majorlinux/majorwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
majorwiki/05-troubleshooting/networking/pihole-blocks-claude-desktop.md
majorlinux ae563efc9e docs: add Pi-hole AI blocklist / claude.ai ERR_CONNECTION_REFUSED article 
- New: 05-troubleshooting/networking/pihole-blocks-claude-desktop.md
  Covers diagnosis via FTL SQLite query log, gravity DB adlist lookup,
  fix via type-0 domainlist whitelist entry + pihole reloaddns, and
  why NULL blocking mode produces TCP refused instead of NXDOMAIN.
- Updated SUMMARY.md and 05-troubleshooting/index.md with new entry
2026-04-22 18:12:08 -04:00

136 lines
4.6 KiB
Markdown
Raw Permalink Blame History

---
title: "Pi-hole AI Blocklist Blocks Claude Desktop (ERR_CONNECTION_REFUSED)"
domain: troubleshooting
category: networking
tags: [pihole, dns, claude, adlist, blocklist, ai-blocklist]
status: published
created: 2026-04-22
updated: 2026-04-22
---
# Pi-hole AI Blocklist Blocks Claude Desktop (ERR_CONNECTION_REFUSED)
## 🛑 Problem
Claude Desktop throws a `[remoteMarketplaceClient] transport error: net::ERR_CONNECTION_REFUSED` error when attempting to install or load a plugin. The app itself loads fine and API calls work, but the marketplace client silently fails.
---
## 🔍 Diagnosis
### Step 1 — Check the Pi-hole query log for claude.ai
```bash
sudo pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db \
"SELECT datetime(timestamp, 'unixepoch', 'localtime') as time, domain, status \
FROM queries \
WHERE domain LIKE '%anthropic%' OR domain LIKE '%claude%' \
ORDER BY timestamp DESC LIMIT 50;"
```
Look for `claude.ai` entries with **status `1`** (gravity/adlist block). Status `2` or `3` means it's resolving fine.
**FTL status codes relevant here:**
| Status | Meaning |
|--------|---------|
| 1 | Blocked — gravity (adlist) |
| 2 | Forwarded (allowed) |
| 3 | Cached (allowed) |
| 4 | Blocked — regex domainlist |
| 5 | Blocked — exact domainlist |
### Step 2 — Identify which adlist is blocking it
```bash
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db \
"SELECT a.address, a.comment \
FROM gravity g \
JOIN adlist a ON g.adlist_id = a.id \
WHERE g.domain = 'claude.ai';"
```
**Root cause:** `claude.ai` appears in AI-focused blocklists because they target AI scraper and training crawlers by domain. Claude Desktop's marketplace client makes outbound requests to `claude.ai`, which Pi-hole resolves to `0.0.0.0` in NULL blocking mode — resulting in `ERR_CONNECTION_REFUSED` at the TCP layer.
Known adlists that include `claude.ai`:
- **uBlockOrigin HUGE AI Blocklist** (`laylavish/uBlockOrigin-HUGE-AI-Blocklist`)
- **Super SEO Spam Suppressor** (`NotaInutilis/Super-SEO-Spam-Suppressor`)
---
## ✅ Fix
Add `claude.ai` as an exact whitelist entry (type 0) in Pi-hole's domainlist. This overrides any gravity block.
```bash
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db \
"INSERT OR IGNORE INTO domainlist (type, domain, enabled, comment) \
VALUES (0, 'claude.ai', 1, 'Whitelisted — blocked by AI/SEO adlists, needed for Claude Desktop marketplace client');"
```
Then reload DNS to apply:
```bash
sudo pihole reloaddns
```
### Verify the whitelist entry is active
```bash
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db \
"SELECT domain, type, enabled, comment FROM domainlist WHERE domain = 'claude.ai';"
```
Expected output:
```
claude.ai|0|1|Whitelisted — blocked by AI/SEO adlists, needed for Claude Desktop marketplace client
```
---
## 🔁 Why This Happens
Pi-hole in NULL blocking mode resolves blocked domains to `0.0.0.0`. When Claude Desktop's marketplace client tries to connect to `claude.ai`, the TCP handshake to `0.0.0.0` is immediately refused by the OS — producing `ERR_CONNECTION_REFUSED` rather than a timeout or DNS error. This makes it look like a network or server issue rather than a DNS block.
AI-focused blocklists cast a wide net and include domains like `claude.ai` alongside actual AI scraper hostnames. The fix is a precision whitelist entry rather than removing the adlist.
---
## ⚠️ Note on the Custom Domainlist
`claude.ai` may also appear as an accidental **exact deny** entry in the Pi-hole custom domainlist if it was added via "Block" in the Pi-hole query log UI. This compounds the adlist block. Clean the domainlist if needed:
```bash
# Check for exact deny entries
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db \
"SELECT id, domain, type, enabled FROM domainlist WHERE domain = 'claude.ai';"
# Remove an unwanted deny entry (type 1 = exact deny)
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db \
"DELETE FROM domainlist WHERE domain = 'claude.ai' AND type = 1;"
sudo pihole reloaddns
```
---
## 🔎 Quick Reference
```bash
# Check if claude.ai is blocked
sudo pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db \
"SELECT datetime(timestamp, 'unixepoch', 'localtime'), domain, status \
FROM queries WHERE domain = 'claude.ai' ORDER BY timestamp DESC LIMIT 10;"
# Find which adlist is blocking it
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db \
"SELECT a.address FROM gravity g JOIN adlist a ON g.adlist_id = a.id \
WHERE g.domain = 'claude.ai';"
# Whitelist it
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db \
"INSERT OR IGNORE INTO domainlist (type, domain, enabled, comment) \
VALUES (0, 'claude.ai', 1, 'Claude Desktop marketplace client');"
# Reload
sudo pihole reloaddns
```
Reference in a new issue View git blame Copy permalink