Pihole incorrectly returning 0.0.0.0?

Please follow the below template, it will help us to help you!

Expected Behaviour:

[Domain go.advantaira.com should not return 0.0.0.0]

Actual Behaviour:

[go.advantaira.com has address 0.0.0.0]

Debug Token:

[https://tricorder.pi-hole.net/17nES6dw/]

Your observation is expected.

0.0.0.0 would suggest that go.advantaira.com is blocked by Pi-hole, as that would be the default answer for a blocked domain. And indeed, until recently, that domain would be blocked by Pi-hole's default blocklist.

Use Tools | Search Adlists to find out which of your blocklists would contain that domain.

1 Like

Yeah, looks like the version of Steven Black's list that's in my pihole has it. But, the latest one does not. I ran updateGravity and restartdns, but it's still returning 0.0.0.0.

What is the output of the following from the Pi terminal:

pihole -q go.advantaira.com

You are correct: That specific domain reportedly has been removed from Steven Black's Unified blocklist by May 6, 2022.
However, my Pi-hole was last updated on May 8, and it still contained it today.

I've done the same as you, and running a gravity update right now fixed it for me.

The most likely explanation would be that the downloaded list does still contain it (perhaps as cached by some mirror or proxy involved?).

pi@raspberrypi:~ $ pihole -q go.advantaira.com
  [i] No results found for go.advantaira.com within the adlists

This output indicates that the domain is not in any of your adlists, blacklist or whitelist.

What is the output of the following from the Pi terminal:

nslookup go.advantaira.com 127.0.0.1

pi@raspberrypi:~ $ nslookup go.advantaira.com 127.0.0.1
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	go.advantaira.com
Address: 0.0.0.0
Name:	go.advantaira.com
Address: ::

Your output shows that Pi-hole is still blocking the domain. As it is not an any adlist right now, it's usually a CNAME which is blocked. Make sure none of the CNAMES are on your adlist or are all whitelisted

chrko@ThinkPad-X230:~$ dig go.advantaira.com @8.8.8.8

; <<>> DiG 9.19.0-1+ubuntu18.04.1+isc+2-Ubuntu <<>> go.advantaira.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17609
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;go.advantaira.com.		IN	A

;; ANSWER SECTION:
go.advantaira.com.	1800	IN	CNAME	go.pardot.com.
go.pardot.com.		7200	IN	CNAME	pi.pardot.com.
pi.pardot.com.		300	IN	CNAME	pi-ue1.pardot.com.
pi-ue1.pardot.com.	30	IN	CNAME	pi.u.t.pardot.com.
pi.u.t.pardot.com.	30	IN	CNAME	pi-ue1-lba6.pardot.com.
pi-ue1-lba6.pardot.com.	900	IN	A	18.232.28.189

Depending on your adlists, results may vary

rockpi@rockpi-4b:~$ pihole -q go.advantaira.com
  [i] No results found for go.advantaira.com within the block lists
rockpi@rockpi-4b:~$ pihole -q go.pardot.com
 Match found in https://raw.githubusercontent.com/r-a-y/mobile-hosts/master/EasyPrivacySpecific.txt:
   go.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   debug-go.pardot.com
   go.pardot.com
rockpi@rockpi-4b:~$ pihole -q pi.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   internal-pi.pardot.com
   pi.pardot.com
 Match found in https://raw.githubusercontent.com/blocklistproject/Lists/master/tracking.txt:
   pi.pardot.com
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   pi.pardot.com
rockpi@rockpi-4b:~$ pihole -q pi-ue1.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   pi-ue1.pardot.com
rockpi@rockpi-4b:~$ pihole -q pi.u.t.pardot.com
  [i] No results found for pi.u.t.pardot.com within the block lists
rockpi@rockpi-4b:~$ pihole -q pi-ue1-lba6.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   pi-ue1-lba6.pardot.com
rockpi@rockpi-4b:~$ 
1 Like

Look in the dnsmasq log at /var/log/pihole.log and see what replies were shown for this transaction.

pi@raspberrypi:~ $ pihole -q pi.pardot.com
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   pi.pardot.com

@jfb unfortunately I have logging disabled. But, it looks like it's the CNAME getting blocked as @yubiuser pointed out.