If I go to the Slickdeals website and click on a deal then the "see deal" button, I instead see a full table of all of my network hosts (hostname MAC Description ip)
This is an example of the URL in the URL field, when this happens:
I'm just curious - has anyone else experienced this?
I'm using PiHole 4.2.2 / FTL 4.2.3
I do not see that because the domain is blocked by three of the default block lists:
pihole -q -adlist go.redirectingat.com
Match found in https://hosts-file.net/ad_servers.txt:
go.redirectingat.com
Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
go.redirectingat.com
Match found in http://sysctl.org/cameleon/hosts:
go.redirectingat.com
What is your output from this command: pihole -q -adlist go.redirectingat.com
Thanks for the quick reply, JFB.
pi@PiHole:~ $ pihole -q -adlist go.redirectingat.com
Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
go.redirectingat.com
Match found in http://sysctl.org/cameleon/hosts:
go.redirectingat.com
Match found in https://hosts-file.net/ad_servers.txt:
go.redirectingat.com
Match found in http://sysctl.org/cameleon/hosts:
go.redirectingat.com
Match found in https://hosts-file.net/ad_servers.txt:
go.redirectingat.com
I don't see the domain whitelisted, so it should be in your gravity list. Confirm with this command:
sudo grep go.redirectingat.com /etc/pihole/gravity.list
If it returns as found in gravity, then either your browser has it cached or the request for the domain bypassed Pi-Hole.
Another check is to run this command: sudo grep go.redirectingat.com /var/log/pihole.log | tail -n35
This will show you the query activity for that domain along with the replies. If you don't see queries matching the time when you loaded that domain, then the request did not go through Pi-Hole.
Can you provide a screenshot of what you see?
Bingo. Somehow 'go.redirectingat.com' is being sent to 0.0.0.0 - which gives me the host table.
pi@PiHole:~ $ sudo grep go.redirectingat.com /etc/pihole/gravity.list
go.redirectingat.com
pi@PiHole:~ $ sudo grep go.redirectingat.com /var/log/pihole.log | tail -n35
Mar 7 20:52:28 dnsmasq[736]: query[A] go.redirectingat.com from 192.168.0.10
Mar 7 20:52:28 dnsmasq[736]: /etc/pihole/gravity.list go.redirectingat.com is 0.0.0.0
This is expected, since the domain is being blocked. The default blocking mode for Pi-Hole is NULL, which returns 0.0.0.0 for any blocked domain (not just this one in particular).
Are you seeing the host table with other blocked domains?
Ok - the 0.0.0.0 response makes sense, now.
No - I'm not seeing this behavior with any other blocked domain. This only occurs when I am using the slickdeals.net site, so far. No one else in the house has experienced this (They're on Windows 8 / 10 machines - I am on Ubuntu 16.04.4). Also, I can "reproduce" the effect it by simply typing 0.0.0.0 - the Windows users cannot.
Please post the screen snap of what you see on your browser.
That is not a Pi-hole page. Perhaps your device is interpreting 0.0.0.0 as another device, and that device happens to return that DHCP info.
That's possible, yes I suppose.
I can see the same table, if I type 0.0.0.0 so, it appears you are right - something else on my network is serving this up. I'll check out my pfSense config as I suspect that may be the culprit. You guys have been really great - I sincerely appreciate the help.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
