SERVFAIL after blacklist with android smartphone

Expected Behaviour:

When trying to access a blocked or blacklisted domain name,
in the Query log, I expect to see in the status column "blocked"

Actual Behaviour:

I see the first attempt as "blocked" the next few attempts appear as SERVFAIL, and they have my local internal domain added to the domain being queried.

As example :
Time Type Domain Client Status Reply Action
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com android.mydomain.intern Blocked (blacklist) - (0.1ms) Whitelist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com android.mydomain.intern Blocked (blacklist) - Whitelist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com android.mydomain.intern Blocked (blacklist) - (0.1ms) Whitelist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com android.mydomain.intern Blocked (blacklist) - (0.1ms) Whitelist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com.mydomain.intern android.mydomain.intern OK (forwarded) SERVFAIL Blacklist
2020-05-18 17:57:41 A graph.instagram.com android.mydomain.intern Blocked (blacklist) - (0.1ms) Whitelist

This seems to happen with domains in my manual blacklist as well as in the "Gravity DB"
It is mostly also the same pattern : 1 entry with blocked, then 3 or 4 entries with SERVFAIL
This only seems to happen with android. I've 3 android phones, they all show the same behavior.
So probably caused by Android, not PiHole, but still, strange (and not so clean in the log)

Installation info :

• new installation
• using Cloudflare as upstream DNS
• Advanced settings :
• • Never forward non-fqdn = yes
• • Never forward reverse lookups for private ip ranges = yes
• • Use DNSSEC = no
• • Conditional forwarding : yes, for my local domain name, to the ip of my pfsense box (fw/dhcp server/...)

Anyone having similar experiences?
Or know how to fix/clean this?

to update : it also happens with linux desktop machines

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.