Pihole incorrectly returning 0.0.0.0?

js290 · May 11, 2022, 4:10pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

[Domain go.advantaira.com should not return 0.0.0.0]

Actual Behaviour:

[go.advantaira.com has address 0.0.0.0]

Debug Token:

[https://tricorder.pi-hole.net/17nES6dw/]

Bucking_Horn · May 11, 2022, 6:44pm

Your observation is expected.

0.0.0.0 would suggest that go.advantaira.com is blocked by Pi-hole, as that would be the default answer for a blocked domain. And indeed, until recently, that domain would be blocked by Pi-hole's default blocklist.

Use Tools | Search Adlists to find out which of your blocklists would contain that domain.

js290 · May 11, 2022, 7:22pm

Yeah, looks like the version of Steven Black's list that's in my pihole has it. But, the latest one does not. I ran updateGravity and restartdns, but it's still returning 0.0.0.0.

jfb · May 11, 2022, 7:28pm

What is the output of the following from the Pi terminal:

pihole -q go.advantaira.com

Bucking_Horn · May 11, 2022, 7:47pm

You are correct: That specific domain reportedly has been removed from Steven Black's Unified blocklist by May 6, 2022.
However, my Pi-hole was last updated on May 8, and it still contained it today.

I've done the same as you, and running a gravity update right now fixed it for me.

The most likely explanation would be that the downloaded list does still contain it (perhaps as cached by some mirror or proxy involved?).

js290 · May 11, 2022, 8:54pm

pi@raspberrypi:~ $ pihole -q go.advantaira.com
  [i] No results found for go.advantaira.com within the adlists

jfb · May 12, 2022, 2:51pm

This output indicates that the domain is not in any of your adlists, blacklist or whitelist.

What is the output of the following from the Pi terminal:

nslookup go.advantaira.com 127.0.0.1

js290 · May 12, 2022, 6:08pm

pi@raspberrypi:~ $ nslookup go.advantaira.com 127.0.0.1
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	go.advantaira.com
Address: 0.0.0.0
Name:	go.advantaira.com
Address: ::

yubiuser · May 12, 2022, 7:46pm

Your output shows that Pi-hole is still blocking the domain. As it is not an any adlist right now, it's usually a CNAME which is blocked. Make sure none of the CNAMES are on your adlist or are all whitelisted

chrko@ThinkPad-X230:~$ dig go.advantaira.com @8.8.8.8

; <<>> DiG 9.19.0-1+ubuntu18.04.1+isc+2-Ubuntu <<>> go.advantaira.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17609
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;go.advantaira.com.		IN	A

;; ANSWER SECTION:
go.advantaira.com.	1800	IN	CNAME	go.pardot.com.
go.pardot.com.		7200	IN	CNAME	pi.pardot.com.
pi.pardot.com.		300	IN	CNAME	pi-ue1.pardot.com.
pi-ue1.pardot.com.	30	IN	CNAME	pi.u.t.pardot.com.
pi.u.t.pardot.com.	30	IN	CNAME	pi-ue1-lba6.pardot.com.
pi-ue1-lba6.pardot.com.	900	IN	A	18.232.28.189

yubiuser · May 12, 2022, 7:49pm

Depending on your adlists, results may vary

rockpi@rockpi-4b:~$ pihole -q go.advantaira.com
  [i] No results found for go.advantaira.com within the block lists
rockpi@rockpi-4b:~$ pihole -q go.pardot.com
 Match found in https://raw.githubusercontent.com/r-a-y/mobile-hosts/master/EasyPrivacySpecific.txt:
   go.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   debug-go.pardot.com
   go.pardot.com
rockpi@rockpi-4b:~$ pihole -q pi.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   internal-pi.pardot.com
   pi.pardot.com
 Match found in https://raw.githubusercontent.com/blocklistproject/Lists/master/tracking.txt:
   pi.pardot.com
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   pi.pardot.com
rockpi@rockpi-4b:~$ pihole -q pi-ue1.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   pi-ue1.pardot.com
rockpi@rockpi-4b:~$ pihole -q pi.u.t.pardot.com
  [i] No results found for pi.u.t.pardot.com within the block lists
rockpi@rockpi-4b:~$ pihole -q pi-ue1-lba6.pardot.com
 Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   pi-ue1-lba6.pardot.com
rockpi@rockpi-4b:~$

jfb · May 13, 2022, 2:23am

Look in the dnsmasq log at /var/log/pihole.log and see what replies were shown for this transaction.

js290 · May 13, 2022, 2:35am

pi@raspberrypi:~ $ pihole -q pi.pardot.com
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   pi.pardot.com

@jfb unfortunately I have logging disabled. But, it looks like it's the CNAME getting blocked as @yubiuser pointed out.

system · June 3, 2022, 2:35am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.