Minor concern about entries excluded from blocklists

Current Pi-hole version is v5.16.2
Current AdminLTE version is v5.19
Current FTL version is v5.22

Works fine, not a question about the function of pi-hole.
The latest update I notices some reports of "non-domain" entries excluded from the block lists.

  Sample of non-domain entries:
    - _ldap._tcp.pdc._msdcs.adserver.com
    - _dmarc.js.alexametrics.com
    - outping--.callrail.com
    - aes-.corp.com
    - 7cjyxsb-.micpn.com

testing with dig and nslookup, I get replies like.

dig: 'aes-.corp.com' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnin

I concur completely that they are not "valid" domain names.

However I wonder if "all" DNS resolvers will refuse to try to resolve those names.

They look to be deliberately crafted to confuse something.

In other words, I wonder if under some circumstances those domains can actually lead to a valid IP address.

They do not look like simple errors on the part of the block list compilers, but intentional blocking of names crafted to confuse DNS resolvers.

If pi-hole blocks all these "invalid" domains inherently, I see no issue with removing them from the blocklist. Can anyone assure me that names of that form are inherently dropped by Oihole???

Cheers Harry

That is an interesting question.

Sure enough, dig and nslookup on Linux refuse to handle the request for an invalid domain.

It's different on Windows - not only is the request accepted, it returns an IP address as well.

C:\>nslookup outping--.callrail.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Nicht autorisierende Antwort:
Name:    outping--.callrail.com
Addresses:  34.205.162.80
          52.204.163.246
          54.146.167.49

EDIT:
This doesn't seem intended - I'm having a chat with our development team to investigate.
Thank you for bringing this up, shoka.