Pi hole not blocking sites added to blocklist


#1

Please follow the below template, it will help us to help you!

Expected Behaviour:

I added a blocklist for adult content, but it doesn’t seem to be actually blocking the sites:

https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list

Actual Behaviour:

The sites still come up, but in the query log, it says they are blocked! Log entry below:

2019-01-09 12:10:57 AAAA pornhub.com 192.168.1.1 Blocked (gravity) - (0.3ms)

I tried clearing browser history, and flushed the DNS on my PC as well. Tried from other devices and the sites still load.

Debug Token:

rlylgbjrku


#2

You are most likely querying via another DNS (maybe IPV6?).

The query you specified, works as expected.

Is it executed on a client ?


#3

Check that the domain you were able to access is in fact “pornhub.com” and not “www.pornhub.com”. These are different domains, and each must be blocked if you are getting through on www.pornhub.com.


#4

So I checked my router settings, and while the DNS for IPv4 is set to the Pi Hole IP address, I don’t have anything for an IPv6 DNS. In fact, my router is has IPv6 support as disabled in the settings. Could this be part of the problem?


#5

I did not put www in front of any of the domains I tried…I searched the forums and saw that was mentioned before so I cleared all data from my browser, flushed DNS on my PC and tried again but it still happened. Oddly, it seems like when I use IE, the blocking seems to work, but on FireFox, it never blocks anything.


#6

What are the results for this search of your pihole log?

sudo grep pornhub /var/log/pihole.log

In Firefox, you may have a setting to use an alternate DNS.

Edit - and what is the output of this command:

pihole -q -adlist pornhub.com


#7

I’m new to Pi Hole…is it possible to run this command from the admin console? If not, I’m going to have to disconnect my raspberry pi from my network closet, and connect a monitor/keyboard which may take me some time :slight_smile:


#8

You need to be logged into the the Pi terminal, either directly with a monitor/keyboard attached or headless using ssh.

How did you install Pi-Hole on this device? That also requires access to the terminal, so however you did that will work to get you back to the terminal.


#9

Yup, I can do it, just a pain in the butt to disconnect it from where it’s sitting now and connect it back to a monitor and everything. I will give ssh a try first, didn’t think of that…i’m also a linux newbie, so you will have to bear with me :slight_smile: Many thanks for all the quick replies!


#10

Ok, got some time to do it…here’s the result from the first one:

Jan 11 09:31:33 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 09:31:33 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 09:32:14 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 09:32:14 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 09:32:16 dnsmasq[779]: query[AAAA] services.pornhub.com from 192.168.1.1
Jan 11 09:32:16 dnsmasq[779]: forwarded services.pornhub.com to 8.8.8.8
Jan 11 09:32:16 dnsmasq[779]: reply services.pornhub.com is NODATA-IPv6
Jan 11 09:37:47 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 09:37:47 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 09:39:01 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 09:39:09 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 12:30:50 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 12:30:50 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 12:34:45 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 12:34:45 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 12:34:48 dnsmasq[779]: query[AAAA] services.pornhub.com from 192.168.1.1
Jan 11 12:34:48 dnsmasq[779]: forwarded services.pornhub.com to 8.8.4.4
Jan 11 12:34:48 dnsmasq[779]: reply services.pornhub.com is NODATA-IPv6
Jan 11 12:38:36 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 12:38:36 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 12:38:51 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 12:38:51 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::
Jan 11 12:39:45 dnsmasq[779]: query[AAAA] pornhub.com from 192.168.1.1
Jan 11 12:39:45 dnsmasq[779]: /etc/pihole/gravity.list pornhub.com is ::

and the second one:

 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   ht.pornhub.com
 Match found in http://sysctl.org/cameleon/hosts:
   ht.pornhub.com
 Match found in https://hosts-file.net/ad_servers.txt:
   ht.pornhub.com
 Match found in https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list:
   pornhub.com
   mypornhub.com
   gaypornhub.com
   freepornhub.com
   vintagepornhub.com

#11

Everything here looks normal. Pornhub.com is blocked, as it should be. There are no queries for www.pornhub.com, and it isn’t shown in your blocklists, so it is not being blocked. Let’s confirm that:

What is the output of this command from the Pi terminal:

dig www.pornhub.com


#12

; <<>> DiG 9.10.3-P4-Raspbian <<>> www.pornhub.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53258
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.pornhub.com. IN A

;; ANSWER SECTION:
www.pornhub.com. 9753 IN CNAME pornhub.com.
pornhub.com. 3278 IN A 216.18.168.16

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jan 11 22:06:27 EST 2019
;; MSG SIZE rcvd: 74


#13

just following up @jfb any idea what the output of that dig command means? your help is greatly appreciated :slight_smile:


#14

This means that the query hit 127.0.0.1 (which is your localhost) and it resolved the domain to a valid IP address.

Hence, if you try opening the domain in a browser, it will load…

You could add a wildcard entry via the admin interface… that should take care of any possible variations of sub-domain names …


#15

Sorry for the late reply, I’m traveling. As @RamSet noted, the dig returned a valid IP, which indicates that you need to block both www.pornhub.com and pornhub.com.

Your Pi-Hole is working properly, you will just need to block the correct domain(s).


#16

thanks guys…since i’m just using an existing blocklist that doesn’t have the www in front of any of the domains, is there any quick way to add wildcards to the list? I’m going to try adding www.pornhub.com to the blacklist on it’s own right now and see if that helps.