Ads are showing on computer but not on mobile devices

Expected Behaviour:

Ads blocked on computer and mobile devices
Running on Raspberry Pi OS Lite (64-bit)

Actual Behaviour:

Ads are showing on computer but not on mobile devices

Debug Token:

https://tricorder.pi-hole.net/9EuMUA2I/

I have been confirming that my computer's connection is not going through pi-hole as I blacklisted purple.com and it loads on my computer but no other device. I use both wifi and ethernet.

I have read a number of similar posted and based on them tried:

  • Disabling IPv6
  • Manually setting my computer to use the pi-hole as DNS servers through the wi-fi settings
  • Disabling "Use secure DNS" setting on chrome
  • Restarting the pi-hole and my computer

Any help would be much appreciated!

Execute these 2 commands from your computer and post here the output:

nslookup flurry.com
nslookup flurry.com 192.168.0.252

Thank you in advance for the help, this is my result:

C:\Users\danga>nslookup flurry.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.252

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\danga>nslookup flurry.com 192.168.0.252
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.252

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\danga>

Your computer is not able to communicate with Pi-hole server (192.168.0.252).

Do you have a firewall blocking these attempts? Is your computer using a VPN?

I have the standard firewall that comes with Windows, no vpn.

Disabling the firewall doesn't sound like a good idea, is there an alternative solution?

You need to check in the firewall settings if this IP is blocked.
If your firewall is not blocking the IP, then you don't need to disable anything and the issue is elsewhere.


The previous nslookup commands above show your Windows computer can't use that IP as DNS server.

We need to identify why this is not working.

Please run the command ipconfig /all and post here the output.
If you want to redact mac addresses and some other info, please post at least these values:

  • IPv4 Address
  • Subnet Mask
  • Default Gateway
  • DHCP Server
  • DNS Servers (usually there is more than one).

I disabled my firewall and although purple.com still loads it looks like I can reach the pi-hole server
As it turns out I still have my Avast subscription which has not yet expired.

C:\Users\danga>nslookup flurry.com
Server:  pi.hole
Address:  192.168.0.252

Non-authoritative answer:
Name:    flurry.com
Addresses:  76.223.84.192
          13.248.158.7


C:\Users\danga>nslookup flurry.com 192.168.0.252
Server:  pi.hole
Address:  192.168.0.252

Non-authoritative answer:
Name:    flurry.com
Addresses:  76.223.84.192
          13.248.158.7


C:\Users\danga>

I tried finding a solution now that I know the source of the issue. I found the following doc: Prerequisites - Pi-hole documentation

I tried the firewall-cmd noted in the first line and got the following:

C:\Users\danga>firewall-cmd --permanent --add-service=http --add-service=dns --add-service=dhcp --add-service=dhcpv6
'firewall-cmd' is not recognized as an internal or external command,
operable program or batch file.

I also tried looking into avast program but could not find anywhere to add a new rule that would allow place the pi-hole behind the firewall not in front of it. I am already planning to stop using avast. Any recommendations on how to proceed?

It seems it was really a firewall issue.

Comparing your both nslookup flurry.com attempts:

  • the first one returned DNS request timed out;
  • the second one returned Server: pi.hole and Addresses: 76.223.84.192 13.248.158.7

If you want to turn on the firewall, you just need to configure it to allow DNS queries to Pi-hole (this is out of scope here... please search on your firewall help or forums).

Now we know the computer is using Pi-hole as DNS server.

I still don't know why Pi-hole is not blocking the domains.
Can you please generate a fresh debug log and post the new token?

Thank you, I will do that.

please see my current debug token: https://tricorder.pi-hole.net/imR5ojV6/

Your debug log looks good. Are you still seeing the problem when you run these commands from that computer?

nslookup flurry.com
nslookup flurry.com 192.168.0.252

What about these commands?

nslookup -class=chaos -type=txt version.bind
nslookup -class=chaos -type=txt version.bind 192.168.0.252

If you're seeing the wrong info coming back, apparently from your Pi-hole IP address, it may be that your AVAST installation is "helpfully" taking over the DNS "to keep you safe". I seem to remember this has happened in here before, either AVAST or AVG. But see how you get on with those commands first.

Thank you for the help! Here is what I am getting:

nslookup flurry.com
Server:  pi.hole
Address:  192.168.0.252

Non-authoritative answer:
Name:    flurry.com
Addresses:  76.223.84.192
          13.248.158.7

nslookup flurry.com 192.168.0.252
Server:  pi.hole
Address:  192.168.0.252

Non-authoritative answer:
Name:    flurry.com
Addresses:  76.223.84.192
          13.248.158.7

nslookup -class=chaos -type=txt version.bind
Server:  pi.hole
Address:  192.168.0.252

Non-authoritative answer:
version.bind    text =

        "unbound 1.13.2"

nslookup -class=chaos -type=txt version.bind 192.168.0.252
Server:  pi.hole
Address:  192.168.0.252

Non-authoritative answer:
version.bind    text =

        "unbound 1.13.2"

I figured out how to get the DNS behind the firewall but I am still able to access purple.com which I blacklisted

What is the output of nslookup purple.com?

Also, in your Pi-hole machine, what is the output of pihole -q -all purple.com?

Thanks for running those. For the Pi-hole version queries you should be getting a response from Pi-hole which looks something like this:

version.bind	text = "dnsmasq-pi-hole-v2.90+1"

As you can see, you're not getting a response from Pi-hole, even though the IP address looks like you are talking to Pi-hole. Something else is muscling in there and responding instead of Pi-hole.

This has happened before when someone was running AVG on their computer. AVG has a feature which is designed to stop DNS hijacking, and it works by hijacking the DNS itself and sending everything through AVGs systems. Someone wouldn't normally notice this, but it stops Pi-hole from working and that was how it became noticeable.

In your case you metioned you have an active Avast subscription. Avast does have similar features. They also have VPN services which would do this – perhaps one of these services is enabled without your knowledge. See if you can find a setting which lets you turn off the Avast DNS and VPN services, for testing purposes.

Thank you, that was it. Avast had a service called "Real Site" which, once I found it, fit the bill of what you described perfectly. I disabled it and then purple.com stopped working as I intended. Thank you!

Will Pi-hole help prevent DNS hijacking?

1 Like

Awesome, thanks for confirming it was that. If you run that dig version command from earlier you should find that Pi-hole is replying now, because now it's actually receiving the query.

DNS hijacking is when something takes over the DNS, without your knowledge, so it can control the responses given. AVG and Avast prevent something malicious from doing this – by doing it themselves! In this case your PC thought it was talking to Pi-hole, with the correct IP address and everything, but Avast was intercepting the DNS traffic under the hood and handling itself instead.

Pi-hole can't prevent that from happening but it makes it more noticeable if it does, as you saw when you noticed a blacklisted site was still loading despite the Pi-hole seeming to be in use.

1 Like