Fresh Jessie Lite install + PiHole = a whole heap of problems

that would mean that the device is not using the Pi-hole at all.

This is what I feared!

Just a quick side question...

How would the use of a WiFi extender work with pihole?
I have one waiting for me, it creates it's own A.P as far as I can make out.
The web based GUI allows for use as a dhcp server.

Ok, so done this...

Using an android tablet running 6.0

WiFi settings set to get IP from dhcp

pi@aspberrypi:~ $ tail -f /var/log/pihole.log                             Jun 18 20:58:59 dnsmasq[27580]: reply connectivitycheck.android.com is 216.58.208.142                                                                 Jun 18 20:58:59 dnsmasq[27580]: reply connectivitycheck.android.com is 216.58.208.142                                                                 Jun 18 21:02:39 dnsmasq-dhcp[27580]: DHCPDISCOVER(eth0) 64:db:43:1f:b7:e9
Jun 18 21:02:39 dnsmasq-dhcp[27580]: DHCPOFFER(eth0) 192.168.0.97 64:db:43:1f:b7:e9
Jun 18 21:02:39 dnsmasq-dhcp[27580]: DHCPDISCOVER(eth0) 64:db:43:1f:b7:e9  Jun 18 21:02:39 dnsmasq-dhcp[27580]: DHCPOFFER(eth0) 192.168.0.97 64:db:43:1f:b7:e9                                                                   Jun 18 21:02:39 dnsmasq-dhcp[27580]: DHCPREQUEST(eth0) 192.168.0.97 64:db:43:1f:b7:e9                                                                 Jun 18 21:02:40 dnsmasq-dhcp[27580]: DHCPACK(eth0) 192.168.0.97 64:db:43:1f:b7:e9 android-280b264b2b887f11
Jun 18 21:02:45 dnsmasq-dhcp[27580]: DHCPREQUEST(eth0) 192.168.0.97 64:db:43:1f:b7:e9
Jun 18 21:02:45 dnsmasq-dhcp[27580]: DHCPACK(eth0) 192.168.0.97 64:db:43:1f:b7:e9 android-280b264b2b887f11

Then changing to a static IP and setting DNS as my pihole in android WiFi settings

pi@raspberrypi:~ $ tail -f /var/log/pihole.log                             Jun 18 21:07:29 dnsmasq[27580]: reply googleapis.l.google.com is 216.58.212.106                                                                       Jun 18 21:07:29 dnsmasq[27580]: reply googleapis.l.google.com is 216.58.204.10                                                                        Jun 18 21:07:29 dnsmasq[27580]: reply googleapis.l.google.com is 216.58.206.42                                                                        Jun 18 21:07:29 dnsmasq[27580]: reply googleapis.l.google.com is 216.58.206.74                                                                        Jun 18 21:07:29 dnsmasq[27580]: reply googleapis.l.google.com is 216.58.213.74                                                                        Jun 18 21:07:29 dnsmasq[27580]: query[PTR] 233.74.227.151.in-addr.arpa from 192.168.0.85                                                              Jun 18 21:07:30 dnsmasq[27580]: forwarded 233.74.227.151.in-addr.arpa to 8.8.4.4                                                                      Jun 18 21:07:30 dnsmasq[27580]: query[AAAA] pushapi.lenovomm.com from 192.168.0.85                                                                    Jun 18 21:07:30 dnsmasq[27580]: /etc/pihole/gravity.list pushapi.lenovomm.com is 2a02:c7f:9202:fb00:fa27:84de:7314:eb7a                               Jun 18 21:07:30 dnsmasq[27580]: reply 151.227.74.233 is 97e34ae9.skybroadband.com                                   

On both occasions adverts were not blocked.

So it looks like the dnsmasq service stopped itself again over night?

pi@raspberrypi:~ $ sudo service dnsmasq status
dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
  Drop-In: /run/systemd/generator/dnsmasq.service.d
           └─50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
   Active: failed (Result: signal) since Mon 2017-06-19 00:20:47 UTC; 8h ago
  Process: 1402 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 27581 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 27565 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 27562 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 27580 (code=killed, signal=KILL)

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

It really feels like I'm spending way more time.than I should be trouble shooting pihole.
So I have to assume I've done something wrong.
But this is on a clean, fresh install on the Pi, with nothing other than pihole.
sudo apt-get update && sudo apt-get upgrade was ran immediately after the Jessie install.

me again...

i have now seemingly got pi-hole successfully blocking adverts on windows and ios.

DHCP is disabled on my router

DHCP is enabled in pihole

i have assigned a static IP to my devices

On my windows laptop adverts are blocked and if i navigate to doubleclick,com i see the pi-hole landing page
This is also the case on the one ios device i have (iphone running ios 9.0.X)

Adverts on my android devices are still not blocked.

no matter how i configure my devices (static ip in android setting or DHCP) adverts are still seen on android.

I'm still a bit in the dark on how things are running on your configuration. Maybe you can try with an app on your Android device, like described here:

what do you need confirmation off?

i have an app called IP Tools...it tells me that the DNS server is my pihole

im not sure what the above achieves, but i did it, and it provided the correct answers if i configure it with my pihole address as dns and 'dig'

i know i can use an app that effectively creates a vpn (DNSChanger i think) but this is a workaround and not a solution.

And as people have reported correct function on android....

Yes, I'm still trying to find what your device is doing. I have had several Android devices over the last couple of years (from old ones up to Android 7) and they all worked immediately, so it is in fact possible. However, there seem to be some devices that have hard-coded DNS servers in the system such that they do not accept settings from the DHCP server (in the apps you can override that but only for within the app).

When you look at the tail of the pihole.log do you see any activity related to the IP address of your Android device?

This might help if you post results from below two on Android in a terminal window ?

getprop net.dns1

getprop net.dns2

No.

Edit:
I see my android device is assigned an IP by pihole dhcp

Jun 21 19:26:01 dnsmasq[16474]: DHCP 192.168.0.206 is android-a882b82f6f790589.local

Edit again

Interestingly left for a while I see

Jun 21 19:22:21 dnsmasq[16474]: query[A] connectivitycheck.android.com from 192.168.0.206

But nothing if I browse, and adverts are seen.
Note the times on the entries...

Returns an IPV6 address...not my pihole

Returns an ipv4 address...this is my pi-hole
192.168.0.45

Does the IPv6 address match the one stored in /etc/pihole/setupVars.conf? Sometimes the real address changes while the old one is still used by Pi-hole. (although, then it would not be able to query DNS except through the IPv4 one, which is not happening...)

No they don't match.

Within​Android settings, it tells me I have| 6 IP addresses?
1 ipv4
And 1 ipv6

The IPV6 address reported by android terminal matches what I see in my router settings under LAN port > IPV6 ULA, if that means anything.

Is there an option to disable IPv6 DHCP in the router? It sounds like that is still active.

I have it disabled...I think

Not sure what the options under LAN TCP/IPv6 Setup are?

Your settings are to use IPv6 in your network and distribute ULA information using Router Advertisement packets. So far so good. I'm not sure how much you are aware about the internals of IPv6 as it is not very similar to IPv4 in some aspects.

E.g., IPv6 does not need a DHCP server (and, in fact, many operating systems do not even support IPv6 DHCP servers) as IPv6 has been designed to work without a central management. The auto-config mode of IPv6 works approximately as follows:

  1. The router advertises itself as the route to the public Internet and announces the public Internet prefix it has been addressed with. This information is contained in RA packets which are send in your internal network in frequent intervals. Usually, the information of usable DNS servers is enclosed in the RA packets
  2. Once a computer is attached to this network, it waits (or asks) for such a RA packet
  3. After receiving a RA packet it takes the transmitted prefix and builds an IPv6 address by itself (usually using the MAC address of the networking interface)
  4. Thereafter, it sends a packet to the network to check if there is any other device which is already having the same address (this is unlikely as the MAC address should be unique)
  5. If no other device is using this address, the new computer finishes the IPv6 configuration successfully

As you can see, there might still be DNS information delivered to your device and your router may not allow you to configure this.
Honestly, it both saddens and baffles me that many many router manufacturers seem unable to produce good IPv6 settings web interfaces as I haven't seen meaningful interfaces in a lot of routers out there...

1 Like

thanks for the detailed explanation

reading between the lines....does this mean that blocking advert on some devices is not achievable if they are using ipv6?

No. I'm using full IPv6 at home and I am using Pi-hole are intended over IPv6. The only thing you have to do is to ensure that your devices get a DNS server information somehow.
In my setup it is achieved as follows:

  • Devices get DNS server over DHCP (IPv4)
  • Devices do not get any DNS information over IPv6

Hence, for all requests they will ask the Pi-hole over its IPv4 address which will - of course - also answer IPv6 requests.

Thanks again.

Im still a little confused as to how I achieve this...even with pihole set as dhcp server, and my isp routers dhcp server disabled, I still cannot block adverts on android.

just to clarify, when I set my android device to have a static IP (ipv4 - 192.168.x.x) via the settings, and manually set the DNS server to my pihole, adverts still appear?

how can I be sure that dns servers are only sent (?) via ipv4
The option in my router settings Enable IPV6 on LAN side....should this be checked or unchecked? Im not sure what this actually does?

Im starting to think this is being restricted via my isp provided router?

On a slightly different note, im currently in the process of re-structuring my network, which will include a VPN. (PIA for security and IP cloaking etc, you know why :wink: and internal to allow me to dial in from externally)
I have installed OpenVPN on a Pi2, and am looking at getting pi-hole to run along side it.

Neither do I and that might be the problem.

This connects that what I said above: I tend to agree. My ISP router is only submitting the IPv6 prefixes and leaves the clients alone with any DNS information altogether, i.e. if there would be no DNS information delivered over IPv4, then my clients wouldn't have any Internet at all!

I assume your router is "nice" enough to distribute some DNS information to your clients. But as you cannot switch this off/change what DNS servers are advertised, it is causing problems for you.

Unfortunately, this is to be expected as it points to the fact that your device just decides to use the IPv6 DNS server. One test: Please add an invalid IP address for the DNS server in your manual IPv4 configuration. What happens?

This is a damn nuisance.
My isp (SKY) are almost infamous for their hold over their customers, and they have rather publically said that they have no intention of opening up the router configuration.

If I manually set an IP address via android settings, I still see adverts.
If I manually set an IP address via pi-hole dhcp server I still see adverts.
Im not home right now, so cannot set IP address manually via the actual router config.
But if I remember correctly it still allows adverts through, actually, I think that unless I set pihole as the dchp server, adverts are seen on all devices, including ipv4 windows 10 lappy.