Did you set the Pi-hole to "Permit all origins" ?
It's safe to use it like this in your environment as the router is blocking all requests on port 53 originating from the WAN interface
Yes. I just tried again to make sure. I pointed the router DNS at Pi IP, and I changed the setting to permit all origins. After doing so, my LAN and Wifi devices have no internet connectivity.
- doesn't make sense , it should work
unless see 2 - maybe, at firmware level the routing table is not forwarding the requests to a private IP under the WAN settings (which is odd, as this would be indeed the first and only Netgear device that i know of, that would behave like this). There are several Modem/Routers out there that even if they accept the setting, it doesn't work.
- When using Pi-hole DHCP, all devices that receive leases from the Pi-hole DHCP server SHOULD work as they get all the DHCP parameters, including DNS IP information set as Pi-hole.
If they don't work, then there is something else happening there and it's definitely related to some bad settings.
Let me see if the Network Topology logic I have, is accurate:
Modem/Router combo.
Pi-hole hardwired on a LAN port (or is it via WiFi ).
3 more ports available in the modem/router combo that go to various hardwired devices.
In between those 3 ports, are there any other routers or is it just switches ?
I suspect 2 is the problem. Also, all devices are getting DHCP leases from the Pi. As a result, all devices show the DNS as the Pi. However, only ethernet connected devices show up under the Pihole network as using the Pihole. In turn, only ethernet connected devices are blocking ads.
Network Topology:
Modem/Router combo
Pihole hardwired on a LAN port
3 more ports available. 1 used by Samsung TV, 1 used for Linux/Windows dualboot desktop, and 1 open port.
Would you please generate a new debug token, as the original one expired and it's no longer available?
New debug token: xr14z00xru
Yep. All clean .. and looking good.
I do believe we isolated it at the Modem/Router combo Netgear device, as everything else that would logically work, stops at it ...
Even if "shoulda" and "coulda" apply to this one, I can see the appeal of 1 device "to rule them all". Unfortunately it seems that it doesn't play well with tinkerers
You know what needs to be done
Indeed I do. I'll be replacing the device sometime this year. I truly appreciate the help from everyone.
It kinda sucks because it's a D3.1 device and those are not that cheap (yet).
You can always sell it and recover some of the "damage".
I've been happy and content with Arris surfboard(s) currently using an SB8200 with Two 1-Gigabit Ethernet ports and an R9000 with LAG (Link aggregation).
See if your ISP supports Arris. I never had any issues with it (them) in the past 7 years.
I will try and sell it down the road. I will be in a different location in the near future with a different ISP, so it will be a good time to get rid of the thing.
Thank you for the recommendation.
Your ISP probably has better leverage than you, but it is Netgear that ultimately provides the firmware.
If you provide their developers with our findings, specifically those final wired/wireless nslookups from your laptop, they may see where they failed and provide an update.
Problem is to get that through to the devs. I doubt many customers follow this through to the end, and less will be able to provide the insights you have gained now.
As far as devices go, I find nothing wrong with combos - the majority of them works as expected and allow for reasonable configurations for the average home user (that is including running Pi-hole).
But I'd stay clear from anything that is ISP controlled issued - once for my privacy paranoia, but more important, to spare me from the usual respective "It's not our fault, it's the other's" that is bound to happen as soon as you face any troubles.
EDIT:
@charle1776: For what it's worth, I found that Netgear reports firmware versions for the C7800 to go up as high as V3.01.43 - depending on the ISP, of course. However, I couldn't retrieve any release notes, making it impossible to assess if any of those versions would contain possible fixes for your problem.
Yeah ... I've been trying to work with Netgear on one of my issues for the past 3 years ... We're too small for them to even matter and you'll see that on their support forums 
100% true.
It's not necessarily controlled by the ISP, I'd say more like ..."supported".
Even a compatible, customer owned device will STILL receive (at least) a boot file from the ISP (where the service is authorized, speed is set based on the tier paid, diagnostic information is provided to ISP, even devices connected directly to it and so forth).
So it's still controlled by the ISP, the moment you started using their infrastructure ...
Yes, you are right 
- I meant devices commissioned to you by your ISP, especially if they preserve the exclusive right to apply firmware updates or remote configuration. Used to be common in Germany, until the laws where changed to allow customers do use a device of their choice.
Same as OP. When i put Pi IP in primary and leave the other 2 to what they were at default Pi isnt working. When i change secondary to the same as primary is errors saying cant duplicate address's. When i leave secondary and third empty or 0.0.0.0 or 1.1.1.1 nothing happens. I get internet but Pi doesn't do anything to block adds or catch really anything.
A friend of mine is of the belief that my PC and IP are using IPv6 and that's whats causing my issues with Pi. But he doesn't have any experience with Pi and IPv6 so he can't help. As you can see in my post i made the other day after showing screenshots of my router and ipconfig the thread died when it was brought to the attention to people that i was using IPv6. Scroll torwards the bottom. but read the last message DeHakkelaar wrote
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.