Why do I see "bad address at" in pihole.log?


#1

If you see entries referencing a bad address in your /var/log/pihole.log, such as the examples below:

Jul  5 22:18:15 dnsmasq[5018]: bad address at /etc/pihole/local.list line 2
Jul  5 22:18:15 dnsmasq[5018]: bad address at /etc/pihole/gravity.list line 4

this typically means the file dnsmasq is attempting to read from contains a syntax error. Make sure these files are formatted as a HOSTS file:

<SOME_IP_ADDRESS> <somedomain.com>
10.10.10.2 pi.hole

#2

Jacob

There is another point:
the contents of the delivered hosts files must be correct. At the moment I have 3 entries in the gravity.list, build from received hosts files, defined in adlists.list.

Jul 6 15:56:41: warning: ignoring resolv-file flag because no-resolv is set
Jul 6 15:56:41: using nameserver xxxxxxxxxx#53
Jul 6 15:56:41: using nameserver xxxxxxxxxx#53
Jul 6 15:56:41: read /etc/hosts - 11 addresses
Jul 6 15:56:41: read /etc/pihole/black.list - 16 addresses
Jul 6 15:56:41: read /etc/pihole/local.list - 2 addresses
Jul 6 15:56:53: bad name at /etc/pihole/gravity.list line 650263
Jul 6 15:57:03: bad name at /etc/pihole/gravity.list line 1320483
Jul 6 15:57:08: bad name at /etc/pihole/gravity.list line 1611793
Jul 6 15:57:10: read /etc/pihole/gravity.list - 1741821 addresses
Jul 6 15:57:10: read /etc/customRedirect.list - 2 addresses

These lines are:

192.168.2.210 iclo��d.com
In Notepad (encoding UTF 8) this is shown as icloxFCd.com with xFC in white letters on black background
I think it must be a mis typed icloud.com

192.168.2.210 verif�tion.com , displayed as verifxECtion.com in Notepad

192.168.2.210 www.p⺰al.com , displayed as www.pxE1ypal.com in Notepad

So, if the delivered files doesn’t have a correct URL, also this ‘bad name’ message is generated.
At this moment I cannot find which of the delivered hosts file is the cause. The ‘Find’ command in Notepad in all list files doesn’t work because the non UTF-8 decoding of the URL.

Maybe the Pihole parser can check if the URL is correct before adding the URL to the list.preEventHorizon list to avoid this error messages.


#3

We do check for a valid domain with a snippet of perl code…I didn’t write the code myself, but thus far, it seems to be working.

I suspect what you are seeing is a phising attempt using unicode domain names that appear to look like legitimate sites. So you would probably want these domains on your blacklist to begin with. I guess dnsmasq doesn’t understand how to use these domains…I’ll have to look into this more and check with the rest of the team.


#4

It should be very nice if these kind of phising sites are automatically placed on a separate blacklist in de pihole.
A user can activate of disable the use of this separate blacklist (so before the pihole -g procedure starts).

A future request from me.