Regex not working in latest FTLDNS beta

sn2411 · July 30, 2018, 1:08am

Expected Behaviour:

Regex entered into /etc/pihole/regex.list should be blocked accordingly.

Actual Behaviour:

Upon adding a wildcard block via terminal, i.e. pihole --wild example.com, this happens:

[i] Adding ((^)|(.))example.com$ to regex list...

[i] Using cached Event Horizon list...
[i] 855514 unique domains trapped in the Event Horizon
[i] Number of blacklisted domains: 0
[i] Number of regex filters: 0

[✓] Restarting DNS service
[✓] DNS service is running
[✓] Pi-hole blocking is Enabled

And example.com is still not blocked, neither is example.example.com

Adding sites via webui does not wildcard block as well.

Do note the line "Number of regex filters: 0"; I have 245 lines in the regex.list

Debug Token:

ku1cnwaeor

jfb · July 30, 2018, 1:15am

Try ((^)|(\.))example\.com$

That's the regex that blocks that domain for me. Similar for the .net and .org domains of same.

Are you on the Release 4.0 branch, not the beta FTLDNS, since the 4.0 has this feature.

sn2411 · July 30, 2018, 1:26am

This a screenshot of the webui, still no luck with wildcard blocking example.com.

I've used these instructions to update from master branch though
echo "FTLDNS" | sudo tee /etc/pihole/ftlbranch
pihole checkout core FTLDNS
pihole checkout web FTLDNS
Hence I suspect I'm on the beta FTLDNS branch rather than Release 4.0.

jfb · July 30, 2018, 2:02am

Let's move you over to the Release 4.0 branch, which has had a lot of development recently. This includes all of the beta FTLDNS plus quite a bit more.

echo release/v4.0 | sudo tee /etc/pihole/ftlbranch 
pihole checkout core release/v4.0 
pihole checkout web release/v4.0

sn2411 · July 30, 2018, 2:37am

Still no luck, this is the output after executing pihole --wild example.com

[i] Adding ((^)|(\.))example\.com$ to regex list...

[i] Using cached Event Horizon list...
[i] 855756 unique domains trapped in the Event Horizon
[i] Number of blacklisted domains: 0
[i] Number of regex filters: 0

[✓] Restarting DNS service
[✓] DNS service is running
[✓] Pi-hole blocking is Enabled

After executing 'sudo service pihole-FTL restart', here are the results of dig example.com

; <<>> DiG 9.10.3-P4-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 879
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
example.com. 82158 IN A 93.184.216.34

;; AUTHORITY SECTION:
example.com. 82157 IN NS b.iana-servers.net.
example.com. 82157 IN NS a.iana-servers.net.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 30 10:27:26 +08 2018
;; MSG SIZE rcvd: 104

Hence, it seems like even though ((^)|(.))example.com$ is in /etc/pihole/regex.list, somehow, it isn't being used.

Edit: to clarify, I've moved over to the Release 4.0 branch.

jfb · July 30, 2018, 2:47am

Ok. The devs will probably need to look at this.

jfb · July 30, 2018, 2:57am

Please paste the contents of your regex.list.

sn2411 · July 30, 2018, 3:10am

I've removed my existing wildcard list and inserted these lines only for testing purposes:

((^)|(\.))yahoo\.com$
((^)|(\.))example\.com$

Both sites can still be accessed normally after executing 'sudo service pihole-FTL restart' and clearing the DNS cache on my Windows machine.

jfb · July 30, 2018, 3:43am

Are those lines the full contents of your "regex.list" file now?

sn2411 · July 30, 2018, 3:44am

Yes, those lines are the full contents.

jfb · July 30, 2018, 3:52am

Please upload a new post-4.0 debug log and paste the token.

sn2411 · July 30, 2018, 3:55am

Here's the new token: s6u9uksc0e

jfb · July 30, 2018, 3:59am

Have you tried entering these command to the blacklist in the admin web interface, or was this only done through the pihole command line? If you haven't tried, please try to enter the "example" regex in the web api and report results.

sn2411 · July 30, 2018, 4:06am

Entered ((^)|(.))forbes.com$ into the webui and clicked "Add (regex)".

/etc/pihole/regex.list now contains

((^)|(\.))yahoo\.com$
((^)|(\.))example\.com$
((^)|(\.))forbes\.com$

as expected.

However, forbes.com is still not blocked, both before & after executing "sudo service pihole-FTL restart" and clearing DNS cache.

jfb · July 30, 2018, 4:17am

And the previous two domains on the list are also not blocked either? (Just gathering some information for the dev who will be looking at this).

sn2411 · July 30, 2018, 4:19am

Nope, all 3 domains on the regex list are not blocked.

DL6ER · July 30, 2018, 8:12am

What is the output of

dig chaos txt version.bind +short

?

sn2411 · July 30, 2018, 8:20am

It's dnsmasq-pi-hole-2.79

DL6ER · July 30, 2018, 8:24am

Okay, try using the regex debug mode as described here.

Then, what's the putput of

dig example.com

and thereafter

tail /var/log/pihole-FTL.log
tail /var/log/pihole.log

?