Literally no ads being blocked

Help
23

And when tail the logs on Pi-hole:

pihole -t

What do you see when run nslookup flurry.com on the Win client ?

1 Like
24 
May  5 22:45:51 dnsmasq[515]: query[PTR] b.f.3.e.a.d.1.0.d.c.8.f.1.c.8.1.0.8.5.b.4.4.2.e.7.1.3.a.2.0.a.2.ip6.arpa from 2a02:a317:e244:b580:e5a3:fd01:8716:7ea8
May  5 22:45:51 dnsmasq[515]: /etc/pihole/local.list 2a02:a317:e244:b580:18c1:f8cd:1da:e3fb is pihole
May  5 22:45:51 dnsmasq[515]: query[A] flurry.com.lan from 2a02:a317:e244:b580:e5a3:fd01:8716:7ea8
May  5 22:45:51 dnsmasq[515]: cached flurry.com.lan is NXDOMAIN
May  5 22:45:51 dnsmasq[515]: query[AAAA] flurry.com.lan from 2a02:a317:e244:b580:e5a3:fd01:8716:7ea8
May  5 22:45:51 dnsmasq[515]: cached flurry.com.lan is NODATA-IPv6
May  5 22:45:51 dnsmasq[515]: query[A] flurry.com from 2a02:a317:e244:b580:e5a3:fd01:8716:7ea8
May  5 22:45:51 dnsmasq[515]: /etc/pihole/gravity.list flurry.com is 0.0.0.0
May  5 22:45:51 dnsmasq[515]: query[AAAA] flurry.com from 2a02:a317:e244:b580:e5a3:fd01:8716:7ea8
May  5 22:45:51 dnsmasq[515]: /etc/pihole/gravity.list flurry.com is 0.0.0.0

I took it from the admin panel of the pihole when running the command nslookup flurry.com in the window's command line

26

Above looks like pihole-FTL replied with 0.0.0.0.
Stumped.

1 Like
27

And the :: reply?

1 Like
29

What do you mean with ":: reply" ?
Do you mean run nslookup on Pi-hole itself as that would be something else to try ?

1 Like
30

From the query:

Server:  pihole
Address:  2a02:a317:e244:b580:18c1:f8cd:1da:e3fb

Non-authoritative answer:
Name:    flurry.com
Addresses:  ::
          98.136.103.26
          212.82.100.153
          74.6.136.153

Pi-hole is indicating that flurry.com is NODATA-IPV6. Where is the :: null response coming from that shows in the list of addresses?

EDIT: (Actually, that NODATA looks like it's from flurry.com.lan, but the point is why :: along with the non 0.0.0.0 A records.)

My suggestion for everyone is to disable IPv6, unless there is a need for GUA's on the LAN segment. Try eliminating as much of the variable condition as you can. Once Pi-hole is working over IPv4, then add back IPv6 (second suggestions, use a ULA prefix and not GUAs unless you REALLY REALLY know what you are doing and why you need a GUA prefix.)

2 Likes
31

Am blind stupid :smiley:
Got correct reply for IPv6 "::" but not IPv4.

1 Like
32 
May  5 21:06:09 dnsmasq[14237]: query[A] flurry.com.lan from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: forwarded flurry.com.lan to 192.168.88.1
May  5 21:06:09 dnsmasq[14237]: query[AAAA] flurry.com.lan from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: forwarded flurry.com.lan to 192.168.88.1
May  5 21:06:09 dnsmasq[14237]: query[A] flurry.com from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: gravity blocked flurry.com is 0.0.0.0
May  5 21:06:09 dnsmasq[14237]: query[AAAA] flurry.com from 192.168.88.254
May  5 21:06:09 dnsmasq[14237]: gravity blocked flurry.com is ::

PS C:\Users\dan> nslookup flurry.com
Server:  nanopi-r2s
Address:  192.168.88.5

Name:    flurry.com
Addresses:  ::
          0.0.0.0

No IPv6 on my network at all.

1 Like
33

Yeah same here, no IPv6:

pi@phb5:~ $ pihole -t
[..]
May  5 22:54:26 dnsmasq[474]: query[A] flurry.com from 10.0.0.11
May  5 22:54:26 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0
May  5 22:54:26 dnsmasq[474]: query[AAAA] flurry.com from 10.0.0.11
May  5 22:54:26 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0

C:\>nslookup flurry.com
Server:  noads.dehakkelaar.nl
Address:  10.0.0.2

Name:    flurry.com
Addresses:  ::
          0.0.0.0
1 Like
34

Not necessarily, I missed the .lan for the NODATA, edited my post to acknowledge that.

1 Like
35

Should have been more specific:

nslookup -type=A flurry.com

EDIT: blast, even then the DNS suffix gets added :frowning:

May  5 23:18:41 dnsmasq[474]: query[A] flurry.com.dehakkelaar.nl from 10.0.0.11
May  5 23:18:41 dnsmasq[474]: cached flurry.com.dehakkelaar.nl is NXDOMAIN
May  5 23:18:41 dnsmasq[474]: query[A] flurry.com from 10.0.0.11
May  5 23:18:41 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0
1 Like
36

That Windows machine you are using wouldn't run a virus scanner like AVAST?
AVAST offers a feature called RealSite that will inject additional DNS queries to a "trusted" DNS server (run by AVAST) in case something goes wrong with normal DNS resolution, see Hilfe: Windows löst Hostname auch ohne PiHole auf? - #26 by Chris80 (though German, it also contains a short solution description in English).

2 Likes
37

The final . locks that to the root. nslookup will always tag on search domains if you don't terminate the domain.

1 Like
38

Yeah I know, was bout to reply below:

EDIT: Proper way with a dot at the end:

C:\>nslookup -type=A flurry.com.
Server:  noads.dehakkelaar.nl
Address:  10.0.0.2

Name:    flurry.com
Address:  0.0.0.0

May  5 23:21:22 dnsmasq[474]: query[A] flurry.com from 10.0.0.11
May  5 23:21:22 dnsmasq[474]: /etc/pihole/gravity.list flurry.com is 0.0.0.0
2 Likes
39

You were right! It wasn't avast in my case- it was AVG.
Thank you guys so much!
Solution for everyone googling it: Disable secure DNS switch in your antivirus!
No need to disable ipv6 :smiley:

nslookup flurry.com
Server:  pihole
Address:  *******

Name:    flurry.com
Addresses:  ::
          0.0.0.0
1 Like
40

Great! Now put up a firewall so the world doesn't have access to your admin page like they do now.

Edit: And close your open resolver.

43

What do you mean by having an access?
How can I block it?

44

Disable the public IPv6. If you need IPv6 then use a ULA prefix instead of a GUA prefix.

1 Like
45

Can you recommend me some noob friendly tutorial?

46

Yeah, go to your router and click anything that says "Disable IPv6".