Pihole blocking ui.com (unifi) even when added to whitelist

Please follow the below template, it will help us to help you!

Expected Behaviour:

when dns sec turned on and dns upstream set to opendns or cloudfare for families ui.com and subdomains should resolve. I should not have to whitelist.

Actual Behaviour:

All ui.com and subdomains dont resolve when the dns sec is turned on and I try to use either opendns or cloudfare for families. I even tried to whitelist the entire domain which didnt work. I know its the pihole as when I configure the ip manually on the client for dns resolution it works. If I uncheck "use dnssec" it also works. All other websites work.

Debug Token:

https://tricorder.pi-hole.net/LwwymPxi/

What do you see in the Query Log table?
What is the status when this domain is blocked?

FWIW, both ui.com, and community.ui.com work in my setup using Cloudflare/Quad9 with DNSSEC enabled, and no specific whitelist entry.

1 Like

Hello - I see this. I can repeat this behaviour reliably every time:

the red scribbled over part is the internal IP address of the client.

When I turn "use dnssec" off I get the following:

Notably in the second example - the red scribbled over part it doesnt show the ip address, it shows the hostname. Not sure if this is a clue. This is bizarre as no other websites are blocked. It also doesnt matter who the upstream dns resolver is (cisco family or cloudfare).

gentle ^^bump^^

ok no update, no solution but thats ok as my assumption is that when I turn on dnssec it must cause some issue to that domain with that isp from my setup. It's repeatable so i assume its using dnssec anyway as that dns supports it and maybe trying to force it may be the problem.

Pi-hole isn't blocking anything here.

Your screenshots show that Pi-hole has forwarded requests for ww.ui.com to 1.1.1.1, but DNSSEC validation failed because the NSEC(3) record was missing, so the corresponding reply (if any) would have been discarded.

Run from your machine hosting Pi-hole, what's the result of:

delv +rtrace www.ui.com @1.1.1.1

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.