Pi-hole Version v4.3.2 Web Interface Version v4.3.2 FTL Version v4.3.1
using the regex list from @mmotti, which contains
^track(ers?|ing)?[0-9]*[-.]
however, in the pihole log, I find tracker.coppersurfer.tk (forwarded to unbound)
Jan 8 09:42:52 dnsmasq[23277]: query[TXT] tracker.coppersurfer.tk from 192.168.2.227
Jan 8 09:42:52 dnsmasq[23277]: forwarded tracker.coppersurfer.tk to 127.10.10.2
Jan 8 09:42:52 dnsmasq[23277]: forwarded tracker.coppersurfer.tk to fdaa:bbcc:ddee:2::5552
Jan 8 09:42:56 dnsmasq[23277]: query[TXT] tracker.coppersurfer.tk from 192.168.2.227
Jan 8 09:42:56 dnsmasq[23277]: forwarded tracker.coppersurfer.tk to 127.10.10.2
Jan 8 09:42:56 dnsmasq[23277]: forwarded tracker.coppersurfer.tk to fdaa:bbcc:ddee:2::5552
and in the unbound log, I find
Jan 08 09:42:49 unbound[5655:2] info: resolving tracker.coppersurfer.tk. TXT IN
because I also use SURICATA on my firewall (pfsense), unbound never gets a response (which is what I want)
but the question remains, why was it forwarded by pihole in the first place?, the manual says:
^abc
matches any domain starting (^) in "abc" like abcdomain.com, abc.domain.com but not def.abc.com
Does this have something to do with query[TXT]?
edit
when I simply dig the domain, I get the expected result (0.0.0.0)
dig tracker.coppersurfer.tk
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> tracker.coppersurfer.tk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42590
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tracker.coppersurfer.tk. IN A
;; ANSWER SECTION:
tracker.coppersurfer.tk. 2 IN A 0.0.0.0
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 09 11:12:31 CET 2020
;; MSG SIZE rcvd: 68
/edit
Thank you for your time and effort.