Not Blocking Amazon ad on Pages to Test Ad Blocking Performance

Expected Behaviour:

At [Mod Edit: Link no longer available] the webpage says "This page loads some page-level ads from Google and Amazon. If you’re not seeing them, your Pi-hole should be working. For additional tests, see all these links below." I expected to see no Amazon or Google ads

Actual Behaviour:

I see an Amazon ad, square, near where it says if you're not seeing them your Pi-hole should be working. I do not see a Google ad.

Debug Token:

o1n0rljgjj

Are these domains in your blocklist (see pihole -q)

  • rcm-na.amazon-adsystem.com
  • pagead2.googlesyndication.com

For rcm-na.amazon-adsystem.com I got 3 matches. For pagead2.googlesyndication.com I got 7 matches. I'm guessing that means they're in my system?

I use the default set of adlists plus a bunch from threads around here on what lists are regularly updated for use with Pi-hole. I have not removed any of the defaults. This is an install I made today, everything is fresh.

I did whitelist domains using the commonly whitelisted sites in the FAQ section, but not all of those and nothing else is whitelisted.

Thanks for any help or advice!

Can you empty your browser cache and try again? Those are the two domains used for the ads.

I cleared my browsers cache (in fact all history). When I load up the test page for Pi-hole now I see a space where the amazon ad was and a message is shown from Firefox, within that space, saying "Unable to connect" with the rest of the Firefox usual for a web page it can't get to. It does name the server it can't reach as rcm-na.amazon-adsystems.com. This looks like a step in the right direction. Is there a reason I see this "Unable to connect" space within the page itself? I don't see anything for the Google Ad that should be there.

Possibly related, when I look at the queries related to Amazon after I load up the Pi-hole test page I see several IPv4 instances of rcm-na.amazon-adsystems.com Pi-holed, but I also see several IPv6 instances of rcm-na.amazon-adsystems.com that are OK (forwarded). I have IPv6 disabled on my router and I didn't set anything up for IPv6 on the Pi-hole since its disabled. Do I need to do something different there?

Thanks

1 Like

I did a search in the forums here and I did see a FAQ about the IPv4 combined with IPv6 false positives. I created the FTL conf file with the documented text and now those IPv6 instances are no longer shown in the query log, all I see are the Pi-holed IPv4 rcm-na.amazon-adsystems.com instances.

What happens to the IPv6 queries in reality? It's not clear to me where they're forwarded.

With that said, at this point the ad block result is purely cosmetic, I can see where the ad wanted to be, but it has no connection to load it. Is that the expected result? If I understand correctly, there is also a Google Ad on the page, but I've never seen that one or the spot on the page where it should be.

This means the ad was blocked.

You said you are not using IPv6 on your router. Is IPv6 blocking enabled on your Pi-hole? If IPv6 is actually still working, it may be one of the reasons you still saw an ad.

It's not only that I'm not using IPv6 on my router, I have it disabled, so the router doesn't hand out any Ipv6 IP's via DHCP. There's nothing in the setup I see otherwise. If I enable IPv6 on the router, then a whole slew of other options become available, but since its disabled I don't see anything else IPv6 related. It's an Asus RT-AC87U.

When I look in my Pi-hole admin settings via the web interface, anything IPv6 related looks inactive. By that I mean hovering over checkboxes or associated control for IPv6 turns my cursor into a red circle with the line through it and clicking does nothing. In the Pi-hole Settings->Sytem tab I see an IPv4 address populated but the IPv6 field is blank.

As a quick test, I added

net.ipv6.conf.all.disable_ipv6 = 1

to my sysctl.conf and rebooted. After the Pi was back up none of the adapters had information for IPv6 when I looked at ifconfig, so the change worked. I figured that would disable IPv6 on the Pi completely, but looking in the logs (I removed the pihole-FTL.conf setting) I see IPv6 queries left and right, all passed through. It's real strange and I don't know where they go.

After all that, how do I make sure blocking for IPv6 is enabled? Can't figure that one out now since I can't click anything in the web GUI.

BTW, thanks for going through this with me, I appreciate it.

1 Like

Do a pihole -r and you can reconfigure it to use or not use IPv6. The protocol is efficient and disabling it doesn't always do what you think it will since everything else is trying to use it.

This is a long one, I hope I don't put you to sleep, but I figured this may be helpful feedback.

First, documenting my network configuration: I have an Asus RT-AC87U with IPv6 disabled. No devices on my LAN use IPv6 for anything and DHCP from my router does not hand out IPv6 addresses since its disabled. My Pi-hole is setup only for DNS, not for DHCP. What I see on the Pi-hole are IPv6 domains being forwarded even though the domain is successfuly blocked as IPv4.

Second, I think part of my confusion here is that the IPv6 domain is probably not really forwarded by Pi-hole even though the query log shows it as so. Maybe a feature improvement would be to show what really happens with an IPv6 request in a network that has no IPv6 - though I don't know what that is. I'd guess Its ignored somewhere along the line. Anything IPv6 related has no where to go on my network. In fact, its still confusing to me how the Pi-hole sees IPv6 queries because I can't even point my router to the Pi-hole using IPv6.

I ran pihole -r and reconfigured it, making sure I selected both IPv4 and IPv6 blocking. However, when doing that, the IPv6 address showed up as blank and the refreshed gravity list only had my Pi-hole IPv4 address in it. So this was kind of a no-go in that it really just got me back to where I already was.

After this I ended up editing my dhcpcd.conf to set a static IPv6 address for the Pi-hole. Since there's no where for an IPv6 address to go and I have no 6to4 tunneling or anything else set up, I set up the Pi-hole to use the static IPv6 address used as an example in the dhcpcd.conf. I don't know if this is really legit, but its working for now. I also had to comment out a line that said noipv6. It now looks like this under eth0:

interface eth0
static ip_address=192.168.1.121/24
static ip6_address=fd51:42f8:caae:d92e::ff/64
static routers=192.168.1.1
static domain_name_servers=127.0.0.1
static domain_search=
#noipv6

After this I rebooted and ran pihole -r again. This was much better, After selecting both IPv4 and IPv6 blocking the Pi-hole setup saw both my IPv4 and IPv6 addresses. I took a look at the gravity list and now I see both IPv4 and IPv6 addresses of the Pi-hole for every domain. As an example:

192.168.1.121 0.01.2.13.3.sydneypropertyinvestors.com
fd51:42f8:caae:d92e::ff 0.01.2.13.3.sydneypropertyinvestors.com

Last thing I checked was the query log in the web admin GUI. There I also see domains that were formerly forwarded on IPv6 now being blocked along with IPv4 counterparts.

I'm not sure this does anything constructive, I'm not sure the forwarded IPv6 queries were really going anywhere, but at least now I know they're blocked in case they were meaningful.

If you have any feedback on doing this and if it is worthless/worthwhile or should be handled different I'd be interested in hearing it.

Thanks

Are you possibly running into this?

Queries for AAAA records can still happen as it's not actually using the IPv6 protocol, it's just using DNS and looking for the AAAA record.

[quote="Magura, post:11, topic:8536"]

if you have disabled IPv6 on your network, this is expected then since there is no valid address to use.

It looks like a ULA address, so that should work.

Perhaps I read wrong, but I thought you had intentionally wanted to disable IPv6 on your network, but now you have it enabled? In any case, if it's blocking the ads I assume that's the behavior you want, so good to go there.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.