Help me understand what I'm seeing here

I’ve just installed Pi-hole and have to say it looks pretty amazing. One thing I don’t quite understand though. I have various browser extensions installed, Privacy Badger, Adblock, and Ghostery.

While browsing around and testing things I can see on the Pi-hole dashboard that it’s working, blocking lots of stuff. I still have my browser extensions enabled and they are also reporting that they are blocking trackers and stuff.

For instance, I visited cnn.com, then clicked on Privacy Badger to see that it has blocked the domain c.amazon-adsystem.com. When I paste this domain into the search box at http://my-pi-hole/admin/queries.php it comes up as blocked - showing “Blocked (gravity)”. If it’s truly blocked by the Pi-hole then why does it even show up in Privacy Badger?

I guess I was just expecting that particular domain to not show up at all in my extensions.

What am I missing here?

Thanks!

Hi and welcome. The browser extension and Pi Hole work in two different ways:

Your browser extension will have a list of domains/urls/regex that it blocks when it sees one in the HTML of the page.

Pi Hole does not remove those references from the HTML of the page but instead returns a different ip (0.0.0.0) for domains which are flagged to be blocked.

So if you go to a website which requests a page that refers to ads.doubleclick.net for example, your browser extension will still see that ads.doubleclick.net is in the page and block that element but the request still goes to your DNS server for the domain. When Pi Hole is acting as your DNS server it will return the ip 0.0.0.0 for that domain effectively blocking it again.

It is worth keeping the browser extension because it is also able to block ads or scrips on whitelisted domains.

2 Likes

Good explanation by @Comedy, leaves little to expand on.

I may just emphasize that Pi-hole works at the domain level (like annoyingclicks.net), whereas browser extensions may be blocking access to certain resources (pictures, videos, sounds, scripts, etc.) reachable via more specific URLs (like annoyingclicks.net/campaign/autumn/img).
So when your browser-plugin decides to block campaign images only, it prevents that URL from being requested (i.e. Pi-hole won’t be asked to resolve annoyingclicks.net yet).
It may then allow access to annoyingclicks.net/img, which results in a DNS request to Pi-hole. However, if annoyingclicks.net happens to be on one of Pi-hole’s configured blocklists, Pi-hole will then block access to that site altogether.
Thus, you might see domains shown as blocked by your plug-ins as well as your Pi-hole.

Very true.

Also, Privacy Badger is employing notably different tactics to decide what to block. Unlike Pi-hole and AdBlock, uBlock Origin or other list-driven add-ons, it doesn’t rely on statically provided lists carefully tended by their respective maintainers, but rather tries to identify questionable behaviour across sites.
It might prevent ads or tracking when lists are not aware of them yet, though I wouldn’t expect to see more than the occasional Privacy Badger exclusive block.

And last but not least, the most decisive difference:
While plugins are only active on those devices where you run them on, and only in the browser you installed them for, you can configure Pi-hole to block domain resolutions for every device on your network, regardless of OS and browser, for all DNS requests those devices make, not just the ones initiated by some browser.
This may also account for some domains being blocked by Pi-hole as well as plugins.

Thanks @Comedy and @Bucking_Horn. That clears it up I think.

I’ll continue to use my extensions in combination with Pi-hole. I went ahead and configured it to block domain resolutions for my entire network, no trouble so far. I have to say, I’m very very happy with how well it’s working. It had gotten to the point where I couldn’t even use the Flipboard app on my mobile device. Now it’s a breeze. :slight_smile: