Literally no ads being blocked

deHakkelaar · May 5, 2020, 9:05pm

Am blind stupid
Got correct reply for IPv6 "::" but not IPv4.

DanSchaper · May 5, 2020, 9:06pm

May  5 21:06:09 dnsmasq[14237]: query[A] flurry.com.lan from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: forwarded flurry.com.lan to 192.168.88.1
May  5 21:06:09 dnsmasq[14237]: query[AAAA] flurry.com.lan from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: forwarded flurry.com.lan to 192.168.88.1
May  5 21:06:09 dnsmasq[14237]: query[A] flurry.com from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: gravity blocked flurry.com is 0.0.0.0
May  5 21:06:09 dnsmasq[14237]: query[AAAA] flurry.com from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: gravity blocked flurry.com is ::

PS C:\Users\dan> nslookup flurry.com
Server:  nanopi-r2s
Address:  192.168.88.5

Name:    flurry.com
Addresses:  ::
          0.0.0.0

No IPv6 on my network at all.

deHakkelaar · May 5, 2020, 9:09pm

Yeah same here, no IPv6:

pi@phb5:~ $ pihole -t
[..]
May  5 22:54:26 dnsmasq[474]: query[A] flurry.com from 10.0.0.11
May  5 22:54:26 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0
May  5 22:54:26 dnsmasq[474]: query[AAAA] flurry.com from 10.0.0.11
May  5 22:54:26 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0

C:\>nslookup flurry.com
Server:  noads.dehakkelaar.nl
Address:  10.0.0.2

Name:    flurry.com
Addresses:  ::
          0.0.0.0

DanSchaper · May 5, 2020, 9:11pm

Not necessarily, I missed the .lan for the NODATA, edited my post to acknowledge that.

deHakkelaar · May 5, 2020, 9:14pm

Should have been more specific:

nslookup -type=A flurry.com

EDIT: blast, even then the DNS suffix gets added

May  5 23:18:41 dnsmasq[474]: query[A] flurry.com.dehakkelaar.nl from 10.0.0.11
May  5 23:18:41 dnsmasq[474]: cached flurry.com.dehakkelaar.nl is NXDOMAIN
May  5 23:18:41 dnsmasq[474]: query[A] flurry.com from 10.0.0.11
May  5 23:18:41 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0

Bucking_Horn · May 5, 2020, 9:16pm

That Windows machine you are using wouldn't run a virus scanner like AVAST?
AVAST offers a feature called RealSite that will inject additional DNS queries to a "trusted" DNS server (run by AVAST) in case something goes wrong with normal DNS resolution, see Hilfe: Windows löst Hostname auch ohne PiHole auf? - #26 by Chris80 (though German, it also contains a short solution description in English).

DanSchaper · May 5, 2020, 9:22pm

The final . locks that to the root. nslookup will always tag on search domains if you don't terminate the domain.

deHakkelaar · May 5, 2020, 9:23pm

Yeah I know, was bout to reply below:

EDIT: Proper way with a dot at the end:

C:\>nslookup -type=A flurry.com.
Server:  noads.dehakkelaar.nl
Address:  10.0.0.2

Name:    flurry.com
Address:  0.0.0.0

May  5 23:21:22 dnsmasq[474]: query[A] flurry.com from 10.0.0.11
May  5 23:21:22 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0

mayk1 · May 6, 2020, 5:46am

You were right! It wasn't avast in my case- it was AVG.
Thank you guys so much!
Solution for everyone googling it: Disable secure DNS switch in your antivirus!
No need to disable ipv6

nslookup flurry.com
Server:  pihole
Address:  *******

Name:    flurry.com
Addresses:  ::
          0.0.0.0

DanSchaper · May 6, 2020, 4:00pm

Great! Now put up a firewall so the world doesn't have access to your admin page like they do now.

Edit: And close your open resolver.

mayk1 · May 6, 2020, 7:21pm

What do you mean by having an access?
How can I block it?

DanSchaper · May 6, 2020, 7:21pm

Disable the public IPv6. If you need IPv6 then use a ULA prefix instead of a GUA prefix.

mayk1 · May 6, 2020, 7:23pm

Can you recommend me some noob friendly tutorial?

DanSchaper · May 6, 2020, 7:26pm

Yeah, go to your router and click anything that says "Disable IPv6".

DanSchaper · May 6, 2020, 7:34pm

With IPv4 just about every consumer and ISP supplied router will use private addresses. This means that you have NAT protecting you by default and you have to purposefully port forward to open a hole in your network.

IPv6 uses public addresses (most of the time) and each computer/server/router/device/camera/thermostat/etc... will have a directly accessible IPv6 address. Everything with that public address space is basically sitting on the internet without anything in between. Public IPv6 prefixes are not for someone that doesn't have full knowledge of what/why/how it works.

Granted ISPs (mostly in Germany from my experience) rotate that address space and give you a new address, but that's just shuffling cards, your computers and electronics are still fully accessible.

For proof, go to your Pi-hole admin page and look for a query to gum.drop that just came from me.

mayk1 · May 7, 2020, 7:08am

I contacted my internet provider and disabled ipv6 - can you guys check it now?

DanSchaper · May 7, 2020, 11:16am

Can you provide a new debug token?

mayk1 · May 7, 2020, 12:03pm

Here you go: https://tricorder.pi-hole.net/qwo81autvj

DanSchaper · May 7, 2020, 12:05pm

Looks good, a few things to clean up.

Remove the IPv6 address from /etc/pihole/setupVars.conf since it doesn't exist anymore.
Uncheck the Use IPv6 box in the DHCP server configuration page, no need for that now.

Edit: And for good measure you can run pihole -r and reconfigure, skip the IPv6 setup if it's detected. There's a few places the old IPv6 address is still seen but it's not actually enabled on the Pi WLAN0.

mayk1 · May 8, 2020, 7:20am

Will do!
I'll try to save up some money and donate to you guys - amazing job, can't thank you enough.
Cheers from Poland!