The pi-hole is no longer blocking websites via the CNAME inspection. I did use the beta version of the latest release. According to my logs, the last time a CNAME block occurred was on September 6th. Not sure if this corresponds to a beta update. I checked regularly for beta updates and would update the pi-hole.
Below are several domains which use to be blocked via CNAME. I have quite a few more but they are no longer being blocked via CNAME.
You can post the token publicly. Only a few members on the Pi-hole team have access to the log via that token, and the uploaded log is auto-deleted after 48 hours.
Thanks for your report and the information you provided. I'm pretty sure it was broken by the part
This commit also fixes a long-standing bug in caching of CNAME chains leading to a PTR record.
in
because CNAME handling was redesigned. We'll add a proper test to our embedded testing suite to ensure this won't happen again in the future. I'm sorry about that.
You can track the fix here:
@pihole2 It would be really helpful if you could verify that
pihole -v
Pi-hole version is v5.5 (Latest: v5.5)
AdminLTE version is v5.7 (Latest: v5.7)
FTL version is fix/cname vDev-8bbc1f2 (Latest: v5.10.2)
domain on list (gstaticadssl.l.google.com)
pihole -q gstaticadssl.l.google.com
Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
gstaticadssl.l.google.com
dig ...
dig fonts.gstatic.com
; <<>> DiG 9.16.4 <<>> fonts.gstatic.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8380
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;fonts.gstatic.com. IN A
;; ANSWER SECTION:
fonts.gstatic.com. 192 IN CNAME gstaticadssl.l.google.com.
gstaticadssl.l.google.com. 193 IN A 172.217.168.195
;; Query time: 4 msec
;; SERVER: 192.168.2.57#53(192.168.2.57)
;; WHEN: Sat Oct 02 11:48:25 Romance Daylight Time 2021
;; MSG SIZE rcvd: 98
Ah, yes, that's a very special case of a short CNAME, thanks for testing this. This should obviously work, too. Let me sketch the DNS paths below so it gets obvious what the difference is here:
[A] tr.rbxcdn.com
-> CNAME trak.rbxcdn.com
-> CNAME tr.rbxcdn.com.edgesuite.net.
-> CNAME a1831.d.akamai.net.
-> A 95.101.90.154
-> A 95.101.90.171
whereas the Google CNAME is much simpler:
[A] fonts.gstatic.com.
-> CNAME gstaticadssl.l.google.com.
-> A 142.250.186.163
Please update the branch in a few minutes and try again (version should be e852b71d).