Hello all,
First off I love pihole, it has enabled me to disable tracking and ads for all my devices and the community has enabled even a noobie like me to set it up in no time. So thankful for that.
Now to my issue:
My country's government has started blocking a lot of websites, some malicious and some not so much.
and the ISPs here are kind of blocking the websites in a weird way. let me explain.
I have setup pihole + unbound and routing my router to use the pihole unbound as the Primary DNS provider
My Router DHCP DNS configuration:
pihole running unbound:
But some of the websites are still getting blocked like for example https://raw.githubusercontent.com/
, they do this by routing all DNS for all blocked webpages to DNS address: 202.83.21.15
which is a blank DNS that the isp is using to divert all blocked DNS traffic.
Now with unbound I thought I can bypass this stupidity but it does not work like that I think and the pihole still proceeds to return the DNS address: 202.83.21.15 for all blocked traffic.
for e.g., if I ns lookup a malicious website let's say https://1337x.to which is a torrent site:
this is what pihole returns:
tinymagicbox@pihole:~# nslookup 1337x.to
Server: 192.168.100.201
Address: 192.168.100.201#53
Non-authoritative answer:
Name: 1337x.to
Address: 202.83.21.15
;; Got SERVFAIL reply from 192.168.100.201, trying next server
tinymagicbox@pihole:~# nslookup raw.githubusercontent.com
Server: 192.168.100.201
Address: 192.168.100.201#53
Non-authoritative answer:
Name: raw.githubusercontent.com
Address: 202.83.21.15
;; Got SERVFAIL reply from 192.168.100.201, trying next server
where 192.168.100.201 is the address of my pihole, so it's using the pihole but still failing to resolve to a proper DNS and just accepting the DNS provided by the ISP which is fake.
Now if I uncheck unbound and just use the Cloudflare ipv4 DNS I can reach this website, same for every other blocked website
tinymagicbox@pihole:~# nslookup 1337x.to
Server: 192.168.100.201
Address: 192.168.100.201#53
Non-authoritative answer:
Name: 1337x.to
Address: 104.31.16.118
Name: 1337x.to
Address: 104.31.16.11
tinymagicbox@pihole:~# nslookup raw.githubusercontent.com
Server: 192.168.100.201
Address: 192.168.100.201#53
Name: raw.githubusercontent.com
Address: 185.199.111.133
Name: raw.githubusercontent.com
Address: 2606:50c0:8003::154
Name: raw.githubusercontent.com
Address: 2606:50c0:8000::154
Name: raw.githubusercontent.com
Address: 2606:50c0:8001::154
Name: raw.githubusercontent.com
Address: 2606:50c0:8002::154
that means I can use Cloudflare or google DNS to unblock everything, but that defeats the purpose of my setting up the pihole + unbound
My question is how do I resolve this issue?
How do I make the pihole resolve the real DNS, and not the one provided by ISP?