Expected Behaviour:
Things on the whitelist should be able to be accessed. (vortex.data.microsoft.com
)
Actual Behaviour:
Things on the whitelist are still blocked.
Things on the whitelist should be able to be accessed. (vortex.data.microsoft.com
)
Things on the whitelist are still blocked.
From a client machine that you still deem to block your whitelist entry, what's the output of:
nslookup vortex.data.microsoft.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
vortex.data.microsoft.com canonical name = asimov.vortex.data.trafficmanager.net.
Name: asimov.vortex.data.trafficmanager.net
Address: 64.4.54.254
asimov.vortex.data.trafficmanager.net canonical name = global.vortex.data.trafficmanager.net.
That output shows two things:
a) vortex.data.microsoft.com
is not blocked
b) your client is using Google's quad-8 as DNS rather than Pi-hole
As such, the results are inconclusive as to your original request.
You should sort your network configuration (see Making your network take advantage of Pi-hole) and then reassess your observations.
I followed "Making your network take advantage of Pi-hole" but when I view the Query Log its still saying its blocked
Please provide a current nslookup
result.
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
vortex.data.microsoft.com canonical name = asimov.vortex.data.trafficmanager.net.
asimov.vortex.data.trafficmanager.net canonical name = global.vortex.data.trafficmanager.net.
Name: global.vortex.data.trafficmanager.net
Address: 64.4.54.254
Same as before:
Pi-hole is not blocking vortex.data.microsoft.com
, it's not even queried by your client.
What makes you think your client is blocking it?
What makes you think your client would be using Pi-hole?
This client is not using Pi-hole for DNS. It is using Google DNS and the queries are bypassing Pi-hole.
On the query log it is saying "vortex.data.microsoft.com 192.168.1.1 Blocked (regex blacklist) IP (0.0ms)". I've tried manually setting the DNS and still wont go through. I've also tried googles DNS and I can connect.
On the same client that runs the nslookup
, what's the result of
ipconfig /all | find /i "IPv4"
What is the output of the following from the same client:
nslookup vortex.data.microsoft.com 192.168.1.12
Apologizes I misread a message ive been doing nsLookup on the ssh...
here are the "nsLookup" results from a client
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1
DNS request timed out.
timeout was 2 seconds.
Name: vortex.data.microsoft.com
Address: 0.0.0.0
and here is the "ipconfig /all | find /i "IPv4""
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred)
and for the "nslookup vortex.data.microsoft.com 192.168.1.12"
Server: raspberrypi
Address: 192.168.1.12
Name: vortex.data.microsoft.com
Addresses: ::
0.0.0.0
Now, that's more like it.
You've configured your router to use Pi-hole as its upstream DNS, that's why your Query Log shows the entry originating from your router's 192.168.1.1
.
But it also claims "Blocked (regex blacklist)".
This is strange, since your debug log does not list any regex entries to start with:
*** [ DIAGNOSING ]: contents of /var/log
-rw-r--r-- 1 pihole pihole 31054 Jul 31 07:48 /var/log/pihole-FTL.log
-----tail of pihole-FTL.log------
[2020-07-31 07:46:40.464 28748M] INFO: No regex blacklist entries found
[2020-07-31 07:46:40.466 28748M] INFO: No regex whitelist entries found
Can you check your Pi-hole's UI for any blacklist entries of type Regex?
There are no blacklist entries showing up.
Let's take a peek in the database by running the following command on your Pi-hole machine:
sqlite3 /etc/pihole/gravity.db "SELECT id, domain FROM domainlist where type=3;"
Repeat: please run above on your Pi-hole machine (192.168.1.12
).
Nothing is happening. Its just going to the next command line.
I believe blacklist regex stored below:
pi@ph5:~ $ sqlite3 /etc/pihole/gravity.db ".tables"
adlist domainlist_by_group vw_gravity
adlist_by_group gravity vw_regex_blacklist
client group vw_regex_whitelist
client_by_group info vw_whitelist
domain_audit vw_adlist
domainlist vw_blacklist
pi@ph5:~ $ sqlite3 /etc/pihole/gravity.db "SELECT * FROM vw_regex_blacklist;"
pi@ph5:~ $
Shouldn't you start peeking there ?
Those tables prefixed by vw_ are not real tables, but views filled by reading and aggregating data from other tables.
CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
FROM domainlist
(...)