Temporary disable Pi-hole doesn't work properly (Solved, might be my system setup not stable)

rampage123 · March 11, 2019, 10:35am

Please follow the below template, it will help us to help you!

Expected Behaviour:

When Pi-hole been temporary disabled, the blocked domain should be accessible

Actual Behaviour:

Still been blocked, SERVFAIL, can't resolve

Config method is method 2, dd-wrt as gateway, in dnsmasq option 6 given out Pi-hole's IP address.

When a 5 mintues disable request started, still cannot resolve blocked domain
client with flushdns doesn't fix this

On gateway
nslookup incentivenetworks2.com
nslookup: can't resolve '(null)'
nslookup: can't resolve 'incentivenetworks2.com'

On Pi-hole
nslookup incentivenetworks2.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find incentivenetworks2.com: SERVFAIL

Debug Token:

https://tricorder.pi-hole.net/yatfztpwgc!

deHakkelaar · March 11, 2019, 11:40am

When query Google 8.8.8.8:

pi@noads:~ $ nslookup incentivenetworks2.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
*** Can't find incentivenetworks2.com: No answer

When query Cloudflare 1.1.1.1:

pi@noads:~ $ nslookup incentivenetworks2.com 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
*** Can't find incentivenetworks2.com: No answer

rampage123 · March 11, 2019, 1:12pm

No sure why both google dns and cloudflare can't resolve it

Here's the recent log:

2019-03-11 20:34:51	A	incentivenetworks2.com	localhost	OK (forwarded)
INSECURE	NODATA (238.3ms)	 Blacklist
2019-03-11 20:34:51	AAAA	incentivenetworks2.com	localhost	OK (forwarded)
INSECURE	NODATA (28.4ms)	 Blacklist
2019-03-11 20:28:45	A	www.incentivenetworks2.com	192.168.1.103	Blocked (gravity)	- (0.1ms)	 Whitelist
2019-03-11 20:15:28	A	www.incentivenetworks2.com	192.168.1.103	OK (forwarded)
BOGUS	CNAME (7.5ms)	 Blacklist
2019-03-11 20:15:09	A	incentivenetworks2.com	localhost	OK (forwarded)
BOGUS	NODATA (6.6ms)	 Blacklist
2019-03-11 20:14:32	A	incentivenetworks2.com.lan	192.168.1.103	OK (forwarded)
BOGUS	N/A	 Blacklist
2019-03-11 20:14:32	AAAA	incentivenetworks2.com.lan	192.168.1.103	OK (forwarded)
BOGUS	N/A	 Blacklist
2019-03-11 20:14:32	A	incentivenetworks2.com	192.168.1.103	OK (forwarded)
BOGUS	NODATA (6.6ms)	 Blacklist
2019-03-11 20:14:32	AAAA	incentivenetworks2.com	192.168.1.103	OK (forwarded)
BOGUS	NODATA (7.2ms)	 Blacklist
2019-03-11 20:14:31	A	incentivenetworks2.com.lan	192.168.1.103	OK (forwarded)
BOGUS	N/A
|2019-03-11 20:14:31|AAAA|incentivenetworks2.com.lan|192.168.1.103|OK (forwarded)
BOGUS|N/A|

Does the log means it's been blocked sometime but not in the other times?

It's Qantas' shopping to earn points website related.
If within Pi-hole's control, the click will stop on this incentivenetworks2.com address because domain not found.
But with my mobile network it works fine (Telstra)

deHakkelaar · March 11, 2019, 1:28pm

So maybe that domain exists on the Telstra network, but for the public internet, it doesnt have common DNS records like A, AAAA or MX.

The domain is legit though:

pi@noads:~ $ whois incentivenetworks2.com
   Domain Name: INCENTIVENETWORKS2.COM
   Registry Domain ID: 1574874854_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.corporatedomains.com
   Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
   Updated Date: 2018-11-02T05:43:32Z
   Creation Date: 2009-11-06T20:42:52Z
   Registry Expiry Date: 2019-11-06T20:42:52Z
   Registrar: CSC Corporate Domains, Inc.
   Registrar IANA ID: 299
   Registrar Abuse Contact Email: domainabuse@cscglobal.com
   Registrar Abuse Contact Phone: 8887802723
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

jfb · March 11, 2019, 3:06pm

Neither can unbound, which goes directly to the authoritative nameservers:

dig incentivenetworks2.com

; <<>> DiG 9.10.3-P4-Raspbian <<>> incentivenetworks2.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53231
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;incentivenetworks2.com.		IN	A

;; AUTHORITY SECTION:
incentivenetworks2.com.	3600	IN	SOA	ns-550.awsdns-04.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar 11 10:04:50 CDT 2019
;; MSG SIZE  rcvd: 132

jfb · March 11, 2019, 3:10pm

Your phone is likely going to the "www" version of this domain - this is what Cloudflare returns from a US query:

dig +short www.incentivenetworks2.com @1.1.1.1
www01-us-e-1b-1847446577.us-east-1.elb.amazonaws.com.
52.21.30.211
34.234.248.177

What is shown in /var/log/pihole.log?

sudo grep incentivenetworks2.com /var/log/pihole.log | tail -n30

rampage123 · March 13, 2019, 4:09pm

I've tried this again and it seems it worked fine now. I guess it is due to my setup is not stable the last time. Thank you very much for your help.

With the pihole service active, the log shows:

 sudo grep incentivenetworks2.com /var/log/pihole.log | tail -n30

Mar 14  dnsmasq[16858]: query[A] www.incentivenetworks2.com from 192.168.1.103
Mar 14  dnsmasq[16858]: /etc/pihole/gravity.list www.incentivenetworks2.com is 0.0.0.0

www.incentivenetworks2.com user-pc.lan Blocked (gravity) - (0.6ms)
for a temporary disable , now it works fine:

Mar 14  dnsmasq[16858]: forwarded www.incentivenetworks2.com to 192.168.1.1
Mar 14  dnsmasq[16858]: reply www.incentivenetworks2.com is <CNAME>

system · April 3, 2019, 4:09pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.