(v3.3.1) Domains on whitelist are still being blocked

I have not been able to access Javascript CDN hosted on Cloudfare today and a number of sites have stopped functioning properly for me. I have added the following domains to the whitelist, first via the admin page, then via console to be doubly sure and they are still blocked.

-cdnjs.cloudflare.com
-cdnjs.com
-cloudflare.com

I have also tried restarting the pihole with no luck.

Debug token: bi3iartevg

P.S. I noticed that cdnjs.cloudflare.com showed up on StevenBlack's list.

P.S.S. I did not see any topics on this issue with v3.3.1 so apologies if this is duplicate. Last discussion I saw on this was for v3.3.

Why dd you comment out the DNS upstream servers in /etc/pihole/setupVars.conf?

I'm using dnscrypt-2.0 with pihole

What are the log lines when you query those domains? /var/log/pihole.log or pihole -t

21:12:26 dnsmasq[4970]: 988 192.168.0.19/57597 query[A] cdnjs.com from 192.168.0.19
21:12:26 dnsmasq[4970]: 988 192.168.0.19/57597 forwarded cdnjs.com to 127.10.10.1
21:12:26 dnsmasq[4970]: * 192.168.0.19/57597 dnssec-query[DS] com to 127.10.10.1
21:12:26 dnsmasq[4970]: * 192.168.0.19/57597 reply com is BOGUS DS
21:12:26 dnsmasq[4970]: 988 192.168.0.19/57597 validation cdnjs.com is BOGUS
21:12:26 dnsmasq[4970]: 988 192.168.0.19/57597 reply cdnjs.com is 104.24.8.40
21:12:26 dnsmasq[4970]: 988 192.168.0.19/57597 reply cdnjs.com is 104.24.9.40
21:12:26 dnsmasq[4970]: 989 192.168.0.19/57597 query[A] cdnjs.com from 192.168.0.19
21:12:26 dnsmasq[4970]: 989 192.168.0.19/57597 forwarded cdnjs.com to 127.10.10.1
21:12:26 dnsmasq[4970]: * 192.168.0.19/57597 dnssec-query[DS] com to 127.10.10.1
21:12:26 dnsmasq[4970]: * 192.168.0.19/57597 reply com is BOGUS DS
21:12:26 dnsmasq[4970]: 989 192.168.0.19/57597 validation cdnjs.com is BOGUS
21:12:26 dnsmasq[4970]: 989 192.168.0.19/57597 reply cdnjs.com is 104.24.8.40
21:12:26 dnsmasq[4970]: 989 192.168.0.19/57597 reply cdnjs.com is 104.24.9.40
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 query[A] cdnjs.cloudflare.com from 192.168.0.19
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 forwarded cdnjs.cloudflare.com to 127.10.10.1
21:12:34 dnsmasq[4970]: * 192.168.0.19/53449 dnssec-query[DS] com to 127.10.10.1
21:12:34 dnsmasq[4970]: * 192.168.0.19/53449 reply com is BOGUS DS
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 validation cdnjs.cloudflare.com is BOGUS
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.196.151
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.198.151
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.199.151
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.197.151
21:12:34 dnsmasq[4970]: 994 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.195.151
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 query[A] cdnjs.cloudflare.com from 192.168.0.19
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 forwarded cdnjs.cloudflare.com to 127.10.10.1
21:12:34 dnsmasq[4970]: * 192.168.0.19/53449 dnssec-query[DS] com to 127.10.10.1
21:12:34 dnsmasq[4970]: * 192.168.0.19/53449 reply com is BOGUS DS
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 validation cdnjs.cloudflare.com is BOGUS
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.196.151
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.198.151
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.199.151
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.197.151
21:12:34 dnsmasq[4970]: 995 192.168.0.19/53449 reply cdnjs.cloudflare.com is 104.19.195.151
21:12:42 dnsmasq[4970]: 998 192.168.0.19/54153 query[A] cloudflare.com from 192.168.0.19
21:12:42 dnsmasq[4970]: 998 192.168.0.19/54153 forwarded cloudflare.com to 127.10.10.1
21:12:42 dnsmasq[4970]: 999 192.168.0.19/54153 query[A] cloudflare.com from 192.168.0.19
21:12:42 dnsmasq[4970]: 999 192.168.0.19/54153 forwarded cloudflare.com to 127.10.10.1
21:12:42 dnsmasq[4970]: * 192.168.0.19/54153 dnssec-query[DS] com to 127.10.10.1
21:12:42 dnsmasq[4970]: * 192.168.0.19/54153 reply com is BOGUS DS
21:12:42 dnsmasq[4970]: 999 192.168.0.19/54153 validation cloudflare.com is BOGUS
21:12:42 dnsmasq[4970]: 999 192.168.0.19/54153 reply cloudflare.com is 198.41.214.162
21:12:42 dnsmasq[4970]: 999 192.168.0.19/54153 reply cloudflare.com is 198.41.215.162
21:12:42 dnsmasq[4970]: 1000 192.168.0.19/54153 query[A] cloudflare.com from 192.168.0.19
21:12:42 dnsmasq[4970]: 1000 192.168.0.19/54153 forwarded cloudflare.com to 127.10.10.1
21:12:42 dnsmasq[4970]: * 192.168.0.19/54153 dnssec-query[DS] com to 127.10.10.1
21:12:42 dnsmasq[4970]: * 192.168.0.19/54153 reply com is BOGUS DS
21:12:42 dnsmasq[4970]: 1000 192.168.0.19/54153 validation cloudflare.com is BOGUS
21:12:42 dnsmasq[4970]: 1000 192.168.0.19/54153 reply cloudflare.com is 198.41.214.162
21:12:42 dnsmasq[4970]: 1000 192.168.0.19/54153 reply cloudflare.com is 198.41.215.162

They are not "blocked", rather they are failing DNSSEC and the resolver is telling the clients to not use it.

2 Likes

I see. Thank you!

I wonder why it suddenly stopped accepting that domain today. It was fine yesterday and up until this afternoon.

I disable DNSSEC from DNSCrypt and I am able to connect.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.