We have Spectrum VOIP phones in our network. I implemented a PiHole on out network and the phones stopped working. I looked through the list (the default suggested one from the install) and found no spectrumvoip.com listed in the block list, but when querying the blocked sites, it shows up with various subdomains.
How can I either:
Add them to an allowed list somewhere or find out why they are being blocked (they are not in the list).
If I add them to an allow list, how can I do all subdomain variations of *.spectrumvoip.com without having to add them all one at a time?
Well, that worked for that one, but not for youtube. I added youtube the same way but it remains blocked. I had to pull the piHole back off as we have students in college classes who’s instructors allow other people to instruct their students instead of themselves and they use youtube to do it.
The default blocklist (StevenBlack/hosts) currently does neither block spectrumvoip.com nor youtube.com.
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
If you see it, please post a screenshot after clicking on the table row to show the details, like this:
Note:
If you can't find youtube.com on the Query Log (or if you find only allowed queries to this domain), it means Pi-hole is not blocking it. Maybe there is something else on the network, like a firewall, blocking the domain.
Well, I didn't specifically see youtube.com, pr spectrumvoip.com in the list but when pihole was running, the comptuers subjected to it couldn't get to youtube (just a blank page) and the phones that were trying to get to spectrumvoip.com quit working (this wasn't a good deal, highly unexpected!)
When viewing the logs, the same pink bar was on .youtube.com and .spectrumvoip.com.
I don't know why it wasn't working but it wasn't. . .
So, I had to pull it back off, reconfigure DHCP to not hand it out as DNS and go around and restart all the phones!
So, I will just hold off on it for a while until I can do more testing.
Sorry. . . I am very busy and just haven't had time to go back to that project after I had to pull it back out and reconfigure everything to get my students and staff back online. . .
It does show blocked (external,IP) but it isn't blocked externally because the phone works fine until run though PiHole.
What does it mean when it says "Query Status: Blocked (external,IP)? The phones get their IPs the same way as everything else even though they are assigned by reservation. But that shouldn't matter. They work until PiHole is added as their DNS.
I didn't pull one ofr youtube. If we figure this one out, youtube will probably be the same kind of deal.
Blocked (external,IP) means Pi-hole is not blocking the query.
Pi-hole is sending the query to the upstream server, but the upstream DNS server is blocking it.
This is not true.
Is your phone using the same DNS servers you configured in Pi-hole (10.40.16.6 or 10.40.16.7)? Probably not...
When you set Pi-hole as DNS server, you are actually selecting Pi-hole and also its upstream DNS servers and these servers are probably different than the server used by your phone.
Pi-hole is not blocking the domains, then it will ask for the upstream server to answer "what is the IP of core15-dal.spectrumvoip.com?".
If the upstream server blocks this domain, no IP will be sent and there is nothing Pi-hole can do about.
In your case, the upstream DNS servers are:
[dns]
upstreams = [
"10.40.16.6",
"10.40.16.7"
]
You can change that to use servers that don't block the domains.
Ok. But if the upstream DNS server blocks it when running DNS PiHole, why does that same DNS server not block it when not using the PiHole? The only difference is that the PiHole is between them.
With PiHole:
Workstation - PiHole DNS - DNS - Internet
10.40.20.100 - 10.40.16.3 - 10.40.16.6,10.40.16.7 - Internet
Without PiHole:
Workstation - DNS - Internet
10.40.20.100 - 10.40.16.6,10.40.16.7 - Internet
The only difference is the PiHole is added. If the workstation can get to youtube without the PiHole, why can't it get there using the same DNS with the PiHole in the stream? The only thing changed on the workstation is the DNS entry. 10.40.16.3 with PiHole and 10.40.16.6,10.40.16.7 without PiHole.
10.40.16.6 and 10.40.16.7 are the two DNS handlers inside of our network for our Cisco Umbrella content filter.
Sounds like that content filter would apply a different rule set to your Pi-hole machine.
You did you check the rules on that content filter yet, didn't you?
Hmmm. . . that may be it! I will look at that. . . The IP address the PiHole is on is 16.3. The addresses for minimal filtering are 20.129-254. I'll bet if I move the PiHole up there, that will solve it!
Thanks!
I will let you know if that has the intended effect! It may fix the phones, too, since they won't connect properly unless they, too, are inside that 20.129-254 range!
You're an animal, man! I didn't even think of that!
