Whitelisting nach Update auf aktuelle Version


#1

Seit dem letzten Update habe ich das Problem, dass ich keine Domains mehr auf die Whitelist setzen kann. Die Domains werden zwar eingetragen (per GUI oder CommandLine), sind aber weiterhin gesperrt.

Hat jemand eine Idee woran es liegen kann? (Cache geleert, Pihole neustart etc - alles schon probiert)

Pi-hole Version v4.2.1 Web Interface Version v4.2 FTL Version v4.2.1


#2

Can you provide some examples?


#3

abload.de xxx.fritz.box Blocked (gravity)

 Match found in Whitelist
   abload.de
   www.abload.de
 Match found in https://raw.githubusercontent.com/EnergizedProtection/EnergizedHosts/master/EnergizedMalware/energized/EnergizedMalware.txt:
   abload.de
 Match found in https://www.squidblacklist.org/downloads/dg-malicious.acl:
   abload.de
 Match found in https://www.squidblacklist.org/downloads/squid-malicious.acl:
   .abload.de
 Match found in https://raw.githubusercontent.com/EnergizedProtection/block/master/ultimate/formats/hosts.txt:
   abload.de
   www.abload.de
 Match found in https://raw.githubusercontent.com/CamelCase11/UnifiedHosts/master/hosts.all:
   h-5.abload.de
   www.abload.de
 Match found in https://tspprs.com/dl/ads:
   www.abload.de
 Match found in https://tspprs.com/dl/olhf:
   www.abload.de

#4

What are the results of digs to those whitelisted domains (from the Pi terminal):

dig abload.de

dig www.abload.de


#5
; <<>> DiG 9.10.3-P4-Debian <<>> abload.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36225
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;abload.de.                     IN      A

;; ANSWER SECTION:
abload.de.              2       IN      A       0.0.0.0

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 08 16:47:30 CET 2019
;; MSG SIZE  rcvd: 54


; <<>> DiG 9.10.3-P4-Debian <<>> www.abload.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35859
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.abload.de.                 IN      A

;; ANSWER SECTION:
www.abload.de.          60      IN      CNAME   abload.de.
abload.de.              60      IN      A       176.9.51.10

;; AUTHORITY SECTION:
abload.de.              604768  IN      NS      ns1.your-server.de.
abload.de.              604768  IN      NS      ns.second-ns.com.
abload.de.              604768  IN      NS      ns3.second-ns.de.

;; Query time: 100 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 08 16:48:04 CET 2019
;; MSG SIZE  rcvd: 160

#6

One of them is being blocked by Pi-Hole, the other is not.

Run pihole -g to update gravity (which will remove whitelist items from gravity during the process), and see if “abload.de” is blocked after that.


#7
**[i] Consolidating blocklists.../opt/pihole/gravity.sh: line 450: warning: command substitution: ignored null byte in input**
  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 10085894
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 2803239
  [i] Number of whitelisted domains: 1783
  [i] Number of blacklisted domains: 1
  [i] Number of regex filters: 7853
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter



; <<>> DiG 9.10.3-P4-Debian <<>> abload.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42610
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;abload.de.                     IN      A

;; ANSWER SECTION:
abload.de.              2       IN      A       0.0.0.0

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 08 17:27:02 CET 2019
;; MSG SIZE  rcvd: 54

#8

Run this and we’ll see where the queries are going.

sudo grep abload.de /var/log/pihole.log | tail -n20


#9
Feb  8 16:14:52 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:14:52 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:16:00 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:16:00 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:37:51 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:37:51 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:37:56 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:37:56 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:47:30 dnsmasq[782]: query[A] abload.de from 127.0.0.1
Feb  8 16:47:30 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:48:03 dnsmasq[782]: query[A] www.abload.de from 127.0.0.1
Feb  8 16:48:03 dnsmasq[782]: forwarded www.abload.de to 84.200.69.80
Feb  8 16:48:04 dnsmasq[782]: reply www.abload.de is <CNAME>
Feb  8 16:48:04 dnsmasq[782]: reply abload.de is 176.9.51.10
Feb  8 17:26:55 dnsmasq[782]: query[A] www.abload.de from 127.0.0.1
Feb  8 17:26:55 dnsmasq[782]: forwarded www.abload.de to 84.200.70.40
Feb  8 17:26:55 dnsmasq[782]: reply www.abload.de is <CNAME>
Feb  8 17:26:55 dnsmasq[782]: reply abload.de is 176.9.51.10
Feb  8 17:27:02 dnsmasq[782]: query[A] abload.de from 127.0.0.1
Feb  8 17:27:02 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0

#10

Two more checks:

sudo grep abload.de /etc/pihole/gravity.list

sudo grep abload.de /etc/pihole/whitelist.txt


#11
 sudo grep abload.de /etc/pihole/gravity.list
   .abload.de
    h-5.abload.de

sudo grep abload.de /etc/pihole/whitelist.txt
   abload.de
   www.abload.de

#14
 Match found in https://www.squidblacklist.org/downloads/squid-malicious.acl:
   .abload.de

#15

Add .abload.de to your whitelist and test again.


#16

.abload.de is not a valid domain

GUI and CommandLine


#19

Es scheint ja ein Problem des Listenfomates von squidblacklist.org zu sein, da müssen die . weg


#20

Looking at this list, one of the comments at the top is that this is a proxy list and the format may not be compatible with Pi-Hole, which uses HOSTS format.

#  squid-malicious: blacklist compiled for use as a squid proxy acl by squidblacklist.org. 

Remove this list from your blocklist, update gravity and see if this resolves the problem.


#21

Problem gelöst, schade nur, dass die Liste nicht verwendet werden kann. Gibt es den keine Möglichkeit, die Liste zu bereinigen und für Pi-Hole nutzbar zu machen?


#22

The leading “.” would have to be removed.


#23

Genau, dass hatte ich ja geschrieben, dass der “.” weg muss. Vielleicht kann es in der nächsten Version mit umgesetzt werden.


#24

Du hast eine Liste benutzt, die nicht für Pi-hole gedacht ist. Benutze einfach dieses hier:

https://www.squidblacklist.org/downloads/dg-malicious.acl

Gute Blocklisten für Pi-hole findest du (immer noch) auf dieser Seite: