I added some a regex to block lists, but they still seem to be coming through. So I took a look at /var/log/pihole.log and found this:
Jun 25 17:51:06 dnsmasq[29440]: query[A] libs.outbrain.com from 192.168.1.203
Jun 25 17:51:06 dnsmasq[29440]: gravity blocked libs.outbrain.com is 0.0.0.0
Jun 25 17:51:06 dnsmasq[29440]: query[type=65479] libs.outbrain.com from 192.168.1.203
Jun 25 17:51:06 dnsmasq[29440]: forwarded libs.outbrain.com to 192.168.1.1
The regex is (\.|^)outbrain\.com$. It seems to be blocking the A query as expected, but then this odd type=65479 is let through? What does this type mean? I don't see it listed here:
IANA has reserved RR type definitions in the range 0xFF00 through 0xFFFE as Reserved for Private Use (see RFC 6895). In addition, RFC 5226 details Private Use to mean both "the type and purpose defined by the local site".
As a type of 65479 would fall right into that range, it would seem that only outbrain.com would be able to answer your question.
With regards to your inquiry towards why this is not blocked when an A record is, I'd have to pass that question to the developers, as I am not aware how pihole-FTL deals with private use RR types.
however, there is not information contained that could be used to actually access this page (IP address).
This is caused by e15144.d.akamaiedge.net lacking any type=65479 records. Hence, I don't think this can be used to bypass Pi-hole. We block only a limited number of types where we know what the correct reply is to:
A
AAAA
ANY
SRV
SOA
PTR
TXT
NAPTR
However, I do not see any reason to not block the other types as well. We can just reply NOERROR with an empty answers section. Stay tuned...