DNS leak test shows more than 1 DNS server

DNS leak test shows more than 1 DNS server. Does this mean some requests are bypassing the PiHole?

My setup is: Gateway router (with locked DNS settings due to trash ISP. I can't flash it).
I have disabled DHCP on the this router. PiHole
Enabled DHCP.
DNS-Over-HTTPS but using Quad9 upstream address.
Have set the PiHole settings for DOH like this (deselecting the originally set "Quad9 (filtered, DNSSEC)" for IPv4 and inputting the custom value.

I can see the PiHole graphs start to populate and have noticed ads being blocked so it is working.

However I was looking for ways to test this implementation and following this reddit post ran a DNS leak test.

My results show multiple DNS servers. Results

The WoodyNet results I understand to be Quad9 servers but there you can see 4 other servers, which are my ISP DNS servers.

Does this mean that some of my requests are being sent to Quad9 and other times to my ISP DNS?
Or is it normal that all these servers appear but actually my PiHole is always making sure that only the Quad9 servers are the ones doing the lookups?

Thank you for your help.
First timer dabbling in world of PiHole and never gone so deep into my home network before.

PiHole v5.2
Gateway router is Technicolor AGHP (never heard of it before)

Short answer, yes. That test will indicate any DNS resolvers that returned replies.

On the client you tested from, have you confirmed the DNS settings to ensure only the pi-hole IP is in use? Make sure your router IP is not still showing as one of the DNS servers. This shouldn’t be occurring given you switched DHCP over to the pi-hole, but let’s confirm that first.

Hi _FailSafe,

TLDR; disabling IPv6 on my network adapter fixed the issue for this machine!

It's great to get confirmation on what I was suspecting.
Running ipconfig /all on this Windows machine I saw the PiHole ip address set as a DNS server but I noticed another server listed in IPv6 format.

DNS Servers . . . . . . . . . . . : fe80::22b0:1ff:fec8:3f7e%24

I don't really understand or user IPv6, it must just be on by default.
I disabled Internet protocol IPv6 on this machine and now my dnsleak test is returning 1-2 results, only listing Quad9 servers, hooray!

That's the quick fix. I'm assuming enabling IPv6 to also route through PiHole is the best solution.

It sounds like your router supports IPv6. Is your intent to use it now that you know you have it or disable it at the router level?

I first tried enabling the IPv6 setting on the router but it stays stuck on 'connecting' and never seems to resolve an address, same issue as was posted by this user.

From that post it seems possible to connect using IPv6 to the ISP by creating a PPPoE direct from a machine, but that's not my intention.

It probably makes sense to try disable as much IPv6 as I can. I have disabled the IPv6 switch on the router interface but if I enable IPv6 on my windows machine then it's still getting an address and the DNS applied. Must be from the router but I don't know what else to disable so for now I've disabled the IPv6 on my machine and which ever other devices I have on this network I'll try do the same.

Seems my issues now lie with ISP and not PiHole.

Thanks for helping me confirm the issue I had and clean up my network!

With IPv6, devices seldomly acquire an address from your router.

Instead, a device commonly constructs an IPv6 address by itself via SLAAC, while it may consider information offered by your router via stateless DHCPv6 and/or RA to do so. (click for details)

It will do so by combining an IPv6 prefix (as offered by your router) with an interface identifier that it will calculate autonomously.

In addition to a public prefix (in the 2000::/3 range), your router may or may not be able to distribute a ULA prefix (in the fd00::/8 range).

Even in the absence of any of those prefixes, a device will always be capable of constructing a link-local IPv6 address (in the fe80::/10 range).

ULA as well as link-local IPv6 addresses will only be used for communication within your home network, while a public prefix address will be mandatory for devices to connect to the Internet via IPv6.

Furthermore, your router may allow clients to request a full IPv6 address via stateful DHCPv6.
Whether a client will actually do so would depend on that client's OS and its respective configuration settings - most clients won't, and e.g. current Androids never will.

In case a client would request IPv6 addresses via stateful DHCPv6, those addresses may appear in addition to any of the aforementioned IPv6 addresses.

Disabling IPv6 on your router would stop your router from distributing a public IPv6 prefix and from answering DHCPv6 requests. It may or may not impact distribution of a ULA prefix as well, that would depend on your specififc router.

As long as you do not see any public IPv6 addresses (2000::/3 range), disabling IPv6 for Internet connections would have worked.

Thanks for the info Bucking_Horn.

I admit my knowledge of IPv6 is close to zero so I'll youtube a bit to get a better understanding.

I'm quite sure my ISP doesn't support IPv6 yet, or does but you need to directly request them to get you on it. My router never resolves an address and testing on https://test-ipv6.com/ always results in no IPv6 address detected.

I've disabled what I can regarding IPv6 on the router and on my current windows machine + PiHole. All seems to be running well there.

On my android mobile I have Chrome and Samsung internet resulting in the correct results running https://dnsleaktest.com/ but strangely Firefox(my default browser) and Opera always show my ISP DNS servers.. I don't know if it's the same issue I was experiencing above in the thread(if that even makes sense).. If I was able to disable IPv6 on my mobile it'd probably work. I've set my WiFi connection with a static IP and IP to the pi.hole for DNS and specified IPv4. This is as good as I'm able to get.

So on the same device, Chrome and Samsung Internet do not indicate ISP DNS resolvers, but Firefox and Opera do?

Yep, I don't understand it.

On the same Android device; Samsung internet + Chrome return Quad9 DNS servers and Firefox + Opera return my ISP DNS servers.

What I've tried:

Uninstall and reinstall the browsers.
Tried to manually disable any DNS related stuff in Firefox, then reset everything.
I've done Settings > Connections > WiFi > Setting for the Wifi network > Advanced > manually input Static ip + gateway + DNS server.

But always get the same result.

I have seen that if I go to Settings > About > Status there my mobile device has both an IPv4 (the one set my PiHole DHCP) and a IPv6 address. So I downloaded an app called Big Data IP Tools to see if there is an IPv6 DNS server being set somewhere and in fact there is.

So as well as the IPv6 address there are also 2 DNS servers set on the device. IPv4 which it's either got from DHCP or from me inputting the static info on my WiFi + IPv6 which I have no idea where this info is being populated.

I tried to see if I can disable IPv6 on this device (cause that worked for my other Windows machine) but I don't think I can. Not without root anyway.
I've run the test at https://test-ipv6.com/ on both Android and Windows devices with the same results. No IPv6 detected, but ISP has IPv6 compatible DNS or something.

Maybe they use DNS-over-HTTPS or something else inbuilt?

have you also done this in the "hidden menus"?