I set up Pi-hole on a Pi Zero W running the latest Raspberry Pi OS Lite.
It seems that Xfinity doesn't allow you to change DNS settings on their modems, so I'm using the Pi-hole DHCP server workaround instead.
Had to use a second workaround to get the Pi-hole DHCP server to work (since Xfinity also blocks you from disabling the routers DHCP), but I'm pretty sure it worked, since I'm seeing all of my devices on the Pi-hole network and at least some queries are showing up in the query log.
Actual Behaviour:
However, I'm not seeing a noticeable decrease in ads.
I believe it's because not all the queries my PC should be requesting are actually getting intercepted by the Pi-hole.
I manually set my PC's DNS server to my Pi-hole's IP address (to ensure any DHCP server weirdness isn't causing this) and ran the d3ward adblock test.
Even though that test pings 135 different ad domains, only 8 got blocked, and when I cross-referenced with the DNS query log, I only saw 8 new entries, all of which got blocked.
I've even tried manually adding random websites to the blacklist, updating gravity, then going to that website only to see it load and navigate normally. It never showed up in my query log during the experiment.
Is there some way my PC is bypassing the Pi-hole that I'm missing (even with the DNS manually set)? I'm confused how it's even possible that only some queries are showing up in the log when theoretically all of my queries should be going through the Pi-hole.
While the Devs look at your debug, look at IPV6 as the router may still be advertising itself via that. If not needed and you can, disable it at the router.
I also have Xfininty and they provided the "all in one". I'm stuck using it but was able to set it to bridge mode and simply chose to use my old wifi router as the gateway.
I just took a look at my router's http admin page, looks like it has a few more LAN settings than the Xfinity app.
I just unchecked the box in [ Gateway > Connection > Local IP Configuration > IPv6 > LAN IPv6 Address Assignment ] that said Stateful(Use Dhcp Server). There's still a checked checkbox called Stateless(Auto-Config) that I can't interact with.
Not noticing any difference in the results of the adblock test, except that I think the query log now has way more entries for variations of the same few domains it was successfully blocking before.
I saw discussion about using bridge mode in some other Xfinity Pi-hole threads. Seems like a successful method, however I don't have any extra routers on-hand and I'm a bit reluctant to buy a fancy new one considering this was meant to be a small project to improve my parent's wifi quality while I'm here for the holidays (although I'm not totally against the idea).
Yes. Maybe your browser is using a different DNS server. Disable "Secure DNS" or something like this.Or maybe it is an IPv6 issue (already suggested by other users above).
Stateful - Needs DHCPv6 server to get IP, DNS, etc.
Stateless - DHCPv6 server is not needed. In this mode, host getting configuration (IP, DNS, etc.) from router ads.
Because it was related to DHCP(v6) you may want to bounce the connection and check again to see if helps, or as mentioned, it might be browser related.