Closed ZzZombo closed 8 months ago
ShreyasZare
commented
9 months ago Thanks for the post. This error has nothing to do with the DNS server's blocking feature so does not matter which block lists you have.
The problem is with the forwarder that you are using which is probably returning a CNAME record with invalid characters in it which the DNS server wont be able to cache and thus generate this error.
ZzZombo
commented
9 months ago Could you not cache them then?
ShreyasZare
commented
9 months ago Could you not cache them then?
Its already getting cached as a Failure cache record. If you query the same domain name using the DNS Client tab on the admin panel then it will give you an extended DNS error report regarding that.
You can configure the Cache Failure TTL from Settings > Cache section.
ZzZombo
commented
9 months ago I mean if it is for this reason the software fails to resolve a hostname that it is unable to cache the response, then it's might be a good idea instead bail on caching and proceed w/o that?
ShreyasZare
commented
9 months ago I mean if it is for this reason the software fails to resolve a hostname that it is unable to cache the response, then it's might be a good idea instead bail on caching and proceed w/o that?
The actual issue is with the received domain name which is using invalid characters. So, that invalid domain name in response is as good as failed even if the DNS server returns it as-is. There is no point is changing how the DNS server will handle such invalid domain names.
When I try to visit this website I get the following error in the log.
Log
``` [2023-09-27 21:22:40 Local] DNS Server failed to resolve the request 'private12.rs-cb.ru. A IN' using forwarders: localhost:530 (127.0.0.1). TechnitiumLibrary.Net.Dns.DnsClientException: Invalid domain name [###-#####----Blocked.domain----#####-###]: invalid character [35] was found. at TechnitiumLibrary.Net.Dns.DnsClient.IsDomainNameValid(String domain, Boolean throwException) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2235 at TechnitiumLibrary.Net.Dns.DnsCache.CacheResponse(DnsDatagram response, Boolean isDnssecBadCache, String zoneCut) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsCache.cs:line 1119 at TechnitiumLibrary.Net.Dns.DnsClient.<>c__DisplayClass76_0.<If that matters here is the list of my used block list URLs, since the log mentions blocked domains:
URLs
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt https://dbl.oisd.nl/ https://v.firebog.net/hosts/static/w3kbl.txt https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt https://v.firebog.net/hosts/AdguardDNS.txt https://v.firebog.net/hosts/Admiral.txt https://v.firebog.net/hosts/Easylist.txt https://v.firebog.net/hosts/Easyprivacy.txt https://v.firebog.net/hosts/Prigent-Ads.txt https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt https://phishing.army/download/phishing_army_blocklist_extended.txt https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt http://localhost:5380/blocklist.txt https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt https://dbl.oisd.nl/ https://v.firebog.net/hosts/static/w3kbl.txt https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt https://v.firebog.net/hosts/AdguardDNS.txt https://v.firebog.net/hosts/Admiral.txt https://v.firebog.net/hosts/Easylist.txt https://v.firebog.net/hosts/Easyprivacy.txt https://v.firebog.net/hosts/Prigent-Ads.txt https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt https://phishing.army/download/phishing_army_blocklist_extended.txt https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt http://localhost:5380/blocklist.txtHowever, the software displays no reaction to having the blocking feature disabled in the settings at all other than by letting the would-be blocked requests through by resolving them normally, so this leaves me confused.