Page 1 of 2

Problem with Pi-Hole and Prevent Internet sites from request

Posted: Wed Mar 29, 2017 5:11 pm
by yes_noscript
I use a RaspberryPi with Pi-Hole as ad- and trackingblocker for all devices in my network.
But with enabled ABE the default SYSTEM rule block for example the https://decentraleyes.org/test/ test.

How can i modify it so requests from the Pi-Hole (only avaiable over LAN) are allowed?

Edit: I mean that rule:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Wed Mar 29, 2017 6:36 pm
by barbaz
So Pi-Hole is just loading downloadable HOSTS files into dnsmasq, correct?

If so, the solution is actually to modify the HOSTS files. Point blocked domains to 0.0.0.0 instead of 127.0.0.1. Or change the download URLs of the HOSTS files to the 0.0.0.0 versions, where available.

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Wed Mar 29, 2017 6:59 pm
by yes_noscript
I dont know how Pi-Hole works :mrgreen: I'm not a linux guy.
Did you know how i do that?

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Wed Mar 29, 2017 8:34 pm
by barbaz
Wait, hang on, it also redirects some blocked requests to a local server. Try putting this at the very top of SYSTEM -

Code: Select all

Site ^https?://192\.168\.1\.101[:/]
Accept

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Wed Mar 29, 2017 9:14 pm
by yes_noscript
Thank you very much!
That works perfect!

Does that disable the "Prevent Internet sites from requesting LAN resources." rule?

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Wed Mar 29, 2017 11:44 pm
by barbaz
yes_noscript wrote:Thank you very much!
That works perfect!
You're welcome! Image
yes_noscript wrote:Does that disable the "Prevent Internet sites from requesting LAN resources." rule?
Only for requests to that one local server. Everything else on your local network, including your own computer, is still protected just as before.

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Thu Mar 30, 2017 9:25 am
by yes_noscript
Thanks!
Yeah, yesterday i see that the protection still works.

:)

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Thu Mar 30, 2017 5:56 pm
by yes_noscript
Argh, today i found that:

Code: Select all

[ABE] < LOCAL> Deny on {GET https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js <<< https://forum.xda-developers.com/oneplus-2/development/6-0-x-cyanogenmod-13-oneplus-2-t3292436/page1413 - 2}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
Is that because of Decentraleyes? But i wonder why i doesnt get that before Pi-Hole

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Thu Mar 30, 2017 7:25 pm
by barbaz
Please post the DNS lookup of ajax.googleapis.com

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Sat Apr 01, 2017 8:29 am
by yes_noscript
nslookup ajax.googleapis.com
Server: UnKnown
Address: fd00::8312:a96:59ec:10d6:ca6a

*** ajax.googleapis.com wurde von UnKnown nicht gefunden: No response from server.

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Sat Apr 01, 2017 9:28 pm
by barbaz
Image That's a rather odd response for a dnsmasq-based blacklist. Maybe I'm still missing something about how Pi-Hole works, but my own dnsmasq-based blacklisting attempts always resulted in either 0.0.0.0 or NXDOMAIN being returned.
yes_noscript wrote:But i wonder why i doesnt get that before Pi-Hole
So if you disable Pi-Hole, any change in the ABE warning and/or DNS lookup of ajax.googleapis.com?

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Sun Apr 02, 2017 7:58 am
by yes_noscript
I mean i got no such ABE errors before Pi-Hole.

When i disable Pi-Hole and clear the DNS-Cache i get the same DNS result

Did you have the same problem with for example XDA-forums and the Thanks-button?

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Sun Apr 02, 2017 3:16 pm
by barbaz
yes_noscript wrote:When i disable Pi-Hole and clear the DNS-Cache i get the same DNS result
Then the ABE warning cannot related to Pi-Hole, can it? So please try re-enabling Pi-Hole and disabling Decentraleyes. Do you still get the ABE warning?

Probably the DNS failure is at your upstream DNS servers then.
yes_noscript wrote:Did you have the same problem with for example XDA-forums and the Thanks-button?
I'm not a member of that site, so I'm not sure what you're referring to. Image

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Sun Apr 02, 2017 4:51 pm
by yes_noscript
Yes, i still get the ABE errors with disabled Decentralyes and a browser restart.
I use Decentraleyes a long time but the error is new.

Re: Problem with Pi-Hole and Prevent Internet sites from req

Posted: Sun Apr 02, 2017 5:18 pm
by barbaz
Hmm. When you get that error, what does about:networking give for the DNS lookup of ajax.googleapis.com?