Pihole Blocking user login Validation request/submissions on websites

This one is a bit bizarre but have done a lot of testing and determined that when Pihole is enabled the issue occurs, but when bypassing pihole or disabling pihole the issue goes away... not sure if there is some mechanism to overcome of it it is software.

We have a web application (Cloud based PBX) that maintains a record of a users login details such as the browser that was used to last login with, and other info like the PC details etc in order to help detect potential security attacks.
If the user logins from a different browser (as an example Firefox) and the last browser was for instance Chrome(ium), the server determines that the login is unrecognized and sends them to a page where they need to request that a validation code is sent to their email.
However when they try and enter the code into the validation box, the server responds that the code is not recognized. You can repeat the process with the same result. This is where the issue is.
If I change DNS servers and set the same upstream DNS directly on the PC (OpenDNS in this case), and repeat the process everything works fine.
I also found that if I continue to use the pihole DNS but disable Pihole blocking, the issue goes away as well... however only if you disable it before connecting to the remote server. If you have already initiated the first login, and then disable pi-hole it won't take effect until the browser is closed and re-opened. (Does this suggest that somehow pihole embeds something in a query response to the browser itself or that is being cached somewhere)
Looking through the DNS logs from PC IP to the remote FQDN all queries have been permitted.

Any suggestions or help would be appreciated.


I figured it out.. buried in a DNS lookup was am entry for "mpsnare.iesnare.com" which while it used for multiple purposes one of which is security driven, it is marked by pihole as gravity and was blocking the request. Whitelisting that resolved the problem.
As the DNS name was completely unrelated to the URL being connected to I didn't realize it was related.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.