Devices are not using pi-hole

KamikazeKota · March 24, 2020, 4:27pm

i have an araknis router

KamikazeKota · March 24, 2020, 4:29pm

Iphone xs and version 13.3.1

Bucking_Horn · March 24, 2020, 8:14pm

I have not come across Araknis routers so far, which also means I am unaware whether this device would intercept DNS traffic.

We are going to find out (unless @jfb comes up with another approach for your devices to check first - in contrast to me, he is running some Apples on his network ).

Let’s see how a LAN client and a WiFi client resolve DNS requests when using the exact same set of two nslookups from a terminal or command prompt as follows:
a) for using the default DNS (i.e. your Pi-hole at 192.168.1.152 )

nslookup flurry.com

b) for forcing lookup through a specific public DNS (80.241.218.68)

nslookup flurry.com 80.241.218.68

Could you please execute both nslookup commands on
I. a LAN-connected machine
II. a WiFi-connected device (e.g. a laptop)
and post the results, preferably by pasting as text?

KamikazeKota · March 24, 2020, 9:23pm

pi@raspberrypi:~ $ nslookup flurry.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: flurry.com
Address: 0.0.0.0
Name: flurry.com
Address: ::

pi@raspberrypi:~ $ nslookup flurry.com 80.241.218.68
Server: 80.241.218.68
Address: 80.241.218.68#53
Non-authoritative answer:
Name: flurry.com
Address: 74.6.136.153
Name: flurry.com
Address: 98.136.103.26
Name: flurry.com
Address: 212.82.100.153

Bucking_Horn · March 24, 2020, 9:29pm

That is the output from a command as run on your Pi.

Please run the commands from client machines, as requested:

(You can format your output by highlighting a text passage and choose </> Preformatted text from the menu - I did that for your recent post)

KamikazeKota · March 24, 2020, 9:33pm

LAN device as device that is connected by ethernet cable? if so, none of the devices are connected

KamikazeKota · March 24, 2020, 9:36pm

nslookup flurry.com
Server:		192.168.1.154
Address:	192.168.1.154#53

Non-authoritative answer:
Name:	flurry.com
Address: 74.6.136.153
Name:	flurry.com
Address: 212.82.100.153
Name:	flurry.com
Address: 98.136.103.26

nslookup flurry.com 80.241.218.68
Server:		80.241.218.68
Address:	80.241.218.68#53

Non-authoritative answer:
Name:	flurry.com
Address: 98.136.103.26
Name:	flurry.com
Address: 212.82.100.153
Name:	flurry.com
Address: 74.6.136.153```

KamikazeKota · March 24, 2020, 9:36pm

and thank you for the tip!!

Bucking_Horn · March 24, 2020, 9:37pm

Yes, covering both interface connection types would be beneficial for a complete assessment of the situation.

But let's start with devices the way you have them currently connected.
We can always return to LAN at a later time.

Bucking_Horn · March 24, 2020, 9:49pm

Is that the IP address of your Pi-hole?
It should be .152 according to your debug log.

KamikazeKota · March 24, 2020, 9:56pm

I changed the IP of the PI-hole. I forgot to mention it. Im sorry!

Bucking_Horn · March 24, 2020, 9:59pm

That's ok - but those results are not good:
Your router is intercepting DNS traffic on your network.

Let me explain what we see.
We were requesting DNS resolution for flurry.com - a domain known to be blocked by Pi-hole's default blocklists as well as by fdns1.dismail.de (80.241.218.68), a public filtering DNS server.

We performed those DNS requests through
a) your Pi-hole (at 192.168.1.154)
b) the public filtering DNS (at 80.241.218.68)

The expected result for both requests would have been 0.0.0.0, i.e. blocked.

As both of them return the correct address for flurry.com, something on your network (supposedly your router) has intercepted and redirected both a) local and b) public-facing DNS traffic to a DNS server of its choice.

Thus far, we have only confirmed this to be the case for WiFi connections.

While this is bad, there's still a chance your router won't display this misbehaviour for LAN connections.

Does your router have LAN ports at all?
Would you have an Ethernet network cable at hand to test this?

EDIT: In addition, you might want to consult your router's documentation, on the off chance it exposes a setting for enabling/disabling DNS redirection. Be watchful, it may be dubbed by any name with similar meaning (like DNS capture, interception, reroute,...).

KamikazeKota · March 24, 2020, 10:13pm

Thank you for the reply and I might. I have to look for it but I do not have an adapter to plug ethernet cable to the rasbperry pi. Also, if it is the router problem, why my mac and iphone were able to use pi-hole for once?

Bucking_Horn · March 24, 2020, 10:15pm

Again, we'd need to test a LAN connected client device at first, not your RPi.

Good point - are you running any additional WiFi equipment like an AP or repeater?

jfb · March 24, 2020, 10:54pm

What DNS servers are shown in settings > WiFi > DNS?

Should look like this - this example has two Pi-Holes in parallel.

KamikazeKota · March 24, 2020, 11:16pm

I do not have any additional wifi equipment

KamikazeKota · March 24, 2020, 11:17pm

It has the ip of the pi-hole which is 192.168.1.154

jfb · March 25, 2020, 12:15am

Tail the Pi-Hole log while loading a web page from that device. Do you see queries from that device?

Does the device have an IPv6 address or IPV6 DNS server listed?

system · April 15, 2020, 12:15am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.