Whitelist always wins

Help Community Help
12

pihole checkout ftl new/regex_multiple_query_types

tried various combinations, see below, player.h-cdn.com is blocked by gravity, www.sevenforums.com isn't (no matches)

changed some entries (enabled/disabled) to check the result, some pihole log examples:

Jan 29 09:31:56 dnsmasq[13776]: 315 192.168.2.227/56846 query[A] download.microsoft.com from 192.168.2.227
Jan 29 09:31:56 dnsmasq[13776]: 315 192.168.2.227/56846 forwarded download.microsoft.com to 127.10.10.2#5552

Jan 29 09:33:07 dnsmasq[13776]: 326 127.0.0.1/53490 query[HTTPS] download.microsoft.com from 127.0.0.1
Jan 29 09:33:07 dnsmasq[13776]: 326 127.0.0.1/53490 regex blacklisted download.microsoft.com is NODATA

Jan 29 09:33:55 dnsmasq[13776]: 430 127.0.0.1/47141 query[SVCB] download.microsoft.com from 127.0.0.1
Jan 29 09:33:55 dnsmasq[13776]: 430 127.0.0.1/47141 regex blacklisted download.microsoft.com is NODATA

Jan 29 09:34:14 dnsmasq[13776]: 431 127.0.0.1/44947 query[SRV] download.microsoft.com from 127.0.0.1
Jan 29 09:34:14 dnsmasq[13776]: 431 127.0.0.1/44947 forwarded download.microsoft.com to 127.10.10.2#5552

Jan 29 09:33:19 dnsmasq[16039]: 329 127.0.0.1/59917 query[ANY] download.microsoft.com from 127.0.0.1
Jan 29 09:33:19 dnsmasq[16039]: 329 127.0.0.1/59917 regex blacklisted download.microsoft.com is NODATA


Jan 29 09:55:21 dnsmasq[13776]: 805 127.0.0.1/37386 query[A] www.sevenforums.com from 127.0.0.1
Jan 29 09:55:21 dnsmasq[13776]: 805 127.0.0.1/37386 forwarded www.sevenforums.com to 127.10.10.2#5552

Jan 29 09:55:41 dnsmasq[20733]: 807 127.0.0.1/56873 query[ANY] www.sevenforums.com from 127.0.0.1
Jan 29 09:55:41 dnsmasq[20733]: 807 127.0.0.1/56873 regex blacklisted www.sevenforums.com is NODATA

Jan 29 09:56:15 dnsmasq[13776]: 909 127.0.0.1/38449 query[HTTPS] www.sevenforums.com from 127.0.0.1
Jan 29 09:56:15 dnsmasq[13776]: 909 127.0.0.1/38449 regex blacklisted www.sevenforums.com is NODATA

image
image1513×763 80.3 KB

everything appears to be working, it requires a lot of evaluation to verify the answer is correct, for example:
it may be very confusing why query type A is allowed (using the regex player.h-cdn.com;querytype=!ANY,SVCB,HTTPS) because pihole -q player.h-cdn.com only returns:

Match found in https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt:
   player.h-cdn.com

In order to find the reason why the A query is allowed, you need to run pihole -q player.h-cdn.com AND pihole-FTL regex-test player.h-cdn.com

The solution implies there will be no exact whitelist entries, only regex whitelist entries, when attmpting to block a specific query type.

a whitelist example (domain is blocked due to gravity entry):

  • pihole -q ab.tweakers.nl
 Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
   ab.tweakers.nl

image
image1516×146 14.1 KB

result (blocked A, allowed AAAA, allowed SRV)

Jan 29 10:42:55 dnsmasq[13776]: 1263 127.0.0.1/60238 query[A] ab.tweakers.nl from 127.0.0.1
Jan 29 10:42:55 dnsmasq[13776]: 1263 127.0.0.1/60238 gravity blocked ab.tweakers.nl is 0.0.0.0

Jan 29 10:43:07 dnsmasq[13776]: 1265 127.0.0.1/50251 query[AAAA] ab.tweakers.nl from 127.0.0.1
Jan 29 10:43:07 dnsmasq[13776]: 1265 127.0.0.1/50251 forwarded ab.tweakers.nl to 127.10.10.2#5552

Jan 29 10:50:30 dnsmasq[13776]: 1301 127.0.0.1/43596 query[SRV] ab.tweakers.nl from 127.0.0.1
Jan 29 10:50:30 dnsmasq[13776]: 1301 127.0.0.1/43596 forwarded ab.tweakers.nl to 127.10.10.2#5552