Guide for less problematic setup?

I'm sorry I'm not including much useful details here, I didn't see the point when issues are covered in specific threads.

I'm wondering if there's a guide to set up PiHole to be less problematic from the start. I've tried several times to implement it on my network, but each time, it renders the web pretty much entirely broken. Upwards of 50% of domains I frequently visit are broken, either in part or in full. It seems there's a vendetta being carried out against Microsoft with how many MS services and products blocked or broken - stuff that doesn't have any advertising whatsoever - Office365, Windows Store, etc. Heck, the download page for Putty was even blocked. Putty!?!?! That page is HTML straight out of the 90's without a single ad on it.

I've tried monitoring with Tail, but nothing is displayed when trying to visit a blocked site or service. I've followed several instructions given in help threads, sometimes they get a site/service working, most of the time they don't.

At this point, I'm probably at about 1000:1 as far as time being spent trying to fix what gets broken vs. time saved avoiding ads.

Is this normal? I really love the concept, the setup and admin interface all seem great, but the default configuration with respect to what gets blocked seems to undermine the whole darn thing.

I dont experience what your experiencing.
I can download Putty without problems from below link:

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Whats your Pi-hole private IP ?
And what is displayed when you run below one on a Linux or Windows client thats having troubles:

nslookup www.chiark.greenend.org.uk

And what is displayed on Pi-hole if run below one:

pihole -q www.chiark.greenend.org.uk

Thanks for the reply. Interesting that it seems to be a local problem.

When I run nslookup on an affected system, I get:

Server: UnKnown
Address: fe80::7644:1ff:fe47:ed59

Non-authoritative answer:
Name: www.chiark.greenend.org.uk
Addresses: 2001:ba8:1e3::
212.13.197.231

And when I run the pihole command, I get:

::: /etc/pihole/list.0.raw.githubusercontent.com.domains (0 results)
::: /etc/pihole/list.1.mirror1.malwaredomains.com.domains (0 results)
::: /etc/pihole/list.2.sysctl.org.domains (0 results)
::: /etc/pihole/list.3.zeustracker.abuse.ch.domains (0 results)
::: /etc/pihole/list.4.s3.amazonaws.com.domains (0 results)
::: /etc/pihole/list.5.s3.amazonaws.com.domains (0 results)
::: /etc/pihole/list.preEventHorizon (0 results)
::: /etc/pihole/blacklist.txt (0 results)

The local IP of my pihole is 10.0.0.100 (it's attached to a netgear wndr4500).

As soon as I set the DNS on the router back to Google (8.8.8.8), the Putty download page and all other issues are resolved.

Thanks for the help.

Can you post a screenshot of what setting you changed back ?
I suspect your setting DNS server for the WAN part on the router.
Your not supposed to do it like that as you miss out on very nice extra's.
I suggest you default those DNS settings on the router, disable the LAN DHCP server/service on the router, and as a replacement, activate the DHCP service from Pi-hole (via the web GUI):

This is reply on one of my clients with 10.0.0.2 being my Pi-hole:

$ nslookup pi.hole
Server:    10.0.0.2
Address 1: 10.0.0.2 noads.dehakkelaar.nl

Name:      pi.hole
Address 1: 10.0.0.2 noads.dehakkelaar.nl

And below one should display a nice block page:

http://doubleclick.com

EDIT: Owh and dont forget to renew DHCP leases on the clients when you switch by disconnecting & reconnecting network on the clients or reboot them!

Ps, your right, its a maze of settings with all the different hardware and different setups that people have but YOU try to write a manual that covers it all :wink:

You should not be running into so many issues. Would you please generate a debug token so we can further diagnose your issues?

It looks like most of your problems seem to be in the choice of block lists. You can modify those in the web interface to be less restrictive, or you could whitelist the domains you want.

Thanks for the attention everyone. I reinstalled my RaspberryPi and set up PiHole clean, just to avoid issues I may have caused. I've run into the same issues. I generated a debug report, token: ew3c6t7uej

On the DHCP server, does using the router as the DHCP server and setting the router to use the PiHole as the DNS inherently cause (or potentially cause) these types of issues? I get that the PiHole can act as the DHCP server, and maybe if I come to trust it I could enable that, but I'm not there yet. I have 8 to 10 systems set up with static IP addresses for application specific reasons (network rendering), and I'm disinclined to fiddle with that unless absolutely necessary.

With respect to block lists, is it generally accepted that if you don't want Microsoft products/services compromised or blocked, you need to remove the default lists and basically set up your own blacklist? Unfortunately, Windows is a necessary evil for me, and when I query the default ad lists, it appears many of them target Microsoft pretty heavily.

If you mean setting the WAN DNS to point to the Pi-hole IP, the answer is no.
Clients should resolve ads through the router DNS who will forward the requests to Pi-hole and Pi-hole will reply to the request returning its own IP address.
But you wont see nice stats and graphs for individual clients as all the DNS requests seems to be coming from the router ... from Pi-hole's perspective.

If those vital systems have a static IP and static DNS set, I dont see how switching DHCP from router to Pi-hole should cause problems for them as they dont depend on DHCP.
Mine is running close to a year now and I did not even experience a glitch.

The default lists that Pi-hole uses are not that strict or many more users would complain.
My estimate is that more than 50% are MS users.
And those that do get blocked are easy to whitelist if trailing the Pi-hole logs.

If you mean setting the WAN DNS to point to the Pi-hole IP, the answer is no.
Clients should resolve ads through the router DNS who will forward the requests to Pi-hole and Pi-hole will reply to the request returning its own IP address.
But you wont see nice stats and graphs for individual clients as all the DNS requests seems to be coming from the router … from Pi-hole’s perspective.

If those vital systems have a static IP and static DNS set, I dont see how switching DHCP from router to Pi-hole should cause problems for them as they dont depend on DHCP.
Mine is running close to a year now and I did not even experience a glitch.

Ok, I understand. As long as not configuring it as you suggest isn't contributing to the issues I'm having, I'll leave it as is for now. I get that that the PiHole could be more functional, and maybe if I can get it working I'll consider that, but for now, my main objective is to simply get it blocking ads while not wreaking havoc otherwise. I just want the simplest way to enable it to test, and disable it when I can't get it playing nice. Having it take over services my router is currently handling just complicates that.

I'm wondering if the issues I'm having are IPv6 related. My router doesn't have a specific section for IPv6 DNS settings.

A common mistake people make is configuring 2 DNS servers for the clients to get some sort of redundancy.
But "primary DNS" and "secondary DNS" does not mean the clients will always query the primary and in case its down, query the secondary.
It depends on the client OS implementation which DNS server is queried.
If the secondary DNS server is not Pi-holed, ads will still leak through.
Same with your router if you have Pi-hole for primary and another for secondary.

If you dont have ipv6 configured in your network, best to disable it entirely running "pihole -r".

So I gave it another clean install and this time I disabled ipv6 and so far, it seems to be running smooth. Microsoft Store/apps are working, Windows updates are working and I haven't come across any sites that are getting blocked.

So far so good. Right now, I just have individual systems set to use the PiHole for DNS, I'll give it another shot setting the router to use it so I can block network-wide, but if that proves to be a source of trouble, it's not that difficult to set it up on each system.

1 Like