I set up Pi-Hole a week ago and it works great on all of my devices. However, I've noticed that every morning my Samsung S8 running Android 9 is unblocked (confirmed by going to https://blockads.fivefilters.org. After doing some reading, I believe the issue is that my S8's IPv6 address is changing overnight. If I turn off WiFi and then turn it back on again, ads are blocked for the rest of the day.
I'm guessing that my Windows and Chrome OS devices with IPv6 are not impacted by this since they go to sleep and then refresh their WiFi connections regularly, whereas my S8 is constantly on WiFi when I'm home.
From what I've read, there appear to be a number of options available to me, and I'm looking for advice on the best solution:
Change the Blocking Mode - I'm not sure if this is actually a solution, or if it just sounds like it's related due to my inexperience with IPv6. I'm currently set to blockingmode=null per the recommendations.
Disable IPv6 on my Actiontec T3200m router - I've done this for the moment, but it seems like a non-optimal solution since most of my IPv6 devices are working properly.
Enable ULA on my Actiontec router - I tried to read this thread, but it made my head spin. So, I suspect this is beyond my current level of expertise. But if it's the best solution, I'm game to learn.
Use Pi-Hole for DHCP - I have a Netgear Orbi mesh for WiFi that I use in AP mode. I left DHCP on my Actiontec for reasons of "if it ain't broke, don't fix it". Also, I have a lot of static IPv4 addresses for my home automation, and I'd rather not copy them all over. So, I could move to Pi-Hole for DHCP, but I'm not sure that's logical for an issue with one device.
Use Tasker on my Android phone to disconnect and reconnect the WiFi every morning - I just thought of this now, and it seems like the most logical solution given that the problem is specific to one device on my network.
Before I go further, I thought I'd post here to see if I'm on the right track or if I'm completely missing the actual problem or a better solution.
I am not entirely convinced that your S8's permanent connection should result in bypassing Pi-hole (if it is permanently connected at all).
If it is, your option 5. would be the most specific measure to solve your problem.
Your number 2. would be the only option to guarantee your smartphone won't bypass Pi-hole by using another DNS server via IPv6.
There's also an off-chance that your router still distributes its ISP assigned DNS servers' IPv6 addresses, especially if it doesn't explicitly allow changing them via its UI. However, I'd expect all of your IPv6 devices to bypass Pi-hole in that case, at least ocassionally.
Still, option 4. may be worth a try in that case - consider starting with a split DHCP range for testing only your S8 with Pi-hole.
Note that IPv6 devices may nevertheless decide to prefer DNS options if and as offered by your router over those of Pi-hole.
That's the part that confused me about it; hence my earlier conclusion that it's something specific to the S8 (or Android).
That's an interesting thought. It hadn't occurred to me that I could have two DHCP servers running so long as they have different ranges. Would I also have to assign a static ID in my S8's network settings to ensure that it picks the correct DHCP server?
Also, I'm used to the idea of the DHCP server being on and the same with the routing device. If I use Pi-Hole as my only DHCP server and clients connect to the network when Pi-Hole is offline (for example, after a power outage), will they just not have IPs until Pi-Hole boots up and starts distributing? I know that clients will keep their IPs until leases are up, but I don't know if this is the case when everything reboots. I assume this isn't a big deal, but it's proving surprisingly difficult to get a straight answer from the Internet.
It's not as easy as that, since both DHCP server's will now offer an answer for your client's DHCP broadcast, and ultimately your client will decide which one it picks (while the exact procedure of how it does that remains opaque).
The only way to have this work is to limit your router's DHCP range to just accomodate the existing devices minus your S8, preferably configured with a DHCP lease reservation each (aka fixed or static IP - you seem to have that configured already anyway).
Then enable Pi-hole's DHCP, set a range that doesn't overlap and configure your S8.
Yeah, I'm running a lot of static IPs for my openHAB automation.
Here's a question. Can I just run DHCP for IPv6 and split that off from the router? I'm a little unclear on the relationship between IPv4 and IPv6, but that's something for me to read up on.
I would worry about losing DNS.rather than about the leases.
Clients will normally hold on to their leases until they expire.
They usually start requesting renewal through their last known DHCP server as early as half way through lease lifetime, but will let go off it only if receiving a corresponding answer from their DHCP answer or until the lease ultimately expires.
Once it does expire without successful renewal, a client will start broadcasting for a DHCP server in order to acquire a lease.
This means that even if a client may request lease renewal prematurely, (e.g. on user request or for not succeeding to connect to other nodes for a sustained period of time), it won't relinquish its IP address before lease expiration or an negative answer from their DHCP server.
Your Pi-hole going off-line won't directly hurt the leases, but without DNS, your clients won't be able to talk to anything that they do not know an IP address for. So once the client's DNS cache expires, it will seem like you lost internet connectivity (technically, you haven't, you could still access sites by IP, but it's no fun at all without DNS).
I can't answer that, as it would depend on your router, and DHCPv6 by itself might not be enough.
You should be aware that with IPv6, clients may join a network using SLAAC or Stateless or Stateful DHCPv6. Only the latter is about equivalent to DHCP for IPv4, in that it may actually force an IP address and several options on a client.
The former two calculate an IPv6 address for themselves while respecting a network's advertised prefix, and they may chose to accept additional parameters as offered by routers (DNS servers, time servers etc.).
However, with IPv6 a client decides autonomously how to integrate itself into a network, e.g. Windows devices prefer DHCPv6 and may support, SLAAC (starting with W10), while Androids exclusively support SLAAC.
I left IPv6 disabled overnight and my S8 didn't show ads this morning. I also found a thread elsewhere on the Internet saying that Telus (my ISP) doesn't allow DHCP to be turned off on a T3200m, with users reporting that limiting the IP ranges doesn't stop the T3200m from trying to assign addresses.
So, I'm leaning toward putting the T3200m into bridge mode, using my Netgear Orbi as the router, and then moving DHCP to Pi-Hole. My main concern before was that my IP TV wouldn't work if the T3200m isn't the router, but from what I've read that shouldn't cause any problems.
Do you see any issues with this procedure?
Enable DHCP in Pi-Hole and copy my static IP assignments to Pi-Hole
Honestly, if IPv6 is causing you headaches, it'll quite probably continue to do so, no matter how you chain your routers.
In the beginning, IPv6 was entirely focused on addressing issues.
DNS was added to IPv6 as an afterthought, and while it has been standardised and implemented by most devices in the meantime, the split in support for either SLAAC or Stateless or Stateful DHCPv6 has not added to make a device's behaviour any more predictable without prior knowledge of its implementation.
And that's before throwing in a bunch of competing dual stack procedures for running IPv4 along IPv6.
Sure, in the mid to long term, IPv6 will displace IPv4.
But if you don't have really compelling reasons for using IPv6 (like a service you need is offered via IPv6 only), I'd happily abandon it if my devices don't play along nicely.
By the time we live in an all IPv6 world, it'll probably be time to get a new router anyhow, and hopefully, the SLAAC / DHCPv6 controversy has been conquered as well by then, with consistent DNS support including local hostname registration.
But that's more of a personal opinion than an advice, so take it with a grain of salt.
That's good to know. I'll take your opinion/advice and just leave things the way they are. I was concerned that it would be a bad idea to leave IPv6 disabled in case I need it in the near future, but it sounds like that's unlikely. And I suppose if I do need it, it's easy enough to turn it back on.