To resolve dns names to ip and certificates correctly. Examples:
My system:
when trying to go to amazon.com, I get an error in any browser saying it can't find the address. When I look in the log, I see:
This is intermittent...sometimes it resolves correctly, sometimes it doesn't.
Also, I get this with certificate errors...as you can see it resolves to the wrong certificate. If I keep refreshing, it eventually works
TLDR:
Update your gravity and see if that resolves the issue. If that doesn't work then get in touch with whatever lists are blocking d3ag4hukkh62yn.cloudfront.net, you can temporarily whitelist the www.amazon.com domain if that's something you're comfortable with.
My parents reported the same issue to me earlier and I guess it was happing at my home as well so I looked into it and found your post during my search.
It shows that it's being blocked by gravity so that means d3ag4hukkh62yn.cloudfront.net is being blocked.
In your pi-hole GUI you're able to go to Tools -> Search Adlists to find which lists are referencing an address. In my specific case the list that was catching this address was https://v.firebog.net/hosts/RPiList-Phishing.txt.
This list appears to be a parsed/mirror of another list so I checked the GitHub page of the upstream list and sure enough they had reports of the issue. The upstream list had already reverted the change as of August 1 and had removed the cloudfront site.
I believe gravity updates by default only happen once a week so my pihole were still using a version of the list that had the cloudfront site blocked.
By using the search adlists tool you should be able to figure out which lists are blocking the cloudfront site. If it's only the same list as I'm using then you should be good as soon as you manually update gravity, otherwise you may need to contact other lists
Thank you for such an excellent writeup stupendousman! Summarized at the top and detail explanation. You were spot on that it is an issue with firebog and the upstream lists. Have updated Gravity as advised and issue fixed!
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
