Pihole not blocking some domains in Adlists

Hi everyone

Expected Behaviour:

I was testing my Pihole installation, doing some Nslookups to verify if it was working as expected, when I discovered that the domain ads-api.tiktok.com was resolving to its IP address when it was supposed to return 0.0.0.0.

C:\Users\marci>nslookup ads-api.tiktok.com
Servidor:  pi.hole
Address:  192.168.2.20

Não é resposta autoritativa:
Nome:    e35058.api5.akamaiedge.net
Addresses:  2.17.162.176
          2.17.162.168
          2.17.162.173
Aliases:  ads-api.tiktok.com
          ads-api.tiktok.com.edgekey.net

I did a pihole -q ads-api.tiktok.com, and the domain is currently on a list.

 Match found in https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/domains/ultimate.txt:
   ads-api.tiktok.com

Despite being in the above list, Pihole is resolving the domain. I blacklisted the domain manually in the Query Log, and then I rerun the Nslookup.

C:\Users\marci>nslookup ads-api.tiktok.com
Servidor:  pi.hole
Address:  192.168.2.20

Nome:    ads-api.tiktok.com
Addresses:  ::
          0.0.0.0

I noticed that some domains that are on my lists are blocked, e.g. (ads.google.com), and some are not blocked as the following:

C:\Users\marci>nslookup ads.google.com
Servidor:  pi.hole
Address:  192.168.2.20

Nome:    ads.google.com
Addresses:  ::
          0.0.0.0
C:\Users\marci>nslookup edge.ads.twitch.tv
Servidor:  pi.hole
Address:  192.168.2.20

Não é resposta autoritativa:
Nome:    edge.ads.twitch.tv
Addresses:  65.8.214.91
          65.8.214.62
          65.8.214.71
          65.8.214.114

To make sure, I searched for the domain edge.ads.twitch.tv on my lists, and it is there but not being blocked.

Exact matches for edge.ads.twitch.tv found in:
 - https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/domains/ultimate.txt

Any suggestion would be very appreciated.

-operating system
Raspi 12 (bookworm)

Actual Behaviour:

Some domains in Adlists are not blocked.

Thanks,

Marcio

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

https://tricorder.pi-hole.net/2IJb49Nw/

You disabled the adlist (enabled=0 means diasbled):

*** [ DIAGNOSING ]: Adlists
   id     enabled  group_ids     address                                                                                               date_added           date_modified        comment                                           
   -----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  ------------------- 
   (...)
   9         0     1             https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/domains/ultimate.txt          2025-01-21 16:38:46  2025-01-21 19:39:09  HAGEZI - Domains          

The other lists are all enabled. Only this one is disabled.

Enable your the list and run pihole -g again.

I enabled the list and disabled the blacklist to ads-api.tiktok to test, and still not blocking the domain.

C:\Users\marci>nslookup ads-api.tiktok.com
Servidor:  pi.hole
Address:  192.168.2.20

Não é resposta autoritativa:
Nome:    e35058.api5.akamaiedge.net
Addresses:  2.17.162.176
          2.17.162.173
Aliases:  ads-api.tiktok.com
          ads-api.tiktok.com.edgekey.net

Besides that, the domain appears in two of my lists, but it's not being blocked.

Match found in https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/adblock/native.tiktok.extended.txt:
  ||ads-api.tiktok.com^
Match found in https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/domains/ultimate.txt:
  ads-api.tiktok.com

That's the main issue I need to understand because I don't have any other DNS on my network. So, Pihole is the sole DNS server, and it was supposed to block that request since the domain is on the list, but it only blocks requests when I explicitly blacklist the domain, adding it manually to the list of blocked domains.

Here is the new token: https://tricorder.pi-hole.net/zYKF9h9X/

Regards.

Not in your current configuration, as documented by your debug log.

For Pi-hole to block a given domain, that domain has to match an active entry from either an active blocklist or a manually created domain entry, and that entry and the requesting client have to share at least one group.

You'd typically create additional groups only if you'd want to filter some clients differently, along with defining clients for the group.
Note that for client-specific filtering to work, clients must talk to Pi-hole directly.

By default, all clients and blocklists are assigned to the default group, and the default blocklist is active, so no further action is required.

Now, you have manually added a single domain, but that domain is inactive:

   id     type  enabled  group_ids     domain
   -----  ----  -------  ------------  -----------------------
   2       1       0     0             ads-api.tiktok.com

As a result, that domain won't be blocked.

You'd have to enable that domain to have your Pi-hole filter it.

You have also created a custom group Add-on and added a bunch of blocklists to that group, including the ones that would match your domain.

However, there are no clients assigned to that group.

As a result, Pi-hole won't block anything from those Add-on lists for any client.

You'd either have to assign those lists to the default group, or create some clients and assign them to the Add-on group.

1 Like

Thank you for the heads up! I removed the additional group I'd created and deleted the two blacklisted domains that I'd added manually. Then I repeated the test for those domains using Nslookup, and now it's working as it was supposed to be working.

C:\Users\marci>nslookup ads-api.tiktok.com
Servidor:  pi.hole
Address:  192.168.2.20

Nome:    ads-api.tiktok.com
Addresses:  ::
          0.0.0.0
C:\Users\marci>nslookup edge.ads.twitch.tv
Servidor:  pi.hole
Address:  192.168.2.20

Nome:    edge.ads.twitch.tv
Addresses:  ::
          0.0.0.0

As you stated, the issue was probably due to the additional group I'd created.

Thank you, sir!