PiHole Blocking WhileListed websites with all AdLists disabled

CDAutom8 · February 6, 2023, 8:12pm

Expected Behaviour:

websites such as www.reddit.com are not resolving.

The following are added to the white list as regex whitelist entries:
www.reddit.com$
www.rereddit.com$

Only default AdList is installed and is currently disabled.

PiHole is running off a Proxmox Container on Ubuntu 22.10 Standard.

Actual Behaviour:

No queries are shown as blocked.
Reviewing /var/log/pihole.log shows:
Feb 6 20:01:03 dnsmasq[1379]: query[A] styles.redditmedia.com from
Feb 6 20:01:03 dnsmasq[1376]: forwarded www.reddit.com to 1.0.0.1
Feb 6 20:01:03 dnsmasq[1376]: reply www.reddit.com is NXDOMAIN
Feb 6 20:01:03 dnsmasq[1379]: forwarded styles.redditmedia.com to 1.0.0.1
Feb 6 20:01:03 dnsmasq[1379]: reply styles.redditmedia.com is NXDOMAIN
Feb 6 20:01:03 dnsmasq[1380]: query[A] www.reddit.com from
Feb 6 20:01:03 dnsmasq[1380]: forwarded www.reddit.com to 1.0.0.1
Feb 6 20:01:03 dnsmasq[1380]: reply www.reddit.com is NXDOMAIN
Feb 6 20:01:03 dnsmasq[1381]: query[HTTPS] www.reddit.com from
Feb 6 20:01:03 dnsmasq[1377]: forwarded styles.redditmedia.com to 1.0.0.1
Feb 6 20:01:03 dnsmasq[1377]: reply styles.redditmedia.com is NXDOMAIN
Feb 6 20:01:03 dnsmasq[1378]: forwarded www.reddit.com to 1.0.0.1
Feb 6 20:01:03 dnsmasq[1378]: reply www.reddit.com is NXDOMAIN
Feb 6 20:01:03 dnsmasq[1381]: forwarded www.reddit.com to 1.0.0.1
Feb 6 20:01:03 dnsmasq[1381]: reply www.reddit.com is NXDOMAIN
Feb 6 20:01:04 dnsmasq[1382]: query[A] www.reddit.com from
Feb 6 20:01:04 dnsmasq[1383]: query[HTTPS] www.reddit.com from
Feb 6 20:01:04 dnsmasq[1382]: forwarded www.reddit.com to 1.0.0.1
Feb 6 20:01:04 dnsmasq[1382]: reply www.reddit.com is NXDOMAIN
Feb 6 20:01:04 dnsmasq[1383]: forwarded www.reddit.com to 1.0.0.1
Feb 6 20:01:04 dnsmasq[1383]: reply www.reddit.com is NXDOMAIN

Debug Token:

https://tricorder.pi-hole.net/sywmbF9P/

DanSchaper · February 6, 2023, 8:49pm

Your upstream server at 1.0.0.1 is blocking the domains. Might be filtering being applied there.

CDAutom8 · February 6, 2023, 9:08pm

Appreciate the follow up.

That makes a bit more sense as nothing shows blocked in PiHole.

What I don't understand is if I setup things so I don't point at my PiHole and use the same DNS (1.0.0.1) it will resolve that webpage...

Here is the settings on that adapter:

Ethernet adapter vEthernet (My Bridged Switch):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : (Preferred)
IPv4 Address. . . . . . . . . . . : (Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : February 6, 2023 2:03:38 PM
Lease Expires . . . . . . . . . . : February 7, 2023 2:03:38 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 408215981
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-07-30-F5-88-B1-11-5A-7C-24
DNS Servers . . . . . . . . . . . : 1.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

And here is it resolving www.reddit.com

ping www.reddit.com

Pinging reddit.map.fastly.net [151.101.193.140] with 32 bytes of data:
Reply from 151.101.193.140: bytes=32 time=36ms TTL=59
Reply from 151.101.193.140: bytes=32 time=33ms TTL=59
Reply from 151.101.193.140: bytes=32 time=34ms TTL=59
Reply from 151.101.193.140: bytes=32 time=34ms TTL=59

tracert www.reddit.com

Tracing route to reddit.map.fastly.net [151.101.129.140]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms
2 2 ms 1 ms 1 ms 10.0.0.1
3 9 ms 10 ms 11 ms 174.0.32.1
4 11 ms 10 ms 11 ms rc3no-be121-1.cg.shawcable.net [64.59.133.165]
5 12 ms 10 ms 11 ms 24.244.57.137
6 10 ms 11 ms 8 ms rc3so-be214.cg.shawcable.net [24.244.57.21]
7 32 ms 34 ms 32 ms rc1wt-be82.wa.shawcable.net [66.163.76.9]
8 * * * Request timed out.
9 34 ms 32 ms 33 ms 151.101.129.140

Trace complete.

chrislph · February 6, 2023, 10:21pm

From the Pi-hole terminal try the same lookup via Pi-hole (which is sending to 1.0.0.1) and 1.0.0.1 directly. Also try a known blocked domain. Any differences between them all? Via Pi-hole (localhost):

$ dig +short reddit.com @127.0.0.1
$ dig +short flurry.com @127.0.0.1

Does that return IPs and does it then show in the Query Log? And then via Cloudflare:

$ dig +short reddit.com @1.0.0.1

Does that return IPs or all zeroes?

CDAutom8 · February 6, 2023, 10:52pm

flurry appears to work. Both commands for reddit.com returns nothing. I also tried via different DNSes (8.8.8.8, 8.8.4.4, etc.). All the same.

I did figure out the issue though. I run a few VLANs some of which have content filtering. So what was happening is the PiHole lives in an Network Management VLAN which has stricter content filtering than other VLANs, as the DNS request is sent into PiHole onto Network Management VLAN and then it is forwarded on it appears to originate from that VLAN and is then filtered.

To fix this I have changed the content filter to whitelist the PiHole.

Really appreciate all the support.

system · February 28, 2023, 6:31pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.