Different behavior after update to V4 from V3

Hi,

After updating to pihole 4 I no longer see the page that says this page has been blocked by pihole were you could click on the button to whitelist. No I see an error:
www.zergnet.com’s server IP address could not be found.

Also when I google something like samsung I now see ads from Google.

Your debug token is: dtdx0ipmqh

When I check the status of dnsmasq I see it can’t start on port 53

pi@raspberrypi:~ $ sudo systemctl status -l dnsmasq
dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2018-08-10 15:27:02 CEST; 3min 57s ago
Process: 8980 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
Process: 8977 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)

Aug 10 15:27:02 raspberrypi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server…
Aug 10 15:27:02 raspberrypi dnsmasq[8977]: dnsmasq: syntax check OK.
Aug 10 15:27:02 raspberrypi dnsmasq[8980]: dnsmasq: failed to create listening socket for port 53: Address already in use
Aug 10 15:27:02 raspberrypi systemd[1]: dnsmasq.service: Control process exited, code=exited status=2
Aug 10 15:27:02 raspberrypi systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Aug 10 15:27:02 raspberrypi systemd[1]: dnsmasq.service: Unit entered failed state.
Aug 10 15:27:02 raspberrypi systemd[1]: dnsmasq.service: Failed with result ‘exit-code’.

When I check what is on port 53 I see it is attached to ipv6

pi@raspberrypi:~ $ netstat -anlp | grep -w LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:4711 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::8080 :::* LISTEN -
tcp6 0 0 :::53 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::6144 :::* LISTEN -

This is a change in V4. Previously, the default blocking mode was IP. The new default is NULL (as explained in the linked article) as the developers found that NULL provided the best performance for the majority of users.

https://docs.pi-hole.net/ftldns/blockingmode/

Changing your default blocking mode is discussed in this link. To regain your blocking page, the best option would be change to BLOCKINGMODE=IP-NODATA-AAAA.

https://docs.pi-hole.net/ftldns/configfile/

In V4, this is the correct behavior. pihole-FTL is running to do this function, and dnsmasq is not, as discussed here: DNS resolver - Pi-hole documentation

In a debug log it is shown as follows:

*** [ DIAGNOSING ]: Pi-hole processes
[✗] dnsmasq daemon is inactive
[✓] lighttpd daemon is active
[✓] pihole-FTL daemon is active

When you run sudo lsof -i :53 you will see that pihole-FTL is on port 53, similar to below:

COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
pihole-FT 2004 pihole    4u  IPv4 311832      0t0  UDP *:domain 
pihole-FT 2004 pihole    5u  IPv4 311833      0t0  TCP *:domain (LISTEN)
pihole-FT 2004 pihole    6u  IPv6 311834      0t0  UDP *:domain 
pihole-FT 2004 pihole    7u  IPv6 311835      0t0  TCP *:domain (LISTEN)

Why am I seeing adds then that I normally didn't see? My example zergnet.com is blocked but when I do a google search I see all adds

This FAQ has some additional information. An ad-serving domain might not be blocked.

Strange this is that before the update I didn't see any adds in google and now I do.
When I click on the add the site is blocked

Are you referring to the sponsored ads that appear at the top of a Google search? Prior to V4 you weren't seeing sponsored ads appear in a Google search and now you are seeing them?

yes and links with the adv block in front of them

I see this blocked also but i do see the adds

In my pi-hole trail I do see
Aug 10 19:16:09 dnsmasq[9636]: 5981 192.168.178.133/49092 query[A] cdn.samsungcloudsolution.com from 192.168.178.133
Aug 10 19:16:09 dnsmasq[9636]: 5981 192.168.178.133/49092 cached cdn.samsungcloudsolution.com is
Aug 10 19:16:09 dnsmasq[9636]: 5981 192.168.178.133/49092 cached d179kwmlpc4o47.cloudfront.net is 52.84.163.94
Aug 10 19:16:09 dnsmasq[9636]: 5981 192.168.178.133/49092 cached d179kwmlpc4o47.cloudfront.net is 52.84.163.198
Aug 10 19:16:09 dnsmasq[9636]: 5981 192.168.178.133/49092 cached d179kwmlpc4o47.cloudfront.net is 52.84.163.100
Aug 10 19:16:09 dnsmasq[9636]: 5981 192.168.178.133/49092 cached d179kwmlpc4o47.cloudfront.net is 52.84.163.228
Aug 10 19:16:14 dnsmasq[9636]: 5982 192.168.178.133/57733 query[A] cdn.samsungcloudsolution.com from 192.168.178.133
Aug 10 19:16:14 dnsmasq[9636]: 5982 192.168.178.133/57733 forwarded cdn.samsungcloudsolution.com to 8.8.4.4

The pi-hole-FTL log is empty

What your pihole log tail shows is normal behavior for pihole-FTL. Per the reference link:

"FTLDNS comes with a lightweight but powerful inbuilt DNS/DHCP/TFTP/... server eliminating the need to install dnsmasq separately (we used to do this before Pi-hole v4.0). However, it is important to understand that we are not moving away from dnsmasq, but, in contrast, are coupling even closer to it by incorporating it into FTL. This provides us with a much more reliable monolith DNS solution where we can be sure that the versions of FTL and the DNS internals are always 100% compatible with each other."

The pi-hole-FTL log is empty

There are not always entries in the pihole-FTL log. This is also normal. A cron scrip rotates this log weekly.

Ok. But how about those Google sponsored links and links with adv in front of them in my screenshot. Shouldn't those be blocked?

If you look at the html code for the page you loaded, I think you will find that the boxes are being served from a regular google domain, not one of the ad-server domains. It's only when you click the link that the tracking website is blocked. There may be a browser setting somewhere that controls the ads you were/are seeing.

I see the sponsored ad banner on my browsers running all the Wally3K non-crossed block lists, in versions 3.3 and 4.0 of PiHole (no change when I updated).

Ah I feel really stupid right now. I reinstalled my OS and Chrome. My add block had set the filter allow acceptable adds turned on. When I set this to off those adds are blocked. Can pihole block these type of ads?

Thanks for the help on the other issues.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.