From 7481cb35cc85933f4845b8e382bdcee1ff730f4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 3 Dec 2021 14:12:26 +0100 Subject: [PATCH 1/6] Add FAQ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- mkdocs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mkdocs.yml b/mkdocs.yml index f329d0b..1430546 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -172,6 +172,7 @@ nav: - 'Router setup': - 'Fritz!Box (EN)': routers/fritzbox.md - 'Fritz!Box (DE)': routers/fritzbox-de.md + - 'FAQ': main/faq.md - 'Community Projects': main/projects.md extra: From 8f59af06a4de8ed0e4ac4595ffe835d585843a98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 3 Dec 2021 14:15:25 +0100 Subject: [PATCH 2/6] Add frist questions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- docs/main/faq.md | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 docs/main/faq.md diff --git a/docs/main/faq.md b/docs/main/faq.md new file mode 100644 index 0000000..cc5367d --- /dev/null +++ b/docs/main/faq.md @@ -0,0 +1,57 @@ +## Frequently Asked Questions + +This is a collection of questions that were asked repeatedly on discourse or github. + +### Odd random character queries in Pi-hole's query logs + +You see three queries containing only random strings, sometimes with the local domain suffix, like + +```bash +yfjmdpisrvyrnq +attxnwheeeuiad +nskywzjbpj +``` + +**Solution:** + +This happens when using Chrome-based browsers. Chrome tries to find out if someone is messing up with the DNS (i.e. wildcard DNS servers to catch all domains). Chrome does this by issuing DNS requests to randomly generated domain names with bewteen 7 and 15 characters + +In a normal setup this results in a “No such name” response from your DNS server. If the DNS server you use has a wildcard setup, each of these requests will result in a response (which is normally even the same) so Chrome knows that there is someone messing around with DNS responses. + +Link to [Chromium's source code](https://chromium.googlesource.com/chromium/src/+/refs/heads/main/chrome/browser/intranet_redirect_detector.cc#132) explaining the function. + +### Pi-hole update fails due to repository changed it's 'Suite' value + +This happens after a manual OS upgrade to the next major version on deb based systems. A typical message is + +```bash +Repository 'http://archive.raspberrypi.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable' +``` + +**Solution:** + +```bash +sudo apt-get update --allow-releaseinfo-change +``` + +### Pi-hole's gravity complains about invalid IDN domains + +During a gravity update, Pi-hole complains about some invalid Internationalized Domain Names (IDN) domains + +```bash + Sample of invalid domains: + - test.中国 + - test.рф + - test.भारत + - e-geräteundhaus.com + - rëddït.com +``` + +**Solution:** + +Internationalizing Domain Names in Applications (IDNA) was conceived to allow client-side use of language-specific characters in domain names without requiring any existing infrastructure (DNS servers, mall servers, etc., including associated protocols) to change. But, the corresponding original [RFC 3490](https://tools.ietf.org/html/rfc3490) clearly states that IDNA is employed at application level, not on the server side. +Hence, DNS servers never see any IDN domain name, which means DNS records do not store IDN domain names at all, only their [Punycode](https://en.wikipedia.org/wiki/Punycode) representations. + +Therefore, ask the list maintainer to convert the IDNs to their punycode representation. + +{!abbreviations.md!} From 7f957b3e8a0009d9b995877b8fe322ee7468bb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 3 Dec 2021 14:50:53 +0100 Subject: [PATCH 3/6] Improve IDN section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- docs/main/faq.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/main/faq.md b/docs/main/faq.md index cc5367d..8a11a19 100644 --- a/docs/main/faq.md +++ b/docs/main/faq.md @@ -49,9 +49,9 @@ During a gravity update, Pi-hole complains about some invalid Internationalized **Solution:** -Internationalizing Domain Names in Applications (IDNA) was conceived to allow client-side use of language-specific characters in domain names without requiring any existing infrastructure (DNS servers, mall servers, etc., including associated protocols) to change. But, the corresponding original [RFC 3490](https://tools.ietf.org/html/rfc3490) clearly states that IDNA is employed at application level, not on the server side. +Ask the list maintainer to convert the IDNs to their punycode representation. + +Internationalizing Domain Names in Applications (IDNA) was conceived to allow client-side use of language-specific characters in domain names without requiring any existing infrastructure (DNS servers, mall servers, etc., including associated protocols) to change. Accordingly, the corresponding original [RFC 3490](https://tools.ietf.org/html/rfc3490) clearly states that IDNA is employed at application level, not on the server side. Hence, DNS servers never see any IDN domain name, which means DNS records do not store IDN domain names at all, only their [Punycode](https://en.wikipedia.org/wiki/Punycode) representations. -Therefore, ask the list maintainer to convert the IDNs to their punycode representation. - {!abbreviations.md!} From e3f44edd6d6719604f14dd146a0dbc2f23a3ea96 Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Sat, 4 Dec 2021 16:26:20 +0200 Subject: [PATCH 4/6] Update faq.md --- docs/main/faq.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/main/faq.md b/docs/main/faq.md index 8a11a19..2e2c26f 100644 --- a/docs/main/faq.md +++ b/docs/main/faq.md @@ -39,12 +39,12 @@ sudo apt-get update --allow-releaseinfo-change During a gravity update, Pi-hole complains about some invalid Internationalized Domain Names (IDN) domains ```bash - Sample of invalid domains: - - test.中国 - - test.рф - - test.भारत - - e-geräteundhaus.com - - rëddït.com +Sample of invalid domains: +- test.中国 +- test.рф +- test.भारत +- e-geräteundhaus.com +- rëddït.com ``` **Solution:** From df680df7681e07cc69b09b57190a3ca24604a2a4 Mon Sep 17 00:00:00 2001 From: Robin Schuster Date: Sat, 11 Dec 2021 21:18:30 +0100 Subject: [PATCH 5/6] Update fritzbox-de.md --- docs/routers/fritzbox-de.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/routers/fritzbox-de.md b/docs/routers/fritzbox-de.md index 14698a3..e9b57f0 100644 --- a/docs/routers/fritzbox-de.md +++ b/docs/routers/fritzbox-de.md @@ -1,7 +1,7 @@ Diese Anleitung wurde für FRITZ!OS 07.21 geschrieben, sollte jedoch auch mit anderen Firmware-Versionen funktionieren. Ziel ist es, grundlegende Prinzipien für ein reibungsloses Zusammenspiel zwischen Fritz!Box und Pi-hole zu verdeutlichen. > Hinweis: -Es gibt nicht nur **die eine Art**, eine funktionierende DNS System aufzusetzen. Konfiguriert euer Netzwerk nach euren Bedürfnissen. +Es gibt nicht nur **die eine Art**, ein funktionierendes DNS-System aufzusetzen. Konfiguriert euer Netzwerk nach euren Bedürfnissen. Diese Anleitung wurde für IPv4 geschrieben und muss für IPv6 Netwerke entsprechend angepasst werden. ### Erweiterte Ansicht aktivieren From ff9fb3dae6c21bb04112905065aa36b5d3e57a7f Mon Sep 17 00:00:00 2001 From: Bennet Schulz Date: Wed, 15 Dec 2021 05:46:58 +0100 Subject: [PATCH 6/6] Update unbound.md (#613) I guess this should be "traverse" instead of "transverse". --- docs/guides/dns/unbound.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/dns/unbound.md b/docs/guides/dns/unbound.md index 276836d..3756929 100644 --- a/docs/guides/dns/unbound.md +++ b/docs/guides/dns/unbound.md @@ -47,7 +47,7 @@ You can easily imagine even longer chains for subdomains as the query process co - Benefit: Privacy - as you're directly contacting the responsive servers, no server can fully log the exact paths you're going, as e.g. the Google DNS servers will only be asked if you want to visit a Google website, but not if you visit the website of your favorite newspaper, etc. -- Drawback: Traversing the path may be slow, especially for the first time you visit a website - while the bigger DNS providers always have answers for commonly used domains in their cache, you will have to transverse the path if you visit a page for the first time. The first request to a formerly unknown TLD may take up to a second (or even more if you're also using DNSSEC). Subsequent requests to domains under the same TLD usually complete in `< 0.1s`. +- Drawback: Traversing the path may be slow, especially for the first time you visit a website - while the bigger DNS providers always have answers for commonly used domains in their cache, you will have to traverse the path if you visit a page for the first time. The first request to a formerly unknown TLD may take up to a second (or even more if you're also using DNSSEC). Subsequent requests to domains under the same TLD usually complete in `< 0.1s`. Fortunately, both your Pi-hole as well as your recursive server will be configured for efficient caching to minimize the number of queries that will actually have to be performed. ## Setting up Pi-hole as a recursive DNS server solution