Tailing the log now longer highlights blocked queries

zerbey · July 14, 2021, 4:19pm

Blocked queries used to show up red, this stopped happening with the latest beta (pihole -t).

Pi-hole vDev (release/v5.4, v5.3.1-49-ga52a5e7e)
Web Interface vDev (release/v5.6, v5.5-44-g4e1f7c2)
FTL vDev (release/v5.9, vDev-c5f4931)

jfb · July 14, 2021, 7:12pm

Mine are showing in color:

  Pi-hole version is release/v5.4 v5.3.1-49-ga52a5e7e (Latest: v5.3.1)
  AdminLTE version is release/v5.6 v5.5-44-g4e1f7c2 (Latest: v5.5)
  FTL version is release/v5.9 vDev-c5f4931 (Latest: v5.8.1)

yubiuser · July 14, 2021, 7:37pm

What is the blocking mode you use?
Using NODATA I also get nothing in red, but using NULL I get the red colored output.

jfb · July 14, 2021, 7:43pm

NULL.

zerbey · July 14, 2021, 10:18pm

BLOCKINGMODE=IP-NODATA-AAAA

By setting it to NULL I get the red text again.

yubiuser · July 15, 2021, 7:06pm

Can you please post the output of

dig flurry.com

from a client device?

zerbey · July 15, 2021, 11:14pm

With blocking mode set to BLOCKINGMODE=IP-NODATA-AAAA:

$ dig @192.168.1.10 flurry.com

; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.10 flurry.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47714
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flurry.com.                    IN      A

;; ANSWER SECTION:
flurry.com.             2       IN      A       192.168.1.10

;; Query time: 4 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Thu Jul 15 19:12:51 EDT 2021
;; MSG SIZE  rcvd: 55

Jul 15 19:13:38: query[A] flurry.com from 192.168.1.10
Jul 15 19:13:38: gravity blocked flurry.com is 192.168.1.10

Output was not red.

And if I set blocking mode to NULL I get 0.0.0.0 in the output as expected and it's coloured red.

yubiuser · July 16, 2021, 7:16pm

With IP-NODATA-AAAA Pi.hole will return it's own IP on A requests for blocked domains. In your case 192.168.1.10 the code that colors the output red does only look for certain strings in the logs and colors them red

github.com/pi-hole/pi-hole

pihole

a52a5e7ef


      
              echo "  ${CROSS} Warning: Query logging is disabled"
            fi
            echo -e "  ${INFO} Press Ctrl-C to exit"
          
            # Strip date from each line
            # Color blocklist/blacklist/wildcard entries as red
            # Color A/AAAA/DHCP strings as white
            # Color everything else as gray
            tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \
              -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
              -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \
              -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
              -e "s,.*,${COL_GRAY}&${COL_NC},"
            exit 0
          }
          
          piholeCheckoutFunc() {
            if [[ "$2" == "-h" ]] || [[ "$2" == "--help" ]]; then
              echo "Usage: pihole checkout [repo] [branch]
          Example: 'pihole checkout master' or 'pihole checkout core dev'
          Switch Pi-hole subsystems to a different GitHub branch

There was a certain change which removed the IP which was "hard coded" in setupVars.conf from this line.

@DL6ER
Unintended side effect of:
https://github.com/pi-hole/pi-hole/commit/aa88be335e602a57e5c8cc70dea6db06454ebf93

DL6ER · July 16, 2021, 7:34pm

Why do we need to differentiate based on the returned address at all? It may be everything with IP blocking modes.

If the string contains (blacklisted |gravity blocked ) isn't this sufficient to add red color? Regardless of what the blocking mode is? Why would we check for any address in addition to these unique strings?

yubiuser · July 16, 2021, 7:39pm

It should... but it's not working (anymore). I set it toIP-NODATA-AAAA and got the second line grey colored

DL6ER · July 16, 2021, 7:41pm

Oh yes, I meant we should change the filter to be less strict as a suggestion.

Like

--e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \
+-e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \

(without having tested this myself)

yubiuser · July 16, 2021, 7:48pm

DL6ER:

Like

--e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN).*),${COL_RED}&${COL_NC}," \
+-e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \

(without having tested this myself)

Works like charm

yubiuser · July 16, 2021, 7:56pm

https://github.com/pi-hole/pi-hole/pull/4230

zerbey · July 16, 2021, 9:20pm

Thanks!

DL6ER · July 17, 2021, 8:50am

The beta has been updated.

zerbey · July 17, 2021, 4:29pm

Confirming functionality has returned in the latest beta.