Temporary disable Pi-hole doesn't work properly (Solved, might be my system setup not stable)

#1

Please follow the below template, it will help us to help you!

Expected Behaviour:

When Pi-hole been temporary disabled, the blocked domain should be accessible

Actual Behaviour:

Still been blocked, SERVFAIL, can’t resolve

Config method is method 2, dd-wrt as gateway, in dnsmasq option 6 given out Pi-hole’s IP address.

When a 5 mintues disable request started, still cannot resolve blocked domain
client with flushdns doesn’t fix this

On gateway
nslookup incentivenetworks2.com
nslookup: can’t resolve ‘(null)’
nslookup: can’t resolve ‘incentivenetworks2.com

On Pi-hole
nslookup incentivenetworks2.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can’t find incentivenetworks2.com: SERVFAIL

Debug Token:

https://tricorder.pi-hole.net/yatfztpwgc!

#2

When query Google 8.8.8.8:

pi@noads:~ $ nslookup incentivenetworks2.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
*** Can't find incentivenetworks2.com: No answer

When query Cloudflare 1.1.1.1:

pi@noads:~ $ nslookup incentivenetworks2.com 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
*** Can't find incentivenetworks2.com: No answer
#3

No sure why both google dns and cloudflare can’t resolve it

Here’s the recent log:

2019-03-11 20:34:51	A	incentivenetworks2.com	localhost	OK (forwarded)
INSECURE	NODATA (238.3ms)	 Blacklist
2019-03-11 20:34:51	AAAA	incentivenetworks2.com	localhost	OK (forwarded)
INSECURE	NODATA (28.4ms)	 Blacklist
2019-03-11 20:28:45	A	www.incentivenetworks2.com	192.168.1.103	Blocked (gravity)	- (0.1ms)	 Whitelist
2019-03-11 20:15:28	A	www.incentivenetworks2.com	192.168.1.103	OK (forwarded)
BOGUS	CNAME (7.5ms)	 Blacklist
2019-03-11 20:15:09	A	incentivenetworks2.com	localhost	OK (forwarded)
BOGUS	NODATA (6.6ms)	 Blacklist
2019-03-11 20:14:32	A	incentivenetworks2.com.lan	192.168.1.103	OK (forwarded)
BOGUS	N/A	 Blacklist
2019-03-11 20:14:32	AAAA	incentivenetworks2.com.lan	192.168.1.103	OK (forwarded)
BOGUS	N/A	 Blacklist
2019-03-11 20:14:32	A	incentivenetworks2.com	192.168.1.103	OK (forwarded)
BOGUS	NODATA (6.6ms)	 Blacklist
2019-03-11 20:14:32	AAAA	incentivenetworks2.com	192.168.1.103	OK (forwarded)
BOGUS	NODATA (7.2ms)	 Blacklist
2019-03-11 20:14:31	A	incentivenetworks2.com.lan	192.168.1.103	OK (forwarded)
BOGUS	N/A
|2019-03-11 20:14:31|AAAA|incentivenetworks2.com.lan|192.168.1.103|OK (forwarded)
BOGUS|N/A|

Does the log means it’s been blocked sometime but not in the other times?

It’s Qantas’ shopping to earn points website related.
If within Pi-hole’s control, the click will stop on this incentivenetworks2.com address because domain not found.
But with my mobile network it works fine (Telstra)

#4

So maybe that domain exists on the Telstra network, but for the public internet, it doesnt have common DNS records like A, AAAA or MX.

The domain is legit though:

pi@noads:~ $ whois incentivenetworks2.com
   Domain Name: INCENTIVENETWORKS2.COM
   Registry Domain ID: 1574874854_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.corporatedomains.com
   Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
   Updated Date: 2018-11-02T05:43:32Z
   Creation Date: 2009-11-06T20:42:52Z
   Registry Expiry Date: 2019-11-06T20:42:52Z
   Registrar: CSC Corporate Domains, Inc.
   Registrar IANA ID: 299
   Registrar Abuse Contact Email: domainabuse@cscglobal.com
   Registrar Abuse Contact Phone: 8887802723
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
#5

I see also BOGUS being returned so that could have to do with the DNSSEC implementation of DNSmasq.

The IP is: 34.234.248.177 so you could add it temporary in your /etc/hosts file.

1 	www.incentivenetworks2.com 	34.234.248.177 	Amazon.com, Inc 	USA 	11 Mar 2019, 13:00 
2 	www.getmycoupon.com 	34.234.248.177 	Amazon.com, Inc 	USA 	11 Mar 2019, 13:00
1 Like
#6

Neither can unbound, which goes directly to the authoritative nameservers:

dig incentivenetworks2.com

; <<>> DiG 9.10.3-P4-Raspbian <<>> incentivenetworks2.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53231
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;incentivenetworks2.com.		IN	A

;; AUTHORITY SECTION:
incentivenetworks2.com.	3600	IN	SOA	ns-550.awsdns-04.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar 11 10:04:50 CDT 2019
;; MSG SIZE  rcvd: 132
#7

Your phone is likely going to the “www” version of this domain - this is what Cloudflare returns from a US query:

dig +short www.incentivenetworks2.com @1.1.1.1
www01-us-e-1b-1847446577.us-east-1.elb.amazonaws.com.
52.21.30.211
34.234.248.177

What is shown in /var/log/pihole.log?

sudo grep incentivenetworks2.com /var/log/pihole.log | tail -n30

#8

I’ve tried this again and it seems it worked fine now. I guess it is due to my setup is not stable the last time. Thank you very much for your help.

With the pihole service active, the log shows:

 sudo grep incentivenetworks2.com /var/log/pihole.log | tail -n30

Mar 14  dnsmasq[16858]: query[A] www.incentivenetworks2.com from 192.168.1.103
Mar 14  dnsmasq[16858]: /etc/pihole/gravity.list www.incentivenetworks2.com is 0.0.0.0

www.incentivenetworks2.com user-pc.lan Blocked (gravity) - (0.6ms)
for a temporary disable , now it works fine:

Mar 14  dnsmasq[16858]: forwarded www.incentivenetworks2.com to 192.168.1.1
Mar 14  dnsmasq[16858]: reply www.incentivenetworks2.com is <CNAME>
closed #9

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.