Whitelisting nach Update auf aktuelle Version

peneu76 · February 8, 2019, 3:20pm

Seit dem letzten Update habe ich das Problem, dass ich keine Domains mehr auf die Whitelist setzen kann. Die Domains werden zwar eingetragen (per GUI oder CommandLine), sind aber weiterhin gesperrt.

Hat jemand eine Idee woran es liegen kann? (Cache geleert, Pihole neustart etc - alles schon probiert)

Pi-hole Version v4.2.1 Web Interface Version v4.2 FTL Version v4.2.1

jfb · February 8, 2019, 3:26pm

Can you provide some examples?

peneu76 · February 8, 2019, 3:39pm

abload.de xxx.fritz.box Blocked (gravity)

 Match found in Whitelist
   abload.de
   www.abload.de
 Match found in https://raw.githubusercontent.com/EnergizedProtection/EnergizedHosts/master/EnergizedMalware/energized/EnergizedMalware.txt:
   abload.de
 Match found in https://www.squidblacklist.org/downloads/dg-malicious.acl:
   abload.de
 Match found in https://www.squidblacklist.org/downloads/squid-malicious.acl:
   .abload.de
 Match found in https://raw.githubusercontent.com/EnergizedProtection/block/master/ultimate/formats/hosts.txt:
   abload.de
   www.abload.de
 Match found in https://raw.githubusercontent.com/CamelCase11/UnifiedHosts/master/hosts.all:
   h-5.abload.de
   www.abload.de
 Match found in https://tspprs.com/dl/ads:
   www.abload.de
 Match found in https://tspprs.com/dl/olhf:
   www.abload.de

jfb · February 8, 2019, 3:46pm

What are the results of digs to those whitelisted domains (from the Pi terminal):

dig abload.de

dig www.abload.de

peneu76 · February 8, 2019, 3:48pm

; <<>> DiG 9.10.3-P4-Debian <<>> abload.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36225
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;abload.de.                     IN      A

;; ANSWER SECTION:
abload.de.              2       IN      A       0.0.0.0

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 08 16:47:30 CET 2019
;; MSG SIZE  rcvd: 54


; <<>> DiG 9.10.3-P4-Debian <<>> www.abload.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35859
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.abload.de.                 IN      A

;; ANSWER SECTION:
www.abload.de.          60      IN      CNAME   abload.de.
abload.de.              60      IN      A       176.9.51.10

;; AUTHORITY SECTION:
abload.de.              604768  IN      NS      ns1.your-server.de.
abload.de.              604768  IN      NS      ns.second-ns.com.
abload.de.              604768  IN      NS      ns3.second-ns.de.

;; Query time: 100 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 08 16:48:04 CET 2019
;; MSG SIZE  rcvd: 160

jfb · February 8, 2019, 3:53pm

One of them is being blocked by Pi-Hole, the other is not.

Run pihole -g to update gravity (which will remove whitelist items from gravity during the process), and see if "abload.de" is blocked after that.

peneu76 · February 8, 2019, 4:26pm

**[i] Consolidating blocklists.../opt/pihole/gravity.sh: line 450: warning: command substitution: ignored null byte in input**
  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 10085894
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 2803239
  [i] Number of whitelisted domains: 1783
  [i] Number of blacklisted domains: 1
  [i] Number of regex filters: 7853
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter



; <<>> DiG 9.10.3-P4-Debian <<>> abload.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42610
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;abload.de.                     IN      A

;; ANSWER SECTION:
abload.de.              2       IN      A       0.0.0.0

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 08 17:27:02 CET 2019
;; MSG SIZE  rcvd: 54

jfb · February 8, 2019, 4:36pm

Run this and we'll see where the queries are going.

sudo grep abload.de /var/log/pihole.log | tail -n20

peneu76 · February 8, 2019, 4:50pm

Feb  8 16:14:52 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:14:52 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:16:00 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:16:00 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:37:51 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:37:51 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:37:56 dnsmasq[782]: query[A] abload.de from 192.168.3.17
Feb  8 16:37:56 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:47:30 dnsmasq[782]: query[A] abload.de from 127.0.0.1
Feb  8 16:47:30 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0
Feb  8 16:48:03 dnsmasq[782]: query[A] www.abload.de from 127.0.0.1
Feb  8 16:48:03 dnsmasq[782]: forwarded www.abload.de to 84.200.69.80
Feb  8 16:48:04 dnsmasq[782]: reply www.abload.de is <CNAME>
Feb  8 16:48:04 dnsmasq[782]: reply abload.de is 176.9.51.10
Feb  8 17:26:55 dnsmasq[782]: query[A] www.abload.de from 127.0.0.1
Feb  8 17:26:55 dnsmasq[782]: forwarded www.abload.de to 84.200.70.40
Feb  8 17:26:55 dnsmasq[782]: reply www.abload.de is <CNAME>
Feb  8 17:26:55 dnsmasq[782]: reply abload.de is 176.9.51.10
Feb  8 17:27:02 dnsmasq[782]: query[A] abload.de from 127.0.0.1
Feb  8 17:27:02 dnsmasq[782]: /etc/pihole/gravity.list abload.de is 0.0.0.0

jfb · February 8, 2019, 4:54pm

Two more checks:

sudo grep abload.de /etc/pihole/gravity.list

sudo grep abload.de /etc/pihole/whitelist.txt

peneu76 · February 8, 2019, 4:54pm

 sudo grep abload.de /etc/pihole/gravity.list
   .abload.de
    h-5.abload.de

sudo grep abload.de /etc/pihole/whitelist.txt
   abload.de
   www.abload.de

peneu76 · February 8, 2019, 4:57pm

 Match found in https://www.squidblacklist.org/downloads/squid-malicious.acl:
   .abload.de

jfb · February 8, 2019, 4:58pm

Add .abload.de to your whitelist and test again.

peneu76 · February 8, 2019, 5:02pm

.abload.de is not a valid domain

GUI and CommandLine

peneu76 · February 8, 2019, 5:09pm

Es scheint ja ein Problem des Listenfomates von squidblacklist.org zu sein, da müssen die . weg

jfb · February 8, 2019, 5:11pm

Looking at this list, one of the comments at the top is that this is a proxy list and the format may not be compatible with Pi-Hole, which uses HOSTS format.

#  squid-malicious: blacklist compiled for use as a squid proxy acl by squidblacklist.org.

Remove this list from your blocklist, update gravity and see if this resolves the problem.

peneu76 · February 8, 2019, 5:30pm

Problem gelöst, schade nur, dass die Liste nicht verwendet werden kann. Gibt es den keine Möglichkeit, die Liste zu bereinigen und für Pi-Hole nutzbar zu machen?

jfb · February 8, 2019, 5:32pm

The leading "." would have to be removed.

peneu76 · February 8, 2019, 5:33pm

Genau, dass hatte ich ja geschrieben, dass der "." weg muss. Vielleicht kann es in der nächsten Version mit umgesetzt werden.

frankrpi3 · February 9, 2019, 8:53am

Du hast eine Liste benutzt, die nicht für Pi-hole gedacht ist. Benutze einfach dieses hier:

https://www.squidblacklist.org/downloads/dg-malicious.acl

Gute Blocklisten für Pi-hole findest du (immer noch) auf dieser Seite: