Techloid-g:
That matches my output
If your iptables
output matches mine, you wont need to alter with iptables
because your rules already allow all.
Below is a good tool to test DNS from a client before you make alterations to your router settings.
You can also run this one on Pi-hole itself to test:
nslookup pi.hole 192.168.1.84
First check if the pihole-FTL
daemon is actually listening on DNS ports 53 UDP/TCP (and others used by Pi-hole) with below:
sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
If that checks out ok, check interface/IP configured for Pi-hole:
grep 'PIHOLE_INTERFACE\|IPV[4,6]_ADDRESS\|DNSMASQ_LISTENING' /etc/pihole/setupVars.conf
See if it matches with the actual interface that holds the 192.168.1.84
IP:
ip -4 -br a
If that checks out ok, it might be that your router is doing a thing called "DNS rebind protection":
What is DNS rebind protection?
If your router has an option called DNS rebind protection enabled, you may run into issues when trying to use Pi-hole as your DNS server. The reasons for this are quite technical, but to summarize what this option does in one sentence:
DNS rebind protection does not allow DNS queries to be answered with a local IP address.
Why does this interfere with Pi-hole?
DNS rebind is meant to be a countermeasure to an attack on your network . So in many cases, it's actu…
EDIT: forgot to mention but sometimes AV software can mangle DNS lookups:
That Windows machine you are using wouldn't run a virus scanner like AVAST?
AVAST offers a feature called RealSite that will inject additional DNS queries to a "trusted" DNS server (run by AVAST) in case something goes wrong with normal DNS resolution, see Hilfe: Windows löst Hostname auch ohne PiHole auf? - #26 by Chris80 (though German, it also contains a short solution description in English).