% blocked dropped from +20% to 9%

On 4/19 we started seeing lots of ads that haven't been seeing and the % of queries blocked dropped from over 20% to about 9% now.

I run pihole on a ubuntu 20.04 server and have completely rebuilt the server with no change.

Also, when I restartdns it no longer zeros statistics on the dashboard.

What am I doing wrong?
Ric

Your gravity database updated on Sunday morning 4/18 between 0300 and 0500 your local time. This may be related to the problem

Variation in the percent blocked is normal over time. Hourly, daily, weekly. In your specific case, the dashboard shows the most recent 24 hour history, and if you monitor that over the day it will change.

Unless you have changed the default configuration, it has never done this. When you restartdns, the most recent 24 hour history is retrieved from the long term database and this populates the 24 hour history immediately.

Please provide some examples. Screen shots (you can paste them directly into a reply), URL's, etc. Is this across all clients, or just on selected clients? Using specific browsers, or all browsers?

Responses in-line below.

Has gravity been updated since? I, too, think something like this would be the root cause. However, I didn't see a significant drop in the number of gravity blocked domains. I monitor pihole stats with Zabbix and have 1+ year of stats. The +20 is the average over the last 6 months. Interesting, perhaps I made such a change but I certainly did not revert it myself. This non-zeroing started with the drop in blocked requests. I'm a retired IT geek from Silicon Valley. I have pretty good network skills. I run zabbix to monitor pihole as well as my mail and web servers, and a lot of other crap in my home. This issue is across all our devices, macs, linux desktops, windows, ipads, iphones. I'm happy to send you all the examples you'd like. One, for our local newspaper is attached. This is new behavior since 4/18. Ric

Please upload a debug log and post just the token that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

https://tricorder.pi-hole.net/12bibk2cp7

There are no errors in your debug log, only two things that might caught my attention:

      dns-server: 192.168.1.1

Your router advertises itself via DHCP. Is this the setup you want?

    PIHOLE_DNS_1=192.168.1.101
    PIHOLE_DNS_2=192.168.1.102

Your upstream DNS servers are local IPs. Are you running more DNS servers on your network?

I do have local DNS servers to serve the sub domain in my home. My router's primary DNS server is my pihole system.

The pihole server then looks to my local servers for resolution which deliver on the sub domain and then look to google for external resolution.

Ric

Any secondary DNS?

What does dig googleads.g.doubleclick.net show as an IP? That's where that huge header add is from. I have to disable Pi-hole to see it since that domain is on the StevenBlack list that you are using. This leads me to think that you're using a DNS server that is in place of or in addition to Pi-hole.

Pi-hole looks okay:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[βœ“] neki.org is 0.0.0.0 via localhost (127.0.0.1)
[βœ“] neki.org is 0.0.0.0 via Pi-hole (192.168.1.185)
[βœ“] doubleclick.com is 142.250.113.101 via a remote, public DNS server (8.8.8.8)
1 Like

Yes, 2 internal DNS servers. I've removed them both and now I'm no longer seeing the ads and stats are as expected.

I assume that for some reason my router decided to use a secondary as opposed to the primary, pi-hole.

pi-hole is also a vm and perhaps the server isn't able to support it giving a timely response so the router moves on. Worthy of investigation.

However, this doesn't resolve the resetting of 4 numerical stats on the dashboard each time I restarted dns on pi-hole, either by pihole restartdns command or using the gui. I liked that. If there is a variable that forces this to happen, I'd like to know.

If I learn anything else of interest, I'll share but I consider this matter closed.

Ric

Set the following configuration parameter:

DBIMPORT=no

https://docs.pi-hole.net/ftldns/configfile/

That's correct.
If you supply multiple DNS servers, a client (in your case, your router) may pick any DNS server at its own discretion, allowing it to by-pass Pi-hole whenever it deems that as appropriate.
Pi-hole has to be your client's sole DNS server to reliably prevent that.

My percent blocked has also dropped recently used to run about 45-50% now its 18%

I've spent time trying to determine the root of this problem.

My previous configuration had pi-hole as primary dns and both internal dns servers as alternates in my router, a 4 node Linksys Velop AC3900. The linksys firmware was last updated in Sept and is current. This configuration remained constant for 1+ years with no problems.

All 3 dns servers, pi-hole included, are VBox vms running ubuntu 18.04 on 2 different hardware platforms also running 18.04. These servers run other vm's also, such as zabbix, webmail, etc. The router is hardwired to both servers.

I have now run the pi-hole vm on both hardware platforms with the same results - that it blocks ads only when it's the only dns server listed on the Linksys router.

I have an image of the pi-hole server from 7/2020. I'm going to use it (without upgrading pi-hole itself) to see if that has any different outcomes. I am attempting to test of newer pi-hole software is just enough slower that the router defaults to backup dns before pi-hole can respond. Doubtful but worthy of a test.

And thanks for DBIMPORT=no config.

Edit: That is from May of 2017

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.