematic. I have a pretty complicated internal network, with 4 vLans, all managed by a SonicaWall TZ400, which is also currently my DHCP server, providing both static AND fixed IPs for all 4 vLans.

Any suggestions would be appreciated.

Clay

As you noted, you still have the same gravity problem. Try rebuilding gravity this way:

sudo rm /etc/pihole/gravity.list.bck

pihole -g -f

No joy – still an empty file

New Debug Token fffcvyiyq2

I did notice some “failed to resolve” messages at the top of the debug; but can’t figure those out. I did change my upstream DNS to Google and OpenDNS, and added all my local hosts to /etc/hosts.

Thanks!

Clay

These are showing that there was nothing in the gravity list. Pi-Hole randomly picks a known blocked domain (from your gravity list). If the list is empty, it can't find a known blocked domain and you see this output. It should show "... resolve [domain from your gravity list] ..."

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve  via localhost (127.0.0.1)
[✗] Failed to resolve  via Pi-hole (192.168.75.5)
[✓] doubleclick.com is 74.125.195.138 via a remote, public DNS server (8.8.8.8)

Do you still have the output of the gravity update command you ran?

What is the output of this command:

ls -l -h /etc/pihole

pi@pihole:~ $ pihole -g -f

[â] Deleting existing list cache
[i] Pi-hole blocking is disabled
[i] Neutrino emissions detected...
[â] Pulling blocklist source list into range
[i] Target: raw.githubusercontent.com (hosts)
[â] Status: Retrieval successful
[i] Target: mirror1.malwaredomains.com (justdomains)
[â] Status: Retrieval successful
[i] Target: sysctl.org (hosts)
[â] Status: Retrieval successful
[i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
[â] Status: Retrieval successful
[i] Target: s3.amazonaws.com (simple_tracking.txt)
[â] Status: Retrieval successful
[i] Target: s3.amazonaws.com (simple_ad.txt)
[â] Status: Retrieval successful
[i] Target: hosts-file.net (ad_servers.txt)
[â] Status: Retrieval successful
[â] Consolidating blocklists
[â] Extracting domains from blocklists
[i] Number of domains being pulled in by gravity: 135381
[â] Removing duplicate domains
[i] Number of unique domains trapped in the Event Horizon: 112751
[i] Number of whitelisted domains: 29
[i] Number of blacklisted domains: 0
[i] Number of regex filters: 0
[â] Parsing domains into hosts format
[â] Cleaning up stray matter
[â] Force-reloading DNS service
[â] DNS service is running
[â] Pi-hole blocking is Disabled

pi@pihole:~ $ ls -l -h /etc/pihole/

total 3.6G

-rw-r--r-- 1 root   root      633 Jan  6  2018 adlists.list
-rw-r--r-- 1 root   root       29 Jul 14  2018 auditlog.list
-rw-r--r-- 1 root   root        1 Jan 27 10:18 black.list
-rw-r--r-- 1 root   root        0 Jan 28 11:34 black.list.bck
-rw-r--r-- 1 root   root        0 Dec 27 16:45 blacklist.txt
-rw-r--r-- 1 pihole pihole      0 Jan 28 09:48 dhcp.leases
-rw-r--r-- 1 root   root       20 Jan 28 09:47 GitHubVersions
-rw-r--r-- 1 root   root        1 Jan 27 10:18 gravity.list
-rw-r--r-- 1 root   root     2.6M Jan 28 11:34 gravity.list.bck
-rw-r--r-- 1 root   root     1.4K Dec 28 11:21 install.log
-rw------- 1 root   root     1.2M Jan 28 11:34 list.0.raw.githubusercontent.com.domains
-rw------- 1 root   root     582K Jan 28 11:34 list.1.mirror1.malwaredomains.com.domains
-rw------- 1 root   root     624K Jan 28 11:34 list.2.sysctl.org.domains
-rw------- 1 root   root     7.1K Jan 28 11:34 list.3.zeustracker.abuse.ch.domains
-rw------- 1 root   root      613 Jan 28 11:34 list.4.s3.amazonaws.com.domains
-rw------- 1 root   root      43K Jan 28 11:34 list.5.s3.amazonaws.com.domains
-rw------- 1 root   root     1.7M Jan 28 11:34 list.6.hosts-file.net.domainsmore
-rw-r--r-- 1 root   root     2.6M Jan 28 11:34 list.preEventHorizon
-rw-r--r-- 1 root   root       20 Jan 28 11:30 localbranches
-rw-r--r-- 1 root   root       41 Jan 28 11:34 local.list
-rw-r--r-- 1 root   root       43 Jan 28 11:30 localversions
-rw-r--r-- 1 root   root      234 Dec 28 11:21 logrotate
-rw-rw-r-- 1 pihole pihole     15 Dec 28 11:21 pihole-FTL.conf
-rw-r--r-- 1 pihole pihole   3.6G Jan 28 11:36 pihole-FTL.db
-rw-rw-r-- 1 pihole www-data    0 Aug 14 09:09 regex.list
-rw-r--r-- 1 root   root      508 Jan 28 08:21 setupVars.conf
-rw-r--r-- 1 root   root      434 Dec 28 11:21 setupVars.conf.update.bak
-rw-r--r-- 1 root   root      642 Jan 27 10:14 whitelist.txt
-rw-r--r-- 1 root   root      117 Jan  6  2018 whitelist.txt.bck~

This is what would be expected to happen with blocking disabled. Check that you have not disabled blocking - web Admin GUI > disable.

Before you do that, what is the output of this command:

sudo grep BLOCKING /etc/pihole/setupVars.conf

Ok – (re)enabled blocking, (re)ran the update

gravity.list is now populated

Will manually put pihole back in the DNS list for my iPhone and post results.

Question – on my DNS lists, as long as pihole is first, can I have my internal DNS listed as backups?

Thanks!

Clay

No. This will provide a bypass around Pi-Hole.

When blocking is disabled, gravity and blacklist are moved to .bck files and pihole -d will update the .bck file of gravity.list.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.