Ads and Blacklist not being blocked

Expected Behaviour:

Ads should be blocked and blacklisted domains should either not be loading or showing the pihole block page.

• Raspberry Pi OS 32bit
• Raspberry Pi3B
• DCHP Server enabled

Actual Behaviour:

Ads and blacklisted domains are loading, added some social network and pornography sites to test, none are being blocked nor are ads such as traffic junky. Tested on multiple devices with cache cleared on browser and device, tested group settings by adding clients to groups and set adlists and blacklist/whitelist to test group.

Checked query log to find that blacklisted sites are being listed as having been blocked but only momentarily, page brings up DNS server error followed by IP server error then the page proceeds to load.

Under my previous install of Rasbian Buster and Pihole 4 everything was working fine, I am uncertain if blocking is working properly now.

Debug Token:

https://tricorder.pi-hole.net/daklvzpwy1

Can you provide some examples? Run a dig or nslookup for a known blocked domain, and please post the output.

We will also need a fresh debug log, the previous log expired at 48 hours.

Anything that is blacklisted once opened will be momentarily be blocked, browser shows two error pages, a DNS error and then an IP error then the page loads. The only ads off hand that I know that I can test quickly are traffic junky ads on pornhub, not being blocked since updating.

pi@X87Pi3:~ $ nslookup facebook.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: facebook.com
Address: 157.240.221.35
Name: facebook.com
Address: 2a03:2880:f158:82:face:b00c:0:25de

https://tricorder.pi-hole.net/daklvzpwy1

Try using the Pi-hole IP address instead. That nslookup is not using Pi-hole.

You're going to have to direct me on what to do there!

The client from which you ran the nslookup command is not using Pi-hole for DNS resolution, it is using Google DNS. Do you have Google DNS set as a DNS option in your router or on that client? Or, was this command run from the Pi that is hosting Pi-hole?

nslookup was run from the Pi OS terminal, Google DNS is set as secondary DNS on router, Pihole and on most devices.

This is providing a DNS bypass around Pi-hole. Clients are free to use any DNS available.

From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of

nslookup pi.hole

nslookup pornhub.com

All settings are identical as there where on Rasbian and Pihole 4.

pi@X87Pi3:~ $ nslookup pi.hole
Server: 8.8.8.8
Address: 8.8.8.8#53

** server can't find pi.hole: NXDOMAIN

pi@X87Pi3:~ $ nslookup pornhub.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: pornhub.com
Address: 66.254.114.41

This is from the Pihole, from Windows 10 Powershell I get a DNS request timeout.

This is where we need the output -we've already seen the output from the Pi. You would not expect Google DNS to be able to resolve the IP of your local Pi-hole. The problem may lie in the client. On this client, what is the output of ipconfig /all

Removing Google DNS as secondary DNS from the router and the client has stopped the pages from connecting but doesn't show the pihole blocked page and traffic junky ads are still appearing despite being on a a blocklist. Doing the same on android devices has the same effect as on Windows previously did, the android pages are momentarily blocked before loading.

> PS C:\Windows\system32> ipconfig /all
> 
> Windows IP Configuration
> 
>    Host Name . . . . . . . . . . . . : X87G20
>    Primary Dns Suffix  . . . . . . . :
>    Node Type . . . . . . . . . . . . : Hybrid
>    IP Routing Enabled. . . . . . . . : No
>    WINS Proxy Enabled. . . . . . . . : No
> 
> Ethernet adapter Ethernet:
> 
>    Connection-specific DNS Suffix  . :
>    Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I218-V
>    Physical Address. . . . . . . . . : 08-62-66-A1-B4-CC
>    DHCP Enabled. . . . . . . . . . . : No
>    Autoconfiguration Enabled . . . . : Yes
>    IPv6 Address. . . . . . . . . . . : fddc:d916:a734:db00:dde6:fe56:e096:5615(Preferred)
>    Temporary IPv6 Address. . . . . . : fddc:d916:a734:db00:b567:6835:611e:f80d(Preferred)
>    Link-local IPv6 Address . . . . . : fe80::dde6:fe56:e096:5615%10(Preferred)
>    IPv4 Address. . . . . . . . . . . : 192.168.1.110(Preferred)
>    Subnet Mask . . . . . . . . . . . : 255.255.255.0
>    Default Gateway . . . . . . . . . : fe80::a06d:22ff:fe9a:378c%10
>                                        192.168.1.1
>    DHCPv6 IAID . . . . . . . . . . . : 117989990
>    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-28-AC-3C-08-62-66-A1-B4-CC
>    DNS Servers . . . . . . . . . . . : fddc:d916:a734:db00:cb7c:825:de65:74d2
>                                        192.168.1.104
>    NetBIOS over Tcpip. . . . . . . . : Enabled
> 
> Wireless LAN adapter WiFi:
> 
>    Media State . . . . . . . . . . . : Media disconnected
>    Connection-specific DNS Suffix  . :
>    Description . . . . . . . . . . . : Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
>    Physical Address. . . . . . . . . : 40-E2-30-CF-44-79
>    DHCP Enabled. . . . . . . . . . . : No
>    Autoconfiguration Enabled . . . . : Yes
> 
> Wireless LAN adapter Local Area Connection* 1:
> 
>    Media State . . . . . . . . . . . : Media disconnected
>    Connection-specific DNS Suffix  . :
>    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
>    Physical Address. . . . . . . . . : 42-E2-30-CF-44-79
>    DHCP Enabled. . . . . . . . . . . : Yes
>    Autoconfiguration Enabled . . . . : Yes
> 
> Wireless LAN adapter Local Area Connection* 2:
> 
>    Media State . . . . . . . . . . . : Media disconnected
>    Connection-specific DNS Suffix  . :
>    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
>    Physical Address. . . . . . . . . : 40-E2-30-CF-44-79
>    DHCP Enabled. . . . . . . . . . . : Yes
>    Autoconfiguration Enabled . . . . : Yes
> 
> Ethernet adapter Bluetooth Network Connection:
> 
>    Media State . . . . . . . . . . . : Media disconnected
>    Connection-specific DNS Suffix  . :
>    Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
>    Physical Address. . . . . . . . . : 40-E2-30-CF-44-78
>    DHCP Enabled. . . . . . . . . . . : Yes
>    Autoconfiguration Enabled . . . . : Yes

What is this IPv6 DNS server? It doesn't match anything on your Pi-hole.

You should not expect a Pi-hole blocked page - you are using the default NULL blocking mode which does not provide a blocking page:

[2020-06-10 19:19:46.855 13035] BLOCKINGMODE: Null IPs for blocked domains

What is a domain for a traffic junky ad?

That's the ipv6 provided by pihole during installation, I added that to test to see if it made any difference which I've now removed.

Traffic junky ads are on pornhub, the domain for those ads which is on a few of my blocklists is trafficjunky.net

How can I change blocking mode, I prefer to have the block page appear if I'm working at a family client, I never changed the blocking mode before but had access to the pihole blocked page.

From the same client (and not from the Pi-hole) what is the output of:

nslookup trafficjunky.net

Note, this will only work for http pages, not for https pages.

Also, please generate a new debug log, upload it and post the new token so we can see your current configuration.

PS C:\Windows\system32> nslookup trafficjunky.net
Server: X87Pi3
Address: 192.168.1.104

Name: trafficjunky.net
Addresses: ::
0.0.0.0

This output shows that Pi-hole blocked the domain. If the browser on that client is getting ads from that domain, the domain is being resolved by a DNS server other than Pi-hole.

Does the browser on that client have specific DNS settings, in particular DNS over HTTPS or any DNS redirection?

https://tricorder.pi-hole.net/8va4px3j69

Not that I know of, all I did was upgrade Rasbian to Pi OS and install Pihole 5, all settings on all devices have not changed. Pihole has worked well on multiple install through out multiple Rasbian and Pihole versions until now.

From what you have shown in your outputs, Pi-hole is blocking that domain as requested. So, it does not appear to be a Pi-hole problem. You have asked Pi-hole to block this domain, and it has done that.