Need help blocking porn sites

jbrewton · July 20, 2022, 1:27pm

Trying to block pornsites.

Expected Behaviour:
Porn sites in Adlist should not be accessible from client.

Actual Behaviour:
When I test pornhub.com, site is accessible

Debug Token:

https://tricorder.pi-hole.net/9UFlsUhw/

From Pi Terminal:
$ nslookup pornhub.com
Server: 192.168.50.1
Address: 192.168.50.1#53

** server can't find pornhub.com: NXDOMAIN

From client:
nslookup pornhub.com
Server: pi.hole
Address: 192.168.50.78

Non-authoritative answer:
Name: pornhub.com
Address: 66.254.114.41

I am seeing some sites in pi-hole query log getting blocked for client,

Any help would be appreciated.

jfb · July 20, 2022, 3:03pm

Your exact blacklist entry for pornhub.com is not assigned to any client group. Using the group management page of the web GUI, go to domains and assign this domain to the default group.

*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)
   id     type  enabled  group_ids     domain                                                                                                date_added           date_modified        comment                                           
   -----  ----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1         3        1                pornhub.com                                                                                           2022-07-19 14:30:13  2022-07-20 07:39:01                                                    
   2         3        1  0             ^.+(pornhub.com).*s                                                                                   2022-07-20 07:50:01  2022-07-20 07:50:01                                                    
   3         3        1  0             (\.|^)pornhub\.com$                                                                                   2022-07-20 07:50:12  2022-07-20 07:50:12

The Pi is not using Pi-hole for DNS, it is using the router. Pi-hole is at this IP:

eth0 (192.168.50.78)

This regex is not doing what you expect it to do:

^.+(pornhub.com).*s

pihole-FTL regex-test pornhub.com ^.+(pornhub.com).*s 
[i] Compiling regex filter...
    Compiled regex filter in 0.180 msec

Checking domain...
    NO MATCH!
   Time: 0.129 msec

jbrewton · July 20, 2022, 4:42pm

Thank you for your quick response. My /etc/dhcpcd.conf file had additional settings that I removed and now Pi shows:
$ nslookup pornhub.com
Server: 192.168.50.78
Address: 192.168.50.78#53

Name: pornhub.com
Address: 0.0.0.0
Name: pornhub.com
Address: ::

Now the entries from Pi client shows blocked in query log.

Next, why is my windows client still able to reach pornhub.com? I have ASUS router set up to send to pihole DNS and have turned off "Advertise router's IP in addition to user-specified DNS"

client ipconfig /all only shows my pihole dns
DNS Servers . . . . . . . . . . . : 192.168.50.78

I am not seeing anything for pornhub in the query log for my windows client when using nslookup

jfb · July 20, 2022, 4:48pm

From the Windows client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of

nslookup pi.hole

nslookup pornhub.com

nslookup pornhub.com 192.168.50.78

jbrewton · July 20, 2022, 4:51pm

Client:  nslookup pi.hole
Server:  pi.hole
Address:  192.168.50.78

Name:    pi.hole
Addresses:  fe80::4bf4:2569:62b8:85dd
          169.254.247.104

 nslookup pornhub.com
Server:  pi.hole
Address:  192.168.50.78

Non-authoritative answer:
Name:    pornhub.com
Address:  66.254.114.41

nslookup pornhub.com 192.168.50.78
Server:  pi.hole
Address:  192.168.50.78

Non-authoritative answer:
Name:    pornhub.com
Address:  66.254.114.41

jfb · July 20, 2022, 4:53pm

Fresh debug token please.

jbrewton · July 20, 2022, 4:58pm

https://tricorder.pi-hole.net/37quig2O/

jfb · July 20, 2022, 5:12pm

From the Pi terminal, what is the output of the following:

sudo grep pornhub /var/log/pihole/pihole.log | tail -n25

jbrewton · July 20, 2022, 5:14pm

$ sudo grep pornhub /var/log/pihole/pihole.log | tail -n25
Jul 20 08:04:02 dnsmasq[3285]: query[A] www.pornhub.com from 127.0.0.1
Jul 20 08:04:02 dnsmasq[3285]: gravity blocked www.pornhub.com is 0.0.0.0
Jul 20 08:04:02 dnsmasq[3285]: query[AAAA] www.pornhub.com from 127.0.0.1
Jul 20 08:04:02 dnsmasq[3285]: gravity blocked www.pornhub.com is ::
Jul 20 11:41:20 dnsmasq[575]: query[A] pornhub.com from 192.168.50.78
Jul 20 11:41:20 dnsmasq[575]: gravity blocked pornhub.com is 0.0.0.0
Jul 20 11:41:20 dnsmasq[575]: query[AAAA] pornhub.com from 192.168.50.78
Jul 20 11:41:20 dnsmasq[575]: gravity blocked pornhub.com is ::
Jul 20 11:47:00 dnsmasq[575]: query[A] pornhub.com from 192.168.50.78
Jul 20 11:47:00 dnsmasq[575]: gravity blocked pornhub.com is 0.0.0.0
Jul 20 11:47:00 dnsmasq[575]: query[AAAA] pornhub.com from 192.168.50.78
Jul 20 11:47:00 dnsmasq[575]: gravity blocked pornhub.com is ::
Jul 20 11:47:44 dnsmasq[575]: query[A] pornhub.com from 192.168.50.78
Jul 20 11:47:44 dnsmasq[575]: gravity blocked pornhub.com is 0.0.0.0
Jul 20 11:47:44 dnsmasq[575]: query[AAAA] pornhub.com from 192.168.50.78
Jul 20 11:47:44 dnsmasq[575]: gravity blocked pornhub.com is ::
Jul 20 11:55:07 dnsmasq[575]: query[A] pornhub.com from 192.168.50.78
Jul 20 11:55:07 dnsmasq[575]: gravity blocked pornhub.com is 0.0.0.0
Jul 20 11:55:07 dnsmasq[575]: query[AAAA] pornhub.com from 192.168.50.78
Jul 20 11:55:07 dnsmasq[575]: gravity blocked pornhub.com is ::
Jul 20 12:56:11 dnsmasq[575]: query[A] pornhub.com from 192.168.50.78
Jul 20 12:56:11 dnsmasq[575]: gravity blocked pornhub.com is 0.0.0.0
Jul 20 12:56:11 dnsmasq[575]: query[AAAA] pornhub.com from 192.168.50.78
Jul 20 12:56:11 dnsmasq[575]: gravity blocked pornhub.com is ::

yubiuser · July 20, 2022, 5:15pm

Your regex are not enabled.

jbrewton · July 20, 2022, 5:26pm

I disabled regex blacklists on Pihole since porhub.com is included in Adlist. Or is there someplace else you are seeing I need to reenable

jfb · July 20, 2022, 5:33pm

Puzzling.

What is the output of the following from the Pi terminal:

pihole -q pornhub.com

And, what is the IP of the Windows client from which you ran the nslookup commands?

jbrewton · July 20, 2022, 5:41pm

Match found in https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list:
   pornhub.com
   gfypornhub.com
   www.pornhub.com
   www.gfypornhub.com
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   ht.pornhub.com

jfb · July 20, 2022, 5:44pm

IP of the Windows client?

jbrewton · July 20, 2022, 5:45pm

192.168.50.131

jfb · July 20, 2022, 5:49pm

Rather than go back and forth with log lookups, please use the following command to upload your entire dnsmasq log to our server. Only the Pi-hole team can access this. Depending on the size of the log, it may take a minute or a few minutes to upload and present you with the token.

sudo cat /var/log/pihole/pihole.log | pihole tricorder

jbrewton · July 20, 2022, 6:03pm

ok, it may not be a pi-hole issue. I just tried 2 other clients and pornhub is getting blocked. Seems to be the clients have been using is having issues. Any suggestions?

jfb · July 20, 2022, 6:08pm

The nslookup shows that Pi-hole (the IP shown for the DNS server is Pi-hole) is returning the IP for a domain which should be blocked. But, your dnsmasq log shows no such transaction. This is what has me confused.

jbrewton · July 20, 2022, 6:30pm

Why would the issue only impact 1 client? all other clients seems to be getting blocked.

jfb · July 20, 2022, 6:31pm

I don't know. You don't have any group assignments, so all clients should be treated equally.