Assuming that you run a Windows machine in your network, open a command prompt on that machine and execute the following statements:
a. Renew the lease, in order to request the new DHCP configuration, just to be sure
ipconfig /renew
b. take a look at your DNS servers
ipconfig /all
Don't post the full answer, we are just interested in the DNS servers now.
Bugger - seems your router is distributing itself.
In that case, you have two options:
disable DHCP on your router and enable DHCP on Pi-hole
(This will keep individual clients identifiable in Pi-hole's Query Log)
remove Pi-hole from DHCP and set it as your router's upstream DNS, usually via its Internet / WAN settings
(This will make all DNS requests in Pi-hole'S Query Log appear to originate from your router. It doesn't affect Pi-hole's blocking in any way, but some features of Pi-hole's upcoming 5.0 release requiring client id probably won't apply)
You could also try to install a new firmware on your router, as @deHakkelaar suggests, but note that you would have to acquire support for doing so in the respective forums (Merlin, openWRT, DDWRT, pfSense, etc.).
@deHakkelaar
Been considering this in the past, thank you, but I don't feel inclined to do it just now. It looks like I should do it, one of these days! I fondly remember DD-WRT being a major upgrade for my trusty old Linksys WRT54G.
@Bucking_Horn
Switching DHCP over to Pi-Hole seems to have resolved the initial problem, blocking works. The only caveat is when running pihole -d, Networking reports errors:
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface: 192.168.1.200/24 does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
[✓] IPv6 address(es) bound to the eth0 interface: fe80::9edd:b635:2879:d87e does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
I'm worried about the error messages showing up. Any pointers on how to fix it?
Still no access to the admin panel via http://pi-hole/admin … no deal breaker, but maybe related to other settings still not being ideal.
192.168.1.1 = Asus router, static IP, DHCP turned off
192.168.1.200 = Pi-Hole, DHCP ranges from 192.168.1.201 to .251 https://tricorder.pi-hole.net/7tchhcen2p
Maybe more of a cosmetic issue, since you installed Pi-hole under a different IP (.57), and Pi-hole still remembers that in setupVars.conf.
Likely same as above, with a caveat: fe80: prefixes a link-local IPv6 address.
While valid, it is non-routable, i.e. visible only to network clients on the same network segment. If you run a network with several routers / L3 switches / access points and/or several subnets, your Pi-hole may not be accessible by all of them.
You may want to change this to a ULA address (from range fd00::/8) by configuring your routers DHCPv6 settings accordingly. EDIT: Actually, I wonder if this would still be necessary if you run Pi-hole as DHCP, but I am unaware of an option to configure a ULA via Pi-hole's UI - calling in @jfb, @deHakkelaar already reads and will comment if he knows)
Alternatively, do not enable IPv6 support in Pi-hole's DHCP and get rid of the IPV6_ADDRESS entry in setupVars.conf. Note that this might encourage some IPv6 capable devices to look for an IPv6 DNS server elsewhere, and some of them might succeed, thus bypassing Pi-hole. But then again, they might just as well do that if IPv6 is enabled. Happens more often than I'd wish for - darn! IPv6 auto configuration
This could be an issue, but I wouldn't expect Pi-hole to be blocking ads if that would fully affect your device.
To try and rectify all of the above, (optionally:) configure a ULA adress range and check your Pi-hole's ULA address, then ssh into your Pi-hole machine and run
pihole -r
and choose reconfigure.
EDIT: Afterwards, use @deHakkelaar's above nslookups in oder to verify your new setup
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
192.168.1.200/24 matches the IP found in /etc/pihole/setupVars.conf
[✓] IPv6 address(es) bound to the eth0 interface: fe80::9edd:b635:2879:d87e does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
192.168.1.200/24 matches the IP found in /etc/pihole/setupVars.conf
[✓] IPv6 address(es) bound to the eth0 interface: fe80::9edd:b635:2879:d87e does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
Like I said previously, I wouldn’t expect Pi-hole to be blocking ads if that would fully affect your device. Any upstream connection (including DNS forwards) would fail if you had no route to your gateway, and the other two are right about possible ICMP firewalling.
So as long as you still can open pages and do nslookups on public names, you should be good to go.
Just curious:
Does that mean the Pi-hole machine's CLI can ping the router?
ip route
default via 192.168.1.1 dev eth0 src 192.168.1.200 metric 202
default via 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.239 metric 303
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.200 metric 202
192.168.1.0/24 dev wlan0 proto dhcp scope link src 192.168.1.239 metric 303
That, and the routing table, confirm that you can connect to your gateway.
The reason the debug couldn't get to it might have something to do with two interfaces being active, eth0 and wlan0.
In general (i.e. not specifically to fix the failed g/w ping), I'd recommend running Pi-hole on eth0 (stability and latency), and if you don't need it, disable wlan0 (less interference with existing WiFis, and saves some power, too).