Please follow the below template, it will help us to help you!
Expected Behaviour:
I have two Android phones connected to Pi-hole's DHCP server. To my knowledge, they are configured equally. I expect that under comparable usage Pi-hole should log a similar number of connection requests.
Actual Behaviour:
However, Pi-hole logs for one phone 1719 requests and for the other only 71. I am certainly confident that 71 logged requests are way too low. I'm not sure how to improve Pi-hole's logging.
Additional Information:
I use on both phones the NetGuard.me firewall with the first DNS set to Pi-hole 192.168..** and the second to another DNS for when I'm away from my home WLAN.
Pi-hole is not likely the issue. If
Your using more than one DNS server, got Devi r may choose to use one over the other. See this FAQ for more info.
It’s also possible—and we’ve seen it before—where an android or other google device has hardcoded DNS servers and it bypasses any local setting.
Finally, comparing a devices’ queries is a bit arbitrary in my opinion; unless the devices are set up exactly the same, have all the same apps, and do all things the same thing, there will be a difference in queries made.
Yes, the gap you described is large but I don’t think it’s a problem as Pi-hole is logging the request that it does get.
@jacob.salmela I agree, it might be that the second Android device routes (for some unknown reason) more DNS request through the second DNS server. However, I don't know how I can ensure that I can use the Android phones on the go outside of my Pi-holed home network without manually changing the DNS configuration all the time. Is there a solution to this problem? I very much would like to use Pi-hole's DNS server as the only one on my home network without having to change the DNS settings regularly.
When you're using Pi-hole as DHCP server why do you use another tool to specify the DNS servers, at all? The Pi-hole DHCP server already hands out the correct IP for the DNS server (i.e. itself) and that should be sufficient, no?
On the go you can either then rely on getting an arbitrary DNS server (as you don't have to used a fixed one) or do it as I do it: Install a VPN and stay always connected to your Pi-hole, may it be over 4G, a hotel's WiFi or whatever. This also adds a layer of encryption which is favorable in networks you don't trust.
I do it for when I'm on the road as I don't want any arbitrary DNS server but choose particular ones.
I would like to do that but Android only allows one VPN connection and that one is already taken by the NetGuard.me firewall. NetGuard can do SOCKS5 to chain VPNs but I don't know how.
On a different note, regarding the use of DNSSEC, Pi-hole states:
Use Google, Norton, DNS.WATCH or Quad9 DNS servers when activating DNSSEC.
Can I not use any other DNS servers that support DNSSEC such as the AS250.net Foundation (194.150.168.169) or Digitalcourage (85.214.20.141)?
We just list off some of the servers that appear in the settings page (the ones that support DNSSEC), but you can choose any custom ones that support DNSSEC.