Pihole block websites that are whitelisted.does not allow aps to work

Help Community Help
1

The issue I am facing:
I am unable to connect to websites that are whitelisted in my pi-hole. upon reviewing developer inspector (F12) network tab I see a of NS_Binding_aborted. this happens on my child's school learning program which breaks the app. this behavior is also on google, twitch, getepic, and google.
The twitch app and website stream do not load unless i am behind a vpn but i do not see a blocked site in pi-hole -t. again the error is a NS_BINDING_ABORTED but nothing in the block list.
a vpn client for child's school global protect will not connect behind a pi-hole. when on a 4g connection or with pi-holes turned off and DNS router to 8.8.8.8 it will work. I just do not understand why nothing shows up in the log as blocked..
i have noticed many websites with CORS errors as well - not sure if this is related.
the problems go away when i turn on my VPN (mullvad)
during a typical day, working from home, google will stop responding to search requests and then after a few moments either time our or say the HTTPS version of the site cannot be found.. when i click on go to HTTP version it works but the actual link in the URL bar still says HTTPS

Details about my system:
running on a R Pi4 actual hardware and on an Ubuntu VM
both machines are running over Ethernet connections.
various clients that are requesting DNS include, win 10, Ubuntu, android tablet and phone, apple tablet and phone, surface pro.

What I have changed since installing Pi-hole:
i have added the iptables rule suggestions found here:
https://docs.pi-hole.net/guides/vpn/openvpn/firewall/
i have removed all block lists except the one that is installed stock
I run unbound on these devices
within the pihole-FTL.conf file i have added
AAAA_QUERY_ANALYSIS=YES
BLOCKINGMODE=NULL
PRIVACYLEVEL=0
under setting in web gui -> DNS tab
custom ip for unbound 127.0.0.1#5335
listening on all interfaces - should that just be eth0?
advanced
checked never forward non FQDNs
uncheck never forward reverse lookups
unchecck DNSSEC
isp does not provide ipv6 and i have tried running pihole -r with ipv6 on and off. no change...
i have whitelisted many sites i am sure i do not need but this has been a struggle

debug tokens - please diagnose the r pi 4 as its primary
RPI4 token:
https://tricorder.pi-hole.net/4l5svwsusi

Ubuntu 20.04 token:
https://tricorder.pi-hole.net/651piz80fr

the objective would be to get this functional again, i love this project and what i means for the end user. i have previous donated when i was able to due to how good this is for people - thank you for your work!

Any and all advice and help would be greatly appreciated.

2

Both debug logs are normal.

Use these tools to help determine what may be blocked that is interfering with the content:

1 Like
3

Thanks for the very fast response but I have tried the suggestions on that post... Should have linked in op. Is there anything else you can suggest?
Thanks

4

Bumping this.

5

I have no additional suggestions. I would address the NS_Binding... issue and I expect that will resolve the problem.

6

Can I assume that help is beyond the scope of this forum? Could My ISP be part of the problem - comcast?

7

Most likely. We may have users who know a potential solution, but that's an off chance.

I don't know if the ISP can be part of the problem. You may need to do a bit of internet research on this particular error.

8

I can certainly keep digging. Would you be able to ask this user for their input?
Thanks again

9

Upon further observation and investigation I have found that fonts.googleapis.com is not reachable on any device and breaks many websites.

10

This is not a domain that appears on many blocklists (not on the Pi-hole default list, for example).

You can whitelist the domain, and this will prevent it from being blocked by any blocklist.

But, of more interest, let's see why this domain is being blocked. From the Pi terminal, please post the outputs of the following commands:

pihole -q -exact fonts.googleapis.com

sqlite3 /etc/pihole/gravity.db "SELECT address FROM adlist"

11

i have had it whitelisted for a while but from time to time, not sure why, but that will cause the death a multitude of websites for 10mins to 3 hours. I have no idea why it happens.
Please advise on what else you need and thank you. at this time only the default ad list is being used due to the problems i have been having.

image
image736×200 36.4 KB

12

I'm not following you here. Something that is not blocked is interfering with web content?

13

Sorry for the delayed response.
I suppose so, though i am not 100% certain. These events have been happening for a while now. Other websites that will not load while behind pihole include:

  1. twitch.tv - when it does load the browser forces me to an HTTP connection?
  2. google play store updates on mobile devices
  3. google based apps, youtube, play store
  4. google.com - intermittently when the problem arises it says HTTPS is not available and requires me to go to a HTTP version
  5. apple app store updates
  6. mobile device connectivity check issues, our mobile devices will periodically report " no internet available" then goes back to normal sometime later.
  7. i.redd.it does not consistently load on pc or mobile platforms

I have all the required sites unblocked per the mega thread: Commonly Whitelisted Domains
the difficult problem is that the sites getting an NS_Binding error do not happen consistently, could this be caused by using a recursive DNS like unbound?

Moreover, i have notcied strange behavior from the pihole -t it will continually run show this. most of those IPs in the 192.168.X.X are not even used:

image
image664×790 140 KB

Again thank you for any and all advice!

14

I want to add that within the above configuration I am not no longer able to access plex.tv, gmail, or monoprice.com. I have not changed anything. Any advice is always welcome.

15

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.