Why do I see "bad address at" in pihole.log?

If you see entries referencing a bad address in your /var/log/pihole.log, such as the examples below:

Jul  5 22:18:15 dnsmasq[5018]: bad address at /etc/pihole/local.list line 2
Jul  5 22:18:15 dnsmasq[5018]: bad address at /etc/pihole/gravity.list line 4

this typically means the file dnsmasq is attempting to read from contains a syntax error. Make sure these files are formatted as a HOSTS file:

<SOME_IP_ADDRESS> <somedomain.com> pi.hole


There is another point:
the contents of the delivered hosts files must be correct. At the moment I have 3 entries in the gravity.list, build from received hosts files, defined in adlists.list.

Jul 6 15:56:41: warning: ignoring resolv-file flag because no-resolv is set
Jul 6 15:56:41: using nameserver xxxxxxxxxx#53
Jul 6 15:56:41: using nameserver xxxxxxxxxx#53
Jul 6 15:56:41: read /etc/hosts - 11 addresses
Jul 6 15:56:41: read /etc/pihole/black.list - 16 addresses
Jul 6 15:56:41: read /etc/pihole/local.list - 2 addresses
Jul 6 15:56:53: bad name at /etc/pihole/gravity.list line 650263
Jul 6 15:57:03: bad name at /etc/pihole/gravity.list line 1320483
Jul 6 15:57:08: bad name at /etc/pihole/gravity.list line 1611793
Jul 6 15:57:10: read /etc/pihole/gravity.list - 1741821 addresses
Jul 6 15:57:10: read /etc/customRedirect.list - 2 addresses

These lines are: iclo��d.com
In Notepad (encoding UTF 8) this is shown as icloxFCd.com with xFC in white letters on black background
I think it must be a mis typed icloud.com verif�tion.com , displayed as verifxECtion.com in Notepad www.p⺰al.com , displayed as www.pxE1ypal.com in Notepad

So, if the delivered files doesn’t have a correct URL, also this ‘bad name’ message is generated.
At this moment I cannot find which of the delivered hosts file is the cause. The ‘Find’ command in Notepad in all list files doesn’t work because the non UTF-8 decoding of the URL.

Maybe the Pihole parser can check if the URL is correct before adding the URL to the list.preEventHorizon list to avoid this error messages.

We do check for a valid domain with a snippet of perl code…I didn’t write the code myself, but thus far, it seems to be working.

I suspect what you are seeing is a phising attempt using unicode domain names that appear to look like legitimate sites. So you would probably want these domains on your blacklist to begin with. I guess dnsmasq doesn’t understand how to use these domains…I’ll have to look into this more and check with the rest of the team.

It should be very nice if these kind of phising sites are automatically placed on a separate blacklist in de pihole.
A user can activate of disable the use of this separate blacklist (so before the pihole -g procedure starts).

A future request from me.