Some issues with blocked domains


I have a couple of question in regards to block domains. I recently realized that the domains - supposedly “Login Screens” ? - no idea, UK Go-Karting company

are blocked.
I managed somehow to figure out the category of, but I can’t remember how I found that. Can you give me some pointers please how I find out the category?

How can I “unblock” a domain? I am aware I can add a rule on my policy, but is this the “right” way, or is there a “better” way?


Tom shows domain categories. The Go-Kart place is also classified as Login Screen. If you feel that’s incorrect, you can request an update from that same radar lookup.

That depends on your existing rules. Either remove whatever it falls under, or add a higher priority rule to Allow that hostname.

1 Like

Thanks, I have done that now with domain rules. But it takes ages that it comes active.
How long is it supposed to take? I am waiting now for at least 10 minutes.

I am doing host $DOMAIN lookups (querying Pi-Hole) from internal and I am still served a SERVFAIL as before. I am using to validate the DNS response I get on Pi-Hole locally and it is the same for regular DNS. Pi-Hole itself is configured to use the DOH uplink, but the local resolver is using regular DNS.

I just did a local lookup directly to “cloudflared” and I got a response - but a Cloudflare IP. So it seems Pi-Hole is doing some strange there…
Ah: The logs show it fails DNSSEC validation. That works. Cool.



I’ve found that Gateway Policy changes can take a while go take effect. Possibly due to DNS caching. Eventually my changes go through, but I’ve never timed them to see the the maximum time it’s taken.

Thanks again.

I am querying directly cloudflared via regular DNS. I have allowed “” and “” as “Domain” “is” “Value”. And still getting a Cloudflare IP.
There is no caching involved here at all, as I query directly - except cloudflared is caching too.
But: The record’s TTL is 60 seconds and I am way past that.

I am reconfiguring the uplink DNS server to use regular DNS. That’s quicker than having to wait
each time for getting perfectly valid and legitimate domains to be whitelisted.
Done that: took 2s and didn’t even require a browser restart. Now it works without Cloudflare.

On a sidenote - community.cloudflare complains that somebody posted already a problem about - and that’s my own post. Way to go!

Thanks anyway and for trying to help