I'm having an odd issue: when I try to reach a specific website (www.nrk.no specifically) with any browser, it times out.
I can resolve nrk.no if I do an nslookup for it, and see the request in the QueryLogs panel. But when I try to reach it via browser, nothing logs on PiHole
If I change my laptop's DNS to 1.1.1.1 it works.
I have cleared my laptop's cache, browsers cache and restarted the DNS service multiple times on my Pi
I have only the standard AdList at the moment (removed all the custom ones when troubleshooting)
DNS has no concept of websites or ads or other resources like images or scripts.
It's main purpose is to translate a domain name into IP addresses.
As a filtering DNS resolver, Pi-hole isn't aware of whether a given domain block would block an entire website or a single ad. It just will refuse to reply an IP address for a blocked domain.
The steps detailed in the FAQ will help you to find out what domains are involved and would possibly need to be blocked or (in your case) unblocked.
However, I can confirm www.nrk.no is working for me, and I also use Steven Black's hosts blocklist, with no extra whitelisting.
Since this would suggest that your issue isn't likely related to Pi-hole, are you perhaps using some ad-blocking browser extensions that would interfere?
The curious thing is that I have tried to tail the pi log when opening the website and nothing comes up related to nrk.no when attempting to reach the site. If I do an nslookup, I can see the request in the pi log, but trying to navigate the website logs nothing.
I have tried with different browsers (with adblockers disabled and edge which has no adblocking software installed) on my laptop and also different devices (ios) and the behaviour is the same when using pi as DNS: not able to browse the website and nothing in the logs
I have installed the ADAMnetworks extension and this is a list of domain that appear when I visit the page (using 1.1.1.1 as dns):
www.nrk.no
static.nrk.no
gfx.nrk.no
innlogging.nrk.no
psapi.nrk.no
p.lp4.io
static.chartbeat.com
nrkno-ssenotifier.nrk.no
I have whitelisted the entire nrk.no domain and subdomains and whitelisted also lp4.io and chartbeat.com to see if it helped, but it did not.
If I try to visit nrk.no with only PI as DNS the list from ADAMnetworks is:
'nothing in the logs' would mean that none of your browsers is using Pi-hole for DNS (but then I'd expect the site to work).
A browser may by-pass Pi-hole by using DNS-over-HTTPS (DoH), so make sure that's disabled.
For Firefox, that's taken care of by Pi-hole setting the appropriate Firefox canary domain.
For other browsers, verify that DoH is disabled in your browser.
Right. I noticed my laptop had ipv6 turned off, so I enabled it and now I can see this in the log when I try to visit the site:
Nov 8 21:41:32 dnsmasq[3330]: query[AAAA] www.nrk.no from 2001:XXXX:XXXX:0:XXXX:95a4:d683:3e6b
Nov 8 21:41:32 dnsmasq[3330]: forwarded www.nrk.no to 1.1.1.1
Nov 8 21:41:32 dnsmasq[3330]: reply www.nrk.no is NODATA-IPv6
After adding the Cloudflare IPv6 upstream DNS server to my settings I have restarted the DNS resolver and flushed the network table
And it started working:
Nov 8 21:52:53 dnsmasq[4436]: query[AAAA] www.nrk.no from 2001:XXXX:XXXX:0:XXXX:XXXX:XXXX:3e6b
Nov 8 21:52:53 dnsmasq[4436]: cached www.nrk.no is <CNAME>
Nov 8 21:52:53 dnsmasq[4436]: cached www.nrk.no.edgesuite.net is <CNAME>
Nov 8 21:52:53 dnsmasq[4436]: forwarded www.nrk.no to 2606:4700:4700::1111
Nov 8 21:52:53 dnsmasq[4436]: reply www.nrk.no is <CNAME>
Nov 8 21:52:53 dnsmasq[4436]: reply www.nrk.no.edgesuite.net is <CNAME>
Nov 8 21:52:53 dnsmasq[4436]: reply a390.dscr.akamai.net is 2a02:26f0:4300::1724:4cda
Nov 8 21:52:53 dnsmasq[4436]: reply a390.dscr.akamai.net is 2a02:26f0:4300::1724:4d23
Nov 8 21:52:53 dnsmasq[4436]: query[A] a390.dscr.akamai.net from 2001:4651:39aa:0:9458:95a4:d683:3e6b
Nov 8 21:52:53 dnsmasq[4436]: forwarded a390.dscr.akamai.net to 2606:4700:4700::1111
Nov 8 21:52:53 dnsmasq[4436]: reply a390.dscr.akamai.net is 23.36.76.90
Nov 8 21:52:53 dnsmasq[4436]: reply a390.dscr.akamai.net is 23.36.76.162
Nov 8 21:52:53 dnsmasq[4436]: query[AAAA] a390.dscr.akamai.net from 2001:4651:39aa:0:9458:95a4:d683:3e6b
Nov 8 21:52:53 dnsmasq[4436]: cached a390.dscr.akamai.net is 2a02:26f0:4300::1724:4d23
Nov 8 21:52:53 dnsmasq[4436]: cached a390.dscr.akamai.net is 2a02:26f0:4300::1724:4cda
Nov 8 21:52:53 dnsmasq[4436]: query[A] incoming.telemetry.mozilla.org from 2001:4651:39aa:0:9458:95a4:d683:3e6b
Nov 8 21:52:53 dnsmasq[4436]: gravity blocked incoming.telemetry.mozilla.org is 0.0.0.0
Thanks for the help and this great piece of software
Adding Cloudflare's IPv6 address (or any other IPv6) to its IPv4 (1.1.1.1) hasn't any bearing on DNS resolution. Both 1.1.1.1 and 2606:4700:4700::1111 would return IPv4 as well as IPv6 addresses for www.nrk.no (as any public resolver would be expected to).
Whatever made your client work as expected, adding an IPv6 upstream to Pi-hole should not have contributed to it.
Those lines are strange, as 1.1.1.1 returns a set of IPv6 addresses for AAAA queries: