Logging for wildcard support

I've enabled wildcard support, as explained in this topic, as I was really getting tired of some tracking domains. The domains are blocked, but the hits are NOT logged by pi-hole (witch is believe to be normal). Would it be possible to log the hits on the wildcard domains, to get an idea how effective the block is?
My /etc/dnsmasq.d/02-wildcards.conf:
address=/.ligatus.com/address_of_my_raspberry_pi
address=/.gigya.com/address_of_my_raspberry_pi
address=/.trackuity.com/address_of_my_raspberry_pi

Share some of the log where the wildcard-blocked domain gets queried. There might be some special wording that you can search for in the log via grep.

With our current filtering your queries should be counted correctly in "Total DNS queries". However, the "blocked queries" filter will require some fine-tuning for this. They are optimized for speed (and simplicity) and may miss the wildcard log entries.

I concur with @Mcat12's question. We can then start to investigate.

some results:

the website (www.trackuity.com) without pi-hole (using an opendns server - browser cache and dns cache cleared)

the website (www.trackuity.com) with pi-hole (browser cache and dns cache cleared)

the pi-hole dashboard at the time of the blocking

the log entries (from /var/log/pihole.log)
Dec 31 09:04:49 dnsmasq[462]: query[A] www.trackuity.com from 192.168.2.125
Dec 31 09:04:49 dnsmasq[462]: config www.trackuity.com is 192.168.2.250
Dec 31 09:04:50 dnsmasq[462]: query[A] www.trackuity.com from 192.168.2.125
Dec 31 09:04:50 dnsmasq[462]: config www.trackuity.com is 192.168.2.250
Dec 31 09:05:20 dnsmasq[462]: query[NS] www.trackuity.com from 192.168.2.125
Dec 31 09:05:20 dnsmasq[462]: config www.trackuity.com is NODATA

I'm about to change the corresponding filter for the Query Log. However, the filter function for the blocked DNS queries will be a difficult task to do.

This is work in progress

The pull requests include changes to the whole infrastructure, allowing wildcard support in various places including a convenient way of managing wildcard blocks from the web interface.

This includes the statistics (counters), the Query Log as well as the API. However, the Top Advertisers list is still not aware of wildcard blocks since that requires another pull request to be merged first.

Your previously existing entries have to be removed and re-added through the web UI to function properly with all algorithms. You can also move the corresponding lines into the file /etc/dnsmasq.d/03-pihole-wildcard.conf.

I noticed you are using the file /etc/dnsmasq.d/03-pihole-wildcard.conf.
I'm currently using '/etc/dnsmasq.d/02-wildcards.conf' and '/etc/dnsmasq.d/03-dnscrypt.conf' for my pihole
I understand you need to use a default filename to make the scripts work.
Can you explain the naming convention for the conf files in /etc/dnsmasq.d.
Currently, I've (and others may to) got already 3 files, one for pihole (01), one for wildcards (02) and one for DNScrypt (03).
I can't really find (man & google) an explanation for the numbering sequence.
If a wildcard config is going to be a part of the pi-hole installation procedure, would it not automatically (or preferably ) have the 02 sequence? Or better yet, make the file name a part of setupVars.conf, to avoid conflicts with any raspberry pi setup?

The numbering is irrelevant so it doesn't harm if you have multiple 03-... files. dnsmasq loads the files in alphabetical order. We already use 02 for DHCP settings (but, of course, you can also have multiple files starting with 02-...)

There already has been a proposal for this and similar issues ==> proposal on github

1 Like

The way I do it has some benefits:

  • DHCP and wildcard settings go into a separate file which is easily recognizable by its filename (sake of convenience)
  • we still want to overwrite 01-pihole.conf with our default to be able to fix possible problems with some bad configurations inexperienced users might have made there
  • the installer can leave the said separate files untouched when updating, but we can decide at every point that we want to modify them in addition if we feel this is necessary