rdwebdesign
commented
5 months ago Can you please try to generate a new debug log?
Apparently there was an issue during the log creation and the last lines are not present (the log is truncated).
Closed metaben closed 3 months ago
rdwebdesign
commented
5 months ago Can you please try to generate a new debug log?
Apparently there was an issue during the log creation and the last lines are not present (the log is truncated).
DL6ER
commented
5 months ago This domain should have been converted to Punycode encoding (xn--_g-5ia1b) automatically, like so:
[!NOTE] This screenshot is from a Pi-hole v6.0 machine, though, so it may de different from what you are seeing (I cannot test v5.x right now).
Could you quickly verify in your /var/log/pihole/pihole.log if the domain is really queried like this in UTF-8 form? This would indeed violate the DNS standard and will always fail - as the NXDOMAIN reply confirms in your case.
metaben
commented
5 months ago Can you please try to generate a new debug log?
Apparently there was an issue during the log creation and the last lines are not present (the log is truncated).
ok sure. I used the admin UI to generate a new token: https://tricorder.pi-hole.net/dnzRup8A/ Size on disk is 31807.
metaben
commented
5 months ago Could you quickly verify in your
/var/log/pihole/pihole.logif the domain is really queried like this in UTF-8 form?
Here's what I'm seeing in pihole.log
Apr 3 17:08:06 dnsmasq[5130]: query[A] <name unprintable> from 192.168.88.210
Apr 3 17:08:06 dnsmasq[5130]: config <name unprintable> is NXDOMAINFor this bug, have also noticed that a domain can be on the blacklist and an allowed query at the same time.
Blacklist:
Audit log:
DL6ER
commented
5 months ago have also noticed that a domain can be on the blacklist and an allowed query at the same time
This is intentional and actually a feature. You may want to allow a domain for certain devices and block it for others. You can achieve this by assigning different groups to the two entries.
Here's what I'm seeing in pihole.log
Apr 3 17:08:06 dnsmasq[5130]: query[A]
from 192.168.88.210 Apr 3 17:08:06 dnsmasq[5130]: config is NXDOMAIN
So the illegal requests are made by whatever application is responsible for them. Non-ASCII is illegal in DNS so they'll never resolve.
metaben
commented
5 months ago Right, but staying on topic: why are they on the blocklist but not being blocked?
DL6ER
commented
5 months ago This is a good question, I assume there is some encoding issue going on, let's try to find this out.
Please try first
sqlite3 /etc/pihole/gravity.db "SELECT * FROM domainlist;"and quote the reply as copy & paste here.
metaben
commented
5 months ago sqlite3 /etc/pihole/gravity.db "SELECT * FROM domainlist;"and quote the reply as copy & paste here.
$ sqlite3 /etc/pihole/gravity.db "SELECT * FROM domainlist;"
1|1|srv.giraffic.com|1|1711993019|1711993019|Added from Query Log
2|0|cdn.jsdelivr.net|1|1712084293|1712085528|Discovery+
3|0|discovery-us.conax.cloud|1|1712084655|1712084655|Discovery+
4|0|js-agent.newrelic.com|1|1712084841|1712085521|Discovery+
5|0|cdn.cookielaw.org|1|1712084966|1712085525|Discovery+
7|1|ñ_gç|1|1712085500|1712085500|Added from Query Log
9|1|¹æº|1|1712261108|1712266215|Added from Audit Log
github-actions[bot]
commented
4 months ago This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.
Versions
Platform
Expected behavior
Saw a dns request for the domain "ñ_gç" in the query log and after blocking it, expected all future requests to be blocked.
Actual behavior / bug
The domain is on the blacklist but requests are not being blocked.
Steps to reproduce
Steps to reproduce the behavior:
Debug Token
Screenshots
Additional context
Might be utf-8 related? It doesn't look like a legitimate dns request to me.