I've noticed that my Pi-Hole is permitting some domains that are normally blocked....they are just appended with .local
What is this?
Here is a related thread that may be of interest:
Thanks.
I had a quick look at this following some Google foo.
But, what I think is different is that the domain with .local at the end is not blocked, whereas the one without is blocked?
That's because domain.com.local is a different domain than domain.com.
If domain.com is on your/a blocklist it will be blocked.
domain.com.local will not be blocked, but your client will receive a "NXDOMAIN" because it doesn't exist, hence no connection will be established and you have nothing to worry. 
Yeah I understand that, just not why or where the .local is coming from to make it different
In your case it's probably the Sony Bravia TV trying to phone home. And because the domain is blocked by Pi-hole it's not getting an answer.
Some clients then append the local domain (i.e. .local, .fritz.box or .lan) to maybe get trough after all.
I'm not sure where this exact behavior is specified in detail but it could have something to do with the multicast DNS (mDNS) protocol, Bonjour or Avahi. Which are all alternatives if there''s no standard DNS server available.
It is unimportant whether a name ending with ".local." occurred because the user explicitly typed in a fully qualified domain name ending in ".local.", or because the user entered an unqualified domain name and the host software appended the suffix ".local." because that suffix appears in the user's search list. The ".local." suffix could appear in the search list because the user manually configured it, or because it was received via DHCP [RFC2132] or via any other mechanism for configuring the DNS search list. In this respect the ".local." suffix is treated no differently from any other search domain that might appear in the DNS search list.
However not every client is capable of mDNS, i.e. Windows 10 only uses this protocol to discover network printer , while Unix systems (Linux, MacOS, Android) should fully support it. Your TV probably runs on Android TV, as I saw a similar behavior with an NVIDIA Shield Android TV (and Amazon FireTV).
Thanks for the detailed explanation.
Ive blacklisted the .local as seemed like the simplest solution.
My TV is not an android TV ....it's a Sony bravia running their own OS
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.