Techloid-g:
That matches my output
If your iptables output matches mine, you wont need to alter with iptables because your rules already allow all.
Below is a good tool to test DNS from a client before you make alterations to your router settings.
nslookup pi.hole 192.168.1.84
First check if the pihole-FTL daemon is actually listening on DNS ports 53 UDP/TCP (and others used by Pi-hole) with below:
sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
If that checks out ok, check interface/IP configured for Pi-hole:
grep 'PIHOLE_INTERFACE\|IPV[4,6]_ADDRESS\|DNSMASQ_LISTENING' /etc/pihole/setupVars.conf
See if it matches with the actual interface that holds the 192.168.1.84 IP:
ip -4 -br a
If that checks out ok, it might be that your router is doing a thing called "DNS rebind protection":
countermeasure to an attack on your network . So in many cases, it's ac…
EDIT: forgot to mention but sometimes AV software can mangle DNS lookups:
That Windows machine you are using wouldn't run a virus scanner like AVAST?
AVAST offers a feature called RealSite that will inject additional DNS queries to a "trusted" DNS server (run by AVAST) in case something goes wrong with normal DNS resolution, see Hilfe: Windows löst Hostname auch ohne PiHole auf? - #26 by Chris80 (though German, it also contains a short solution description in English).