Whitelist is not allowing access to things that are on adlists

Expected Behaviour:

Things on the whitelist should be able to be accessed. (vortex.data.microsoft.com)

Actual Behaviour:

Things on the whitelist are still blocked.

Debug Token:


From a client machine that you still deem to block your whitelist entry, what's the output of:

nslookup vortex.data.microsoft.com

Non-authoritative answer:
vortex.data.microsoft.com       canonical name = asimov.vortex.data.trafficmanager.net.
Name:   asimov.vortex.data.trafficmanager.net
asimov.vortex.data.trafficmanager.net   canonical name = global.vortex.data.trafficmanager.net.

That output shows two things:

a) vortex.data.microsoft.com is not blocked
b) your client is using Google's quad-8 as DNS rather than Pi-hole

As such, the results are inconclusive as to your original request.

You should sort your network configuration (see Making your network take advantage of Pi-hole) and then reassess your observations.

I followed "Making your network take advantage of Pi-hole" but when I view the Query Log its still saying its blocked

Please provide a current nslookup result.


Non-authoritative answer:
vortex.data.microsoft.com       canonical name = asimov.vortex.data.trafficmanager.net.
asimov.vortex.data.trafficmanager.net   canonical name = global.vortex.data.trafficmanager.net.
Name:   global.vortex.data.trafficmanager.net

Same as before:
Pi-hole is not blocking vortex.data.microsoft.com, it's not even queried by your client.

What makes you think your client is blocking it?
What makes you think your client would be using Pi-hole?

This client is not using Pi-hole for DNS. It is using Google DNS and the queries are bypassing Pi-hole.

On the query log it is saying "vortex.data.microsoft.com Blocked (regex blacklist) IP (0.0ms)". I've tried manually setting the DNS and still wont go through. I've also tried googles DNS and I can connect.

On the same client that runs the nslookup, what's the result of

ipconfig /all | find /i "IPv4"

What is the output of the following from the same client:

nslookup vortex.data.microsoft.com

Apologizes I misread a message ive been doing nsLookup on the ssh...
here are the "nsLookup" results from a client

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown

DNS request timed out.
    timeout was 2 seconds.
Name:    vortex.data.microsoft.com

and here is the "ipconfig /all | find /i "IPv4""

IPv4 Address. . . . . . . . . . . :
   IPv4 Address. . . . . . . . . . . :

and for the "nslookup vortex.data.microsoft.com"

Server:  raspberrypi

Name:    vortex.data.microsoft.com
Addresses:  ::

Now, that's more like it. :wink:

You've configured your router to use Pi-hole as its upstream DNS, that's why your Query Log shows the entry originating from your router's

But it also claims "Blocked (regex blacklist)".
This is strange, since your debug log does not list any regex entries to start with:

*** [ DIAGNOSING ]: contents of /var/log

-rw-r--r-- 1 pihole pihole 31054 Jul 31 07:48 /var/log/pihole-FTL.log
  -----tail of pihole-FTL.log------
   [2020-07-31 07:46:40.464 28748M] INFO: No regex blacklist entries found
   [2020-07-31 07:46:40.466 28748M] INFO: No regex whitelist entries found

Can you check your Pi-hole's UI for any blacklist entries of type Regex?

There are no blacklist entries showing up.

Let's take a peek in the database by running the following command on your Pi-hole machine:

sqlite3 /etc/pihole/gravity.db "SELECT id, domain FROM domainlist where type=3;"

Repeat: please run above on your Pi-hole machine (

Nothing is happening. Its just going to the next command line.

I believe blacklist regex stored below:

pi@ph5:~ $ sqlite3 /etc/pihole/gravity.db ".tables"
adlist               domainlist_by_group  vw_gravity
adlist_by_group      gravity              vw_regex_blacklist
client               group                vw_regex_whitelist
client_by_group      info                 vw_whitelist
domain_audit         vw_adlist
domainlist           vw_blacklist

pi@ph5:~ $ sqlite3 /etc/pihole/gravity.db "SELECT * FROM vw_regex_blacklist;"
pi@ph5:~ $

Shouldn't you start peeking there ?

Those tables prefixed by vw_ are not real tables, but views filled by reading and aggregating data from other tables.

While your SQL statement would suffice, its origin is indeed still the **domainlist** table. (click for more)
CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
    FROM domainlist
1 Like

Peeking & poking C64 :wink:

1 Like