New install of Pi-Hole and facebook no longer works even with whitelisting

Help
1

Hi, I have a RPI2b with a new C10 sd card. I had Pi-Hole installed on it before and it worked fine and no issues with Facebook.
I moved from Darwin to Adelaide and needed to replace my SD card. So I have a clean install with a new card and now facebook no longer works. I have never had to put in whitelisting rules before or remove any of the block lists either.
I searched google and whitelisted all the recommended facebook domains and also removed any facebook blocklists that I had applied.

Facebook messenger doesn't send messages and facebook itself wont refresh either until I change our phones from wifi to mobile network.

Debug Token:

[✓] Your debug token is: https://tricorder.pi-hole.net/QTYlteLi/

2

To verify whether Pi-hole has a part in this, you could try disconnecting your problematic phones, Disable Blocking via Pi-hole's UI for some time, and reconnect your phones to your home network's wifi.
Does Facebook work as expected then?

Also, your debug log shows your router to distribute its own IPv4 as local DNS server beside Pi-hole:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 300 bytes from eth0:192.168.0.1
     Offered IP address: 192.168.0.10
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.0.10
      dns-server: 192.168.0.1
      router: 192.168.0.1

This would allow clients to by-pass Pi-hole via your router's IP at their own discretion.

This may or may not affect your difficulties accessing facebook.
It could if your router would indeed aggregate some of your DNS traffic, and somehow would block those requests, e.g. by some parental control feature or by using an upstream DNS resolver that blocks them.

In any case, Pi-hole has to be the sole DNS server for your network.
You'd have to stop your router from handing out its own IP as DNS server.

3

The router's DNS is the secondary failover DNS in case the pi-hole goes down.
I have disabled the pi-hole for the time being while I diagnose what's going on so its using the router's DNS which is set to 8.8.8.8 at the moment and there are no issues with FB or messenger.

4

The router's DNS is the secondary failover DNS in case the pi-hole goes down.

The secondary DNS is not used as a failover. The other DNS server will be used, even if the first one is available and Pi-hole will be bypassed.

5

I had it set the same before and never had these problems, so I dont understand why its happening now.
I will change it and try again.
The problem is that we cannot get to facebook or facebook chat and we want to. I'm not trying to block it, I'm trying to allow it.

6

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

7

Your debug token is: https://tricorder.pi-hole.net/x10N6bTI/

8

I can think of two possible explanations:

a. Your blocklists have changed.

You may have employed additional blocklists.
Your debug log suggests they all have been added on 2023-04-15 (though that may just be the case due to your current attempts to get Facebook operational).

But also, even without adding any lists, some of the existing blocklists may have been expanded with entries blocking facebook.

b. Your phones haven't been (always) subject to filtering at your previous destination

Your debug log suggests that your current RPi has only link-local IPv6 connectivity, as the resolution request via public IPv6 address is failing:

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] chogo16.com is :: on lo (::1)
[✓] chogo16.com is :: on eth0 (fe80::9620:ba6:b906:5a6c)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

If your previous ISP would have offered public IPv6 connectivity, and the router would have advertised its own IPv6 as DNS server (or your ISP's DNS servers), then there is a chance that your smartphones -with a tendency to prefer IPv6 over IPv4 - would have by-passsed your Pi-hole via IPv6. That would have allowed them to escape any facebook blocking, even if that would have already been in place before.

In both cases, your approach of whitelisting facebook domains should be able to address this.

Monitoring your Pi-hole's Query Log while a smartphone is attempting to connect to facebook should help you in identifying related blocked domains, and having a read of How do I determine what domain an ad is coming from? may also be helpful.

There is also a third possibilty, though I consider that unlikely:
Some ISPs offer filtering DNS requests at their end, e.g. as a parental control feature. I doubt that they'd filter facebook, but you'd probably want to verify whether such a service would be active for your connection nevertheless.

9

It seems to be the 2 dns addresses.
I removed the 2nd dns server and now facebook is working.
I had an ASUS router before and my new Optus router is a newer ASUS router that looks like it has a custom "Optus" firmware. There must be something different in this router because I had 2 DNS entries which I thought the 2nd entry was a failover. It always blocked adds etc from the old router despite having 2 so logically it would seem like that shouldn't matter but it looks like it does now.

As I mentioned in the beginning I had to replace the sd card and install a fresh copy of raspian and setup pi-hole again from scratch so the dates reflect that.

I have used the same block list that I got from https://firebog.net/

My router has IPv6 disabled locally which explains why it says that about ipv6.

10

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.