[PSA] Having Whitelisting issues with 3.3? Read here

PromoFaux · February 21, 2018, 12:06am

Hi All,

After a few days of pulling out our hair and troubleshooting this whitelisting issue that some of you have reported, we're finally getting to the bottom of it.

The good news is, whitelisting is not completely broken. You can still whitelist domains from the cli with no issues by calling pihole -w [domain-to-whitelist]. The issue only affects whitelisting from the admin page (whitelist page, query log, and block page)

Take a look over this pull request where I've attempted to explain what is going on. Though, we're a bit confused ourselves, and any insight from the community would be greatly appreciated!

There are a couple of options, we can either revert the change that broke it, or use the fix in the above pull request. Whichever way we go, rest assured that we are working hard internally to make sure that we have the bug well and truly squashed, and will try to get a fix out as soon as we can (and really, take that soon in the Blizzard sense of the word).

In the mean time, do not attempt to whitelist from the web admin, it wont work... apologies for any inconvenience this causes.

In Other news, we have updated the release blog post to include instructions on how you may possibly be able to update your version of dnsmasq to be able to update to Pi-hole 3.3

pdhenry · February 21, 2018, 2:52am

Another observation is that if you've previously attempted to use the web admin pages to whitelist a page, trying to use the command line method will (appear to) fail; the process returns that there's nothing to do because it's already in the whitelist. I removed the entry in the web admin whitelist and tried the command line again and this was successful and the whitelisted webpage was accessible by network clients.

JamborJan · February 21, 2018, 10:12am

Just in case it helps anybody: when I realised whitelisting doesn't work, I updated all the lists via the admin interface. It took a long time and the web ui seemed to be stuck but after a while it worked again and the whitlisting was properly done then.

frankrpi3 · February 21, 2018, 10:53am

In the mean time, do not attempt to whitelist from the web admin, it wont work… apologies for any inconvenience this causes.

No problems here with pi-hole v3.3 on Rpi3 / Stretch and whitelisting via admin panel.
Maybe not for all users ?

Frank

Mcat12 · February 22, 2018, 9:01pm

It depends upon the locale of the system, so not all users will see the bug.

johna777 · February 24, 2018, 5:20pm

Ditto here, I think. The whitelist via web admin seems to work. But syslog has an error: comm file 1 is not in sorted order. I was just adding a single domain to the whitelist though. Interestingly, I tried applying the suggested code change: export LC_ALL=C at the top of gravity.sh. This is suppose to fix the collating sequence issue with sort. (UTF-8 vs ASCII??) But I still got the comm error message in syslog. I'm on Rpi3 Jessie, with V2.76 of dnsmasq flagged as manually installed in APT, although I don't remember doing that.

Mcat12 · February 26, 2018, 2:33pm

This error will be fixed in the next release.

PromoFaux · February 26, 2018, 2:40pm

You may also need to clear out the lists in /etc/pihole with sudo rm /etc/pihole/list* (this wont affect your white or blacklist)

johna777 · February 26, 2018, 4:33pm

Sorry. still getting "comm: file 1 is not in sorted order" after removing and recreating the /etc/pihole/list* but I think I will simply wait until the next release. Thanks for the idea though.

jacob.salmela · February 28, 2018, 12:35am

FWIW, this is the fix that will be in the next release:

github.com/pi-hole/pi-hole

Specifty `LC_ALL=C` when dealing with sorted lists.

pi-hole:development ← pi-hole:fix/AlternativeWhitelistFromWebFix

opened 11:25AM - 21 Feb 18 UTC

PromoFaux

+2 -0

**By submitting this pull request, I confirm the following:** *please fill any… appropriate checkboxes, e.g: [X]* - [x] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template. - [x] I have made only one major change in my proposed changes. - [x] I have commented my proposed changes within the code. - [x] I have tested my proposed changes, and have included unit tests where possible. - [x] I am willing to help maintain this change if there are issues with it later. - [x] I give this submission freely and claim no ownership. - [x] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) - [x] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) Please make sure you [Sign Off](https://github.com/pi-hole/pi-hole/wiki/How-to-signoff-your-commits.) all commits. Pi-hole enforces the [DCO](https://github.com/pi-hole/pi-hole/wiki/Contributing-to-the-project). --- **What does this PR aim to accomplish?:** An alternative to #1995, without the overhead of re-sorting `list.preEventHorizon` when comparing it to the whitelist **How does this PR accomplish the above?:** `export LC_ALL=C` at the top of the script to ensure `user` locales don't mess thigns up! **What documentation changes (if any) are needed to support this PR?:** None --- * You must follow the template instructions. Failure to do so will result in your pull request being closed. * Please respect that Pi-hole is developed by volunteers, who can only reply in their spare time.

exhibitO · March 12, 2018, 3:01pm

Can we update now to a beta that fixes it? What is the solution before new release?

jacob.salmela · March 13, 2018, 12:08am

The fix @PromoFaux mentioned above is merged into development now, so you can pihole checkout development if you want. You may run into other issues though since development is our building ground for improving the software, but you'll see the disclaimer when you run the command .

sousstudio · April 2, 2018, 10:15am

Hey everyone!

Tried adding export LC_ALL=C to gravity.sh (both actually, in .pihole and opt), restarting, no success. Domain is whitelisted, yet it's processing acting like it's not (returning pihole's IP instead of actual IP).

Any other ideas?

Domain in question: clck.yandex.ru
Reason to whitelist: after processing payment, the system (Yandex) returns page via clck.yandex.ru. Without it one can hardly know if his payment went successful.

nero355 · April 3, 2018, 7:49pm

A while back I had to reboot the Pi running Pi-Hole to make sure the website was whitelisted!
One website worked immediately but the second one didn't and after the reboot everything was fine... weird but it worked

PromoFaux · April 3, 2018, 8:42pm

This is (should be!) now resolved with the release of 3.3.1.

A reminder of that announcement post here:

https://discourse.pi-hole.net/t/psa-bugfix-release-3-3-1-for-pi-hole-core-read-before-running-pihole-up/8207/2