Whitelist is not allowing access to things that are on adlists

Bucking_Horn · July 31, 2020, 3:56pm

That's strange - it means we do not have any lead to the Regex your Pi-hole's UI claims to use for blocking vortex.data.microsoft.com.

Let's see if your pihole.log has any more details on this.
On your Pi-hole machine, what's the output of:

grep -nR "vortex.data.microsoft" -A2 /var/log/pihole.log

Drummer · July 31, 2020, 3:59pm

21:Jul 31 07:06:15 dnsmasq[25406]: query[A] vortex.data.microsoft.com from 192.168.1.1
22:Jul 31 07:06:15 dnsmasq[25406]: config vortex.data.microsoft.com is 0.0.0.0
23:Jul 31 07:06:19 dnsmasq[25406]: query[A] vortex.data.microsoft.com from 192.168.1.1
24:Jul 31 07:06:19 dnsmasq[25406]: config vortex.data.microsoft.com is 0.0.0.0
25-Jul 31 07:06:26 dnsmasq[25406]: query[A] upp.itunes.apple.com from 192.168.1.1
26-Jul 31 07:06:26 dnsmasq[25406]: forwarded upp.itunes.apple.com to 8.8.4.4
--
165:Jul 31 07:10:30 dnsmasq[25406]: query[A] vortex.data.microsoft.com from 192.168.1.1
166:Jul 31 07:10:30 dnsmasq[25406]: config vortex.data.microsoft.com is 0.0.0.0
167-Jul 31 07:10:35 dnsmasq[25406]: query[A] pi.hole from 192.168.1.1
168-Jul 31 07:10:35 dnsmasq[25406]: /etc/pihole/local.list pi.hole is 192.168.1.12
--
244:Jul 31 07:13:52 dnsmasq[25406]: query[A] vortex.data.microsoft.com from 192.168.1.1
245:Jul 31 07:13:52 dnsmasq[25406]: config vortex.data.microsoft.com is 0.0.0.0
246-Jul 31 07:13:58 dnsmasq[25406]: query[A] graph.oculus.com from 192.168.1.1
247-Jul 31 07:13:58 dnsmasq[25406]: forwarded graph.oculus.com to 8.8.4.4
--
2175:Jul 31 07:42:38 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
2176:Jul 31 07:42:38 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
2177-Jul 31 07:42:45 dnsmasq[28748]: query[A] pi.hole from 192.168.1.1
2178-Jul 31 07:42:45 dnsmasq[28748]: /etc/pihole/local.list pi.hole is 192.168.1.12
--
2219:Jul 31 07:43:18 dnsmasq[28748]: query[A] web.vortex.data.microsoft.com from 192.168.1.1
2220:Jul 31 07:43:18 dnsmasq[28748]: gravity blocked web.vortex.data.microsoft.com is 0.0.0.0
2221-Jul 31 07:43:18 dnsmasq[28748]: query[A] google.com from 192.168.1.1
2222-Jul 31 07:43:18 dnsmasq[28748]: forwarded google.com to 8.8.8.8
--
2373:Jul 31 07:47:29 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
2374:Jul 31 07:47:29 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
2375-Jul 31 07:47:34 dnsmasq[28748]: query[A] configuration.ls.apple.com from 192.168.1.13
2376-Jul 31 07:47:34 dnsmasq[28748]: cached configuration.ls.apple.com is <CNAME>
--
3032:Jul 31 07:57:03 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3033:Jul 31 07:57:03 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3034-Jul 31 07:57:11 dnsmasq[28748]: query[A] ntp.msn.com from 192.168.1.1
3035-Jul 31 07:57:11 dnsmasq[28748]: forwarded ntp.msn.com to 8.8.4.4
--
3181:Jul 31 07:57:55 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3182:Jul 31 07:57:55 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3183-Jul 31 07:57:55 dnsmasq[28748]: reply notify.xboxlive.com is <CNAME>
3184-Jul 31 07:57:55 dnsmasq[28748]: reply notify.xboxlive.com.akadns.net is 40.65.234.15
--
3363:Jul 31 07:57:58 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3364:Jul 31 07:57:58 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3365-Jul 31 07:57:58 dnsmasq[28748]: reply telemetry.svc.halowaypoint.com is <CNAME>
3366-Jul 31 07:57:58 dnsmasq[28748]: reply s3-telemetry-atm.trafficmanager.net is <CNAME>
--
3430:Jul 31 07:58:02 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3431:Jul 31 07:58:02 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3432:Jul 31 07:58:05 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3433:Jul 31 07:58:05 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3434-Jul 31 07:58:05 dnsmasq[28748]: query[A] steamcdn-a.akamaihd.net from 192.168.1.1
3435-Jul 31 07:58:05 dnsmasq[28748]: forwarded steamcdn-a.akamaihd.net to 8.8.4.4
--
3442:Jul 31 07:58:08 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3443:Jul 31 07:58:08 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3444:Jul 31 07:58:10 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3445:Jul 31 07:58:10 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3446:Jul 31 07:58:15 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3447:Jul 31 07:58:15 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3448-Jul 31 07:58:18 dnsmasq[28748]: query[A] radio.itunes.apple.com from 192.168.1.1
3449-Jul 31 07:58:18 dnsmasq[28748]: cached radio.itunes.apple.com is <CNAME>
--
3466:Jul 31 07:58:19 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3467:Jul 31 07:58:19 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3468:Jul 31 07:58:23 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3469:Jul 31 07:58:23 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3470:Jul 31 07:58:26 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3471:Jul 31 07:58:26 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3472-Jul 31 07:58:47 dnsmasq[28748]: query[A] leaderboards.xboxlive.com from 192.168.1.1
3473-Jul 31 07:58:47 dnsmasq[28748]: forwarded leaderboards.xboxlive.com to 8.8.4.4
--
3486:Jul 31 07:58:58 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3487:Jul 31 07:58:58 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3488-Jul 31 07:59:08 dnsmasq[28748]: query[A] wpad.ssnc.global from 192.168.1.1
3489-Jul 31 07:59:08 dnsmasq[28748]: cached wpad.ssnc.global is NXDOMAIN
--
3622:Jul 31 08:00:02 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3623:Jul 31 08:00:02 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3624-Jul 31 08:00:03 dnsmasq[28748]: query[A] encrypted-tbn0.gstatic.com from 192.168.1.1
3625-Jul 31 08:00:03 dnsmasq[28748]: forwarded encrypted-tbn0.gstatic.com to 8.8.4.4
--
3756:Jul 31 08:01:22 dnsmasq[28748]: query[A] web.vortex.data.microsoft.com from 192.168.1.1
3757:Jul 31 08:01:22 dnsmasq[28748]: gravity blocked web.vortex.data.microsoft.com is 0.0.0.0
3758:Jul 31 08:01:22 dnsmasq[28748]: query[A] web.vortex.data.microsoft.com from 192.168.1.1
3759:Jul 31 08:01:22 dnsmasq[28748]: gravity blocked web.vortex.data.microsoft.com is 0.0.0.0
3760-Jul 31 08:01:22 dnsmasq[28748]: query[A] google.com from 192.168.1.1
3761-Jul 31 08:01:22 dnsmasq[28748]: cached google.com is 172.217.4.238
--
3791:Jul 31 08:02:10 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
3792:Jul 31 08:02:11 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3793-Jul 31 08:02:34 dnsmasq[28748]: query[A] apple.imap.mail.yahoo.com from 192.168.1.1
3794-Jul 31 08:02:34 dnsmasq[28748]: forwarded apple.imap.mail.yahoo.com to 8.8.4.4
--
3915:Jul 31 08:02:52 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.2
3916:Jul 31 08:02:52 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
3917:Jul 31 08:02:52 dnsmasq[28748]: query[type=65479] vortex.data.microsoft.com from 192.168.1.2
3918:Jul 31 08:02:52 dnsmasq[28748]: config vortex.data.microsoft.com is NODATA
3919:Jul 31 08:02:52 dnsmasq[28748]: query[A] web.vortex.data.microsoft.com from 192.168.1.2
3920:Jul 31 08:02:52 dnsmasq[28748]: gravity blocked web.vortex.data.microsoft.com is 0.0.0.0
3921:Jul 31 08:02:52 dnsmasq[28748]: query[type=65479] web.vortex.data.microsoft.com from 192.168.1.2
3922:Jul 31 08:02:52 dnsmasq[28748]: gravity blocked web.vortex.data.microsoft.com is 0.0.0.0
3923-Jul 31 08:02:55 dnsmasq[28748]: query[type=65479] keyvalueservice-g.fe.apple-dns.net from 192.168.1.2
3924-Jul 31 08:02:55 dnsmasq[28748]: forwarded keyvalueservice-g.fe.apple-dns.net to 8.8.4.4
--
4805:Jul 31 08:06:27 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
4806:Jul 31 08:06:27 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
4807-Jul 31 08:06:29 dnsmasq[28748]: query[A] clientservices.googleapis.com from 192.168.1.1
4808-Jul 31 08:06:29 dnsmasq[28748]: forwarded clientservices.googleapis.com to 8.8.4.4
--
5196:Jul 31 08:14:59 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
5197:Jul 31 08:14:59 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
5198-Jul 31 08:15:00 dnsmasq[28748]: query[A] e12930.dscksd.akamaiedge.net from 192.168.1.13
5199-Jul 31 08:15:00 dnsmasq[28748]: forwarded e12930.dscksd.akamaiedge.net to 8.8.8.8
--
7786:Jul 31 08:51:43 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.1
7787:Jul 31 08:51:43 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
7788-Jul 31 08:51:45 dnsmasq[28748]: query[A] webmail.sscinc.com from 192.168.1.1
7789-Jul 31 08:51:45 dnsmasq[28748]: forwarded webmail.sscinc.com to 8.8.4.4
--
9491:Jul 31 09:08:50 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.3
9492:Jul 31 09:08:50 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
9493:Jul 31 09:08:51 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.3
9494:Jul 31 09:08:51 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
9495-Jul 31 09:08:57 dnsmasq[28748]: query[A] graph.oculus.com from 192.168.1.1
9496-Jul 31 09:08:57 dnsmasq[28748]: forwarded graph.oculus.com to 8.8.8.8
--
10497:Jul 31 09:13:55 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.3
10498:Jul 31 09:13:55 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
10499-Jul 31 09:13:56 dnsmasq[28748]: query[A] g.live.com from 192.168.1.3
10500-Jul 31 09:13:56 dnsmasq[28748]: forwarded g.live.com to 8.8.8.8
--
11577:Jul 31 09:20:35 dnsmasq[28748]: query[A] vortex.data.microsoft.com from 192.168.1.2
11578:Jul 31 09:20:35 dnsmasq[28748]: config vortex.data.microsoft.com is 0.0.0.0
11579-Jul 31 09:20:35 dnsmasq[28748]: query[A] people-pa.googleapis.com from 192.168.1.13
11580-Jul 31 09:20:35 dnsmasq[28748]: forwarded people-pa.googleapis.com to 8.8.4.4
--
12069:Jul 31 09:23:32 dnsmasq[2586]: query[A] vortex.data.microsoft.com from 192.168.1.1
12070:Jul 31 09:23:32 dnsmasq[2586]: config vortex.data.microsoft.com is 0.0.0.0
12071-Jul 31 09:23:35 dnsmasq[2586]: query[A] nexusrules.officeapps.live.com from 192.168.1.1
12072-Jul 31 09:23:35 dnsmasq[2586]: gravity blocked nexusrules.officeapps.live.com is 0.0.0.0
--
14012:Jul 31 09:45:52 dnsmasq[2586]: query[A] vortex.data.microsoft.com from 192.168.1.1
14013:Jul 31 09:45:52 dnsmasq[2586]: config vortex.data.microsoft.com is 0.0.0.0
14014-Jul 31 09:45:55 dnsmasq[2586]: query[A] pbs.twimg.com from 192.168.1.13
14015-Jul 31 09:45:55 dnsmasq[2586]: forwarded pbs.twimg.com to 208.67.220.220
--
14709:Jul 31 09:56:56 dnsmasq[2586]: query[A] vortex.data.microsoft.com from 192.168.1.1
14710:Jul 31 09:56:56 dnsmasq[2586]: config vortex.data.microsoft.com is 0.0.0.0
14711:Jul 31 09:56:56 dnsmasq[2586]: query[AAAA] vortex.data.microsoft.com from 192.168.1.1
14712:Jul 31 09:56:56 dnsmasq[2586]: config vortex.data.microsoft.com is ::
14713-Jul 31 09:57:06 dnsmasq[2586]: query[A] i.ytimg.com from 192.168.1.1
14714-Jul 31 09:57:06 dnsmasq[2586]: forwarded i.ytimg.com to 208.67.222.222
--
14894:Jul 31 10:01:30 dnsmasq[2586]: query[A] vortex.data.microsoft.com from 192.168.1.9
14895:Jul 31 10:01:30 dnsmasq[2586]: config vortex.data.microsoft.com is 0.0.0.0
14896:Jul 31 10:01:30 dnsmasq[2586]: query[AAAA] vortex.data.microsoft.com from 192.168.1.9
14897:Jul 31 10:01:30 dnsmasq[2586]: config vortex.data.microsoft.com is ::
14898-Jul 31 10:01:31 dnsmasq[2586]: query[A] get-maps-bx.g.aaplimg.com from 192.168.1.2
14899-Jul 31 10:01:31 dnsmasq[2586]: forwarded get-maps-bx.g.aaplimg.com to 208.67.220.220

Bucking_Horn · July 31, 2020, 4:03pm

(I see you queried that domain quite a lot lately )

That last line should read regex blacklisted rather than config if it was indeed a regex entry.

Let's look for stray hostname definitions next.
On your Pi-hole machine, what's the output of:

grep -nR "vortex.data.microsoft.com" /etc/pihole/*.list /etc/hosts

Drummer · July 31, 2020, 4:06pm

I was trying my best to self troubleshoot... Didn't work

Drummer · July 31, 2020, 4:14pm

Nothing. It once again just goes to the next command line.

Bucking_Horn · July 31, 2020, 4:32pm

And one last location to look at:

grep -nR "vortex.data.microsoft.com" /etc/dnsmasq.d/

Where do you run your Pi-hole on?

Drummer · July 31, 2020, 4:34pm

"grep -nR "vortex.data.microsoft.com" /etc/dnsmasq.d/"

/etc/dnsmasq.d/filter_lists.conf:35458:address=/vortex.data.microsoft.com/#

It's on a raspberry pi zero running Raspbian

Bucking_Horn · July 31, 2020, 4:39pm

That's it !
That entry is responsible for the blocking.

Have a look at that file's content for what else is blocked that way:

cat /etc/dnsmasq.d/filter_lists.conf

Go and delete the offending line or the whole file accordingly.

Also, that is not a file Pi-hole would create.

Any idea what or who put that in there?

deHakkelaar · July 31, 2020, 4:39pm

Face plant

Who would have thought

DanSchaper · July 31, 2020, 4:40pm

system · August 21, 2020, 5:12pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.