Pi-hole doesn't block (some) domains although at least one adlist containing them

nosale · October 8, 2021, 1:40pm

I installed Pi-hole on my RPi 4 under docker to play around a bit and testing things out.
I added a bunch of lists (not all at the same time).
Then i noticed that some domains aren't blocked, although at least 1 active adlist containing them.

For example this one: v10.vortex-win.data.microsoft.com

Gravity was manually updatet through the frontend after adding new lists.

I also tried executing following commands within the docker container, but wihout any success:

pihole restartdns

pihole -g -f

Output:

  [✓] Deleting existing list cache
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [✓] Preparing new gravity database
  [i] Using libz compression

  ...
  
  [i] Target: https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
  [✓] Status: Retrieval successful
  [i] Analyzed 33752 domains

  ...

  [✓] Storing downloaded domains in new gravity database
  [✓] Building tree
  [✓] Swapping databases
  [✓] The old database remains available.
  [i] Number of gravity domains: 5151703 (4282470 unique domains)
  [i] Number of exact blacklisted domains: 0
  [i] Number of regex blacklist filters: 0
  [i] Number of exact whitelisted domains: 2
  [i] Number of regex whitelist filters: 0
  [✓] Flushing DNS cache
  [✓] Cleaning up stray matter

  [✓] DNS service is listening
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

Seems fine for me...

For checking if a domain is blocked i tried following commands (within docker container):

pihole -q v10.vortex-win.data.microsoft.com

Output:

 Match found in https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt:
   v10.vortex-win.data.microsoft.com
 Match found in https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt:
   v10.vortex-win.data.microsoft.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   v10.vortex-win.data.microsoft.com
 Match found in https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/Win10Telemetry:
   v10.vortex-win.data.microsoft.com
 Match found in https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/easylist:
   v10.vortex-win.data.microsoft.com

dig +short v10.vortex-win.data.microsoft.com @127.0.0.1

Output:

v10-win.vortex.data.trafficmanager.net.
global.vortex.data.trafficmanager.net.
40.77.226.250

No blocking here...

I can also see the successfull query in the frontend (Query Log):

I also tried to query the gravity database:

sqlite3 "/etc/pihole/gravity.db" "SELECT * FROM gravity WHERE domain = 'v10.vortex-win.data.microsoft.com'"

Output:

v10.vortex-win.data.microsoft.com|9
v10.vortex-win.data.microsoft.com|18
v10.vortex-win.data.microsoft.com|39
v10.vortex-win.data.microsoft.com|58
v10.vortex-win.data.microsoft.com|63

Here is also my debug log:
https://tricorder.pi-hole.net/GPRMOcA3/

Hopefully i misconfigured something and this isn't some serious bug.

Bucking_Horn · October 8, 2021, 3:16pm

127.0.0.1 is the client origin IP for the request to resolve v10.vortex-win.data.microsoft.com.

You've grouped your numerous adlists in numerous groups.
Only three of them are assigned to the default group:

https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/
https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
https://raw.githubusercontent.com/bloodhunterd/pi-hole-blocklists/master/LG.txt

Clents are using only the default group by default.

As all of your clients - including 127.0.0.1 - are using the default group, none of your lists apart from those mentionened above are used for filtering.

nosale · October 8, 2021, 4:06pm

Thanks for your time.
Now everything works as expected. Should have read the documentation more carefully.

jfb · October 8, 2021, 4:16pm

Other observations from your debug log.

You are running dirty code - this is code other than what we shipped.

*** [ DIAGNOSING ]: Web version
[i] Web: v5.7 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Remotes: origin	https://github.com/pi-hole/AdminLTE.git (fetch)
             origin	https://github.com/pi-hole/AdminLTE.git (push)
[i] Branch: master
[i] Commit: v5.7-0-g50f43bd-dirty
[i] Status:  M scripts/pi-hole/php/footer.php
[i] Diff: diff --git a/scripts/pi-hole/php/footer.php b/scripts/pi-hole/php/footer.php
          index 396e0a1..d84946f 100644
          --- a/scripts/pi-hole/php/footer.php
          +++ b/scripts/pi-hole/php/footer.php
          @@ -70,12 +70,14 @@
                       <div class="col-xs-12 col-sm-8 col-md-6">
                           <?php if (isset($core_commit) || isset($web_commit) || isset($FTL_commit)) { ?>
                           <ul class="list-unstyled">
...

Was this intended that the pi.hole domain return the NULL IP?

-rw-r--r-- 1 pihole pihole 20 Oct  8 07:32 /etc/pihole/pihole-FTL.conf
   REPLY_ADDR4=0.0.0.0

nosale · October 8, 2021, 4:44pm

What do you mean by dirty?
I think i use the official docker image or isn't that the official one?
Part of my docker-compose:

services:
  pihole:
    image: pihole/pihole:latest

jfb · October 8, 2021, 4:46pm

Dirty means that your local code does not match our code repository.

In your case, the complete details reported in the debug log are:

[i] Branch: master
[i] Commit: v5.7-0-g50f43bd-dirty
[i] Status:  M scripts/pi-hole/php/footer.php
[i] Diff: diff --git a/scripts/pi-hole/php/footer.php b/scripts/pi-hole/php/footer.php
          index 396e0a1..d84946f 100644
          --- a/scripts/pi-hole/php/footer.php
          +++ b/scripts/pi-hole/php/footer.php
          @@ -70,12 +70,14 @@
                       <div class="col-xs-12 col-sm-8 col-md-6">
                           <?php if (isset($core_commit) || isset($web_commit) || isset($FTL_commit)) { ?>
                           <ul class="list-unstyled">
          +<strong><li>Docker Tag</strong> 2021.10</li>
                               <li><strong>Pi-hole</strong> <?php echo $coreVersionStr; ?></li>
                               <li><strong>FTL</strong> <?php echo $ftlVersionStr; ?></li>
                               <li><strong>Web Interface</strong> <?php echo $webVersionStr; ?></li>
                           </ul>
                           <?php } else { ?>
          -                <ul class="list-inline">
          +                <strong>Docker Tag</strong> 2021.10
          +<ul class="list-inline">
                               <li>
                                   <strong>Pi-hole</strong>
                                   <a href="<?php echo $coreReleasesUrl . "/" . $core_current; ?>" rel="noopener" target="_blank"><?php echo $core_current; ?></a>

nosale · October 8, 2021, 5:43pm

Okay good to know.
These differences seems changes in/for the docker image.
So everything fine i think.