[no unknown entries should appear in the query log, they all should be either blocked or permitted.]
[New entries have an unknown 0 status, unlike the previous topic (Some websites are showing up as unknown in status while others work) they were made from a mobile phone, see picture.]
[lyvhzvb03x
]
Do you have all the Pi-hole components on the latest version?
yes, it's in the debug code.
i have the other entries that showed up as unknown before, showing up as delayed and retried.
I'm a normal user here, I cannot access these. Only Pi-hole developers and moderators can. Could you run
grep -A 10 "www.mako.co.il" /var/log/pihole.log
and share the result?
Jan 28 07:43:40 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:43:40 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:43:40 dnsmasq[1502]: dnssec-query[DS] mako.co.il to 208.67.222.123
Jan 28 07:43:41 dnsmasq[1502]: reply mako.co.il is no DS
Jan 28 07:43:41 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:43:41 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:43:41 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:43:41 dnsmasq[1502]: cached www.mako.co.il is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: cached e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:43:41 dnsmasq[1502]: query[A] rcs.mako.co.il from samsung
Jan 28 07:43:41 dnsmasq[1502]: forwarded rcs.mako.co.il to 208.67.222.123
Jan 28 07:43:41 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:43:41 dnsmasq[1502]: reply rcs.mako.co.il is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:43:41 dnsmasq[1502]: query[A] connect.facebook.net from samsung
Jan 28 07:43:41 dnsmasq[1502]: cached connect.facebook.net is <CNAME>
--
Jan 28 07:44:20 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:44:20 dnsmasq[1502]: cached www.mako.co.il is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:44:20 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:44:20 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:44:26 dnsmasq[1502]: query[A] realtime.www.linkedin.com from pc
Jan 28 07:44:26 dnsmasq[1502]: forwarded realtime.www.linkedin.com to 208.67.222.123
Jan 28 07:44:26 dnsmasq[1502]: forwarded realtime.www.linkedin.com to 1.1.1.3
Jan 28 07:44:26 dnsmasq[1502]: dnssec-query[DS] linkedin.com to 1.1.1.3
Jan 28 07:44:26 dnsmasq[1502]: reply linkedin.com is no DS
Jan 28 07:44:26 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:44:26 dnsmasq[1502]: reply realtime.www.linkedin.com is <CNAME>
Jan 28 07:44:26 dnsmasq[1502]: reply mix.linkedin.com is <CNAME>
--
Jan 28 07:45:23 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:45:23 dnsmasq[1502]: cached www.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:45:23 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:45:23 dnsmasq[1502]: reply rcs.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:45:23 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:45:23 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:45:23 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:45:23 dnsmasq[1502]: reply mobile.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:45:50 dnsmasq[1502]: query[A] ipv4.tracker.harry.lu from 192.168.55.100
Jan 28 07:45:50 dnsmasq[1502]: forwarded ipv4.tracker.harry.lu to 208.67.222.123
Jan 28 07:45:50 dnsmasq[1502]: dnssec-query[DS] harry.lu to 208.67.222.123
Jan 28 07:45:50 dnsmasq[1502]: query[A] ipv4.tracker.harry.lu from 192.168.55.100
--
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:47:25 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:47:25 dnsmasq[1502]: query[A] rcs.mako.co.il from samsung
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.google.com from samsung
Jan 28 07:47:25 dnsmasq[1502]: cached www.google.com is 172.217.18.36
Jan 28 07:47:25 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:47:25 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:47:25 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:47:25 dnsmasq[1502]: reply rcs.mako.co.il is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:47:48 dnsmasq[1502]: query[A] wpad.lan from pc
Jan 28 07:47:48 dnsmasq[1502]: cached wpad.lan is NXDOMAIN
Jan 28 07:48:16 dnsmasq[1502]: query[A] www.google.com from samsung
Jan 28 07:48:17 dnsmasq[1502]: forwarded www.google.com to 208.67.222.123
--
Jan 28 08:01:58 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:01:58 dnsmasq[9917]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: dnssec-query[DS] mako.co.il to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: reply mako.co.il is no DS
Jan 28 08:01:58 dnsmasq[9917]: dnssec-query[DS] edgekey.net to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:01:58 dnsmasq[9917]: reply edgekey.net is no DS
Jan 28 08:01:58 dnsmasq[9917]: dnssec-query[DS] akamaiedge.net to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: reply akamaiedge.net is no DS
Jan 28 08:01:58 dnsmasq[9917]: validation result is INSECURE
Jan 28 08:01:58 dnsmasq[9917]: reply www.mako.co.il is <CNAME>
Jan 28 08:01:58 dnsmasq[9917]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:01:58 dnsmasq[9917]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 08:01:59 dnsmasq[9917]: query[A] googleads.g.doubleclick.net from samsung
Jan 28 08:01:59 dnsmasq[9917]: gravity blocked googleads.g.doubleclick.net is 0.0.0.0
Jan 28 08:01:59 dnsmasq[9917]: query[A] www.googletagservices.com from samsung
Jan 28 08:01:59 dnsmasq[9917]: gravity blocked www.googletagservices.com is 0.0.0.0
Jan 28 08:01:59 dnsmasq[9917]: query[A] mrb.upapi.net from samsung
Jan 28 08:01:59 dnsmasq[9917]: gravity blocked mrb.upapi.net is 0.0.0.0
Jan 28 08:01:59 dnsmasq[9917]: query[A] mobile.mako.co.il from samsung
Jan 28 08:01:59 dnsmasq[9917]: forwarded mobile.mako.co.il to 208.67.222.123
--
Jan 28 08:03:13 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:03:13 dnsmasq[9917]: cached www.mako.co.il is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 08:03:13 dnsmasq[9917]: validation result is INSECURE
Jan 28 08:03:13 dnsmasq[9917]: reply www.mako.co.il is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 08:03:13 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:03:13 dnsmasq[9917]: cached www.mako.co.il is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: cached e974.b.akamaiedge.net is 104.79.233.245
Jan 28 08:03:13 dnsmasq[9917]: query[A] googleads.g.doubleclick.net from samsung
Jan 28 08:03:13 dnsmasq[9917]: gravity blocked googleads.g.doubleclick.net is 0.0.0.0
Jan 28 08:03:13 dnsmasq[9917]: query[A] ssl.gstatic.com from pc
Jan 28 08:03:13 dnsmasq[9917]: forwarded ssl.gstatic.com to 208.67.222.123
Jan 28 08:03:13 dnsmasq[9917]: query[A] www.googletagservices.com from samsung
Jan 28 08:03:13 dnsmasq[9917]: gravity blocked www.googletagservices.com is 0.0.0.0
Jan 28 08:03:13 dnsmasq[9917]: query[A] mrb.upapi.net from samsung
Jan 28 08:03:13 dnsmasq[9917]: gravity blocked mrb.upapi.net is 0.0.0.0
Your're using the latest version
*** [ DIAGNOSING ]: Core version
[i] Core: v5.2.4 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Remotes: origin https://github.com/pi-hole/pi-hole.git (fetch)
origin https://github.com/pi-hole/pi-hole.git (push)
[i] Branch: master
[i] Commit: v5.2.4-0-gcbfb58f
*** [ DIAGNOSING ]: Web version
[i] Web: v5.3.2 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Remotes: origin https://github.com/pi-hole/AdminLTE.git (fetch)
origin https://github.com/pi-hole/AdminLTE.git (push)
[i] Branch: master
[i] Commit: v5.3.2-0-g1521dfe
*** [ DIAGNOSING ]: FTL version
[✓] FTL: v5.6
Those should not occur anymore, as the latest Pi-hole update explicitly dealt with Unknown (0).
I know, i'm not sure if i installed the latest update today before or after that query in the log. but was this fixed in the last update?
just to note the last time I updated was on Sunday if I remember correctly.
Your last gravity update finished at
Last gravity run finished at: Thu 28 Jan 07:49:12 IST 2021
and the query happend at
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.mako.co.il from samsung
The gravity update was likely triggered by the Pi-hole update. So the query happend before the update.
Please continue to watch the query log for unknown(0) queries and report back if the still occure.
Will do, thanks!
Jan 29 16:31:00 dnsmasq[9917]: query[A] mtalk.google.com from pc
Jan 29 16:31:00 dnsmasq[9917]: forwarded mtalk.google.com to 208.67.222.123
Jan 29 16:31:00 dnsmasq[9917]: query[A] mtalk.google.com from pc
Jan 29 16:31:00 dnsmasq[9917]: forwarded mtalk.google.com to 1.1.1.3
Jan 29 16:31:00 dnsmasq[9917]: forwarded mtalk.google.com to 208.67.222.123
Jan 29 16:31:00 dnsmasq[9917]: validation result is INSECURE
Jan 29 16:31:00 dnsmasq[9917]: reply mtalk.google.com is <CNAME>
Jan 29 16:31:00 dnsmasq[9917]: reply mobile-gtalk.l.google.com is 173.194.76.188
Jan 29 16:31:01 dnsmasq[9917]: query[A] autoupdate.geo.opera.com from pc
Jan 29 16:31:01 dnsmasq[9917]: cached autoupdate.geo.opera.com is <CNAME>
Jan 29 16:31:01 dnsmasq[9917]: cached us-autoupdate.opera.com is 37.228.108.132
Jan 29 16:31:01 dnsmasq[9917]: cached us-autoupdate.opera.com is 37.228.108.133
Jan 29 16:31:01 dnsmasq[9917]: query[A] auth.grammarly.com from pc
Jan 29 16:31:01 dnsmasq[9917]: forwarded auth.grammarly.com to 208.67.222.123
Jan 29 16:31:01 dnsmasq[9917]: query[A] auth.grammarly.com from pc
Jan 29 16:31:01 dnsmasq[9917]: forwarded auth.grammarly.com to 1.1.1.3
Jan 29 16:31:01 dnsmasq[9917]: forwarded auth.grammarly.com to 208.67.222.123
still happened after the update.
Please add
DEBUG_QUERIES=true
DEBUG_DNSMASQ_LINES=true
to the file /etc/pihole/pihole-FTL.conf (create if it does not exist) and run
pihole restartdns
Next time a Unknown (0) message appears, check again the pihole.log file like you did before (there should be additional output behind each log line.
Also, check /var/log/pihole-FTL.log which should contain log lines like:
[2021-01-31 10:46:50.992 1470315M] **** new UDP query[AAAA] query "discourse.pi-hole.net" from enp2s0:192.168.2.2 (ID 688, FTL 18129, /home/me/FTL/src/dnsmasq/forward.c:1623)
[2021-01-31 10:46:50.993 1470315M] discourse.pi-hole.net is known as not to be blocked
[2021-01-31 10:46:50.993 1470315M] **** got cache answer for discourse.pi-hole.net / / <unknown> (ID 688, /home/me/FTL/src/dnsmasq/rfc1035.c:1752)
Find the ID corresponding to your query from this message (ID 688 in the example above) and grep for it like
grep "ID 688" /var/log/pihole-FTL.log
This should give us a better understanding of what may be missing here.
ok the first debug was already there, added the second one, now we wait.
So far nothing, it's a shame I can't search for such entries, because I can't sit with the query log open all day.
Well, you can make the Query Log "show all" and then sort by the status column. I guess this should work.
that's still just the last 100 queries. which is btw why I don't see the point of having both 100 and all in the dropdown.
I usually do this and sort by status, the unknowns are at the top once you sort by status no matter how many are showing below it.
Show all is a link you can click on. I see the dark theme seems to make clickable links invisible. You may be missing a lot more on the web interface due to this...
edit I checked the theme and this link seems to be the only one that is "hidden". I will set up a pull request to fix this in the next release.
oh, that text.... my bad, it's my dark reader plugin's fault.
maybe make this switch a checkbox next to the number of entries to show?
like "show (10) of 100/all". just a suggestion.
anyway, nothing so far, and I restarted my pihole after the last one happened on the 29th so we have a whole week of data. we'll see next weekend if this doesn't come back then it may have been something left in memory that needed a restart after the update.
