Support.microsoft.com is blocked, whitelist not working

Hi,

I have an issue with a all of our pi-hole installations that "support.microsoft.com" is blocked and whitelist is not working.

root@dnssec01:/home/ns# pihole -q support.microsoft.com

::: /etc/pihole/list.7.raw.githubusercontent.com.domains (2 results)
diagnostics.support.microsoft.com #Microsoft
support.microsoft.com #Microsoft

I'm having a hard time understanding why anyone would block "support.microsoft.com" since it can cause problems with Windows update - a bit of anti-security in my world.

Secondly... if i add a domain to whitelist with the webinterface it wont work.. its listed in the interface not actually added to the white list.. using console works fine.

Any ideas ?

Run pihole -d for a debug token.

I found it silly as well but adding via the cli was painless.

pihole -w support.microsoft.com

The lists are all maintained by third parties. We had a few that we removed because they were overzealously blocking legit sites.

I see that a

pihole -q support.microsoft.com

reveals this came from Quid's list. :facepalm:

I can quite understand why one would block such a domain. I'd do it!

It always depends on your point of view, though. I never owned and/or used a Windows machine. And I'll likely never do this in the future. So, at least for me, blocking this domain is harmless and maybe even beneficial in terms of security/privacy (there shouldn't be any traffic in my network to this domain, anyhow) - there is certainly a reason why it is contained in a "NoTrack" blocklist.

No doubt that it may not a very good choice for the wide range of computer users that are using Pi-Hole.

For the web interface issue, a debug log will allow us to see what is causing the problem. :slight_smile:

1 Like

I completely understand your standpoint - and if this was for myself i would to.

But, support.microsoft.com does actually contain alot of good info and for the general public its not optimal to block the entire thing.

On another note - blocking "no track" domains is one thing.. but that should to the widest extend be the actual tracking domain.. not nesc. all websites that use tracking systems.

eg. you dont ban all of CNN because they use google analytics... you ban google analytics.

It would be nice with an option in pihole to select what excatly you want to ban.

The NoTrack list is actually just a list used by the application NoTrack which we also use. support.microsoft.com seems to have been added at the request of a user of NoTrack, but remember that we don't control the ad lists. If you would like you can:

1 Like

I had this same problem with support.microsoft.com and I found that whitelisting akamaitechnologies.com solved my problem. Whitelisting support.microsoft.com wasn't enough.

1 Like

Note the in such a situation you can always go to the Query Log to investigate which domains have been blocked at the time you wanted to access this particular page. You can use the Whitelist buttons there to permit all those queries from one place, so you don't have to search around a lot.

Strange but worked...