Please follow the below template, it will help us to help you!
If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.
Expected Behaviour:
I would like pihole blocking on all of the computers on the network, including the computer that the pihole itself is running on.
Actual Behaviour:
currently I get adblocking on all the machines on the network except for the computer that the pihole is running on.
More info -- Intel 11 NUC, running ubuntu 22.04.3 LTS.
Pihole up to date. IPv6 is off at the router and on the pihole host computer.
Blocking works very well for everything except for the pihole host computer.
On the router I have my pihole's static IP as the DNS.
On the pihole I have a static IP set, netmask 24, and the router as the gateway.
The question is what should I put for the DNS on the IPv4 settings on the pihole host computer? Right now I have it as cloudflare, so of course when I browse from the pihole host computer it bypasses the pihole and uses cloudflare (and I get ads).
If I change the Pihole host computer to something else, such as the router IP, or to 127.0.0.1, will it end up in an infinite loop?
Or what happens if I leave the DNS options blank? Will I have no internet access.
Usually you don't need to change the host DNS, because most systems are servers without desktop environments and no browsers to see ads.
In your case, your host is used to browse web pages (and want ads blocked). Then you need to change the DNS to Pi-hole's IP.
Note:
I noticed a lot of warnings about Rate Limit in your debug log:
[2024-02-01 19:52:39.583 2390M] Rate-limiting 192.168.1.1 for at least 36 seconds
[2024-02-01 19:53:15.270 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1571 queries
[2024-02-01 19:54:15.340 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 3331 queries
[2024-02-01 19:55:15.408 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 4422 queries
[2024-02-01 19:56:15.477 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 3050 queries
[2024-02-01 19:57:15.549 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1085 queries
[2024-02-01 19:58:15.619 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1217 queries
[2024-02-01 19:59:15.690 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 2380 queries
[2024-02-01 20:00:15.757 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1562 queries
[2024-02-01 20:01:15.828 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1762 queries
[2024-02-01 20:02:15.896 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1366 queries
[2024-02-01 20:03:15.962 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1298 queries
[2024-02-01 20:04:15.031 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1169 queries
[2024-02-01 20:05:15.099 2390/T2691] Still rate-limiting 192.168.1.1 as it made additional 1834 queries
This could mean you have a DNS loop (or at least a partial loop).
Thanks for the DNS info. My pihole ip is 192.168.1.40 so that's what I set the DNS to.
And these rate limit warnings just started and I've been trying to figure out why. My pihole was going crazy logging queries for a while. It's been doing it for about 2 hours. So that's my project for tonight.
What would cause my router to trip the rate limit?
Maybe I'll reboot it and see if it stops. When in doubt - power cycle.
You need to find this out (probably in your router).
Your log shows Pi-hole has only 2 clients: -> Unique clients: 2
I guess they are your Router and Pi-hole host itself.
These queries can be caused by a single device insisting on the same query when Pi-hole block the domain.
They can also be caused by many different clients (you need to check that on your router) sending different queries.
Or there is some DNS loop.
And just to clarify if I want to browse on the pihole server itself and the static IP for the pihole is 192.168.1.40 an my router is 192.168.1.1, which one do I put on the static ipv4 page for DNS? If I put the pihole 's own address will it just recursive loop and not find a way to the internet?
Also re the rate loop, whatever it is seems to be over per the graphs on the gui. So I will watch over the next few days. At least from the listed top blocked and allowed queries I recognize the all, so I'm not being hacked/ part of a botnet
Apparently you have Unbound as Pi-hole upstream DNS. Also, you are testing different options for your host DNS. And I don't know exactly how your router is configured.
There are too many variables to guess. Let's try to temporarily simplify your setup:
in Pi-hole Settings > [DNS tab], use a public Upstream DNS (1.1.1.1, 8.8.8.8, 9.9.9.9, or any other you like);
in your host OS, also use a public Upstream DNS.
in Settings > [System tab], click on "Restart DNS resolver" button.
It's actually a cloud flared tunnel DoH. My pihole points to 127.0.0.1#5053.
Whatever happened the rate is back down and staying down. I'll check the graphs and logs over the next few days. I appreciate your help on both the question and the sneak attack question within the original question.
I think this strange behavior will right itself because it hasn't happened before and I've been running this setup for over a year. I'm waiting for everyone to get off the Internet and then I'll do the magic powercycle of everything (router, piholez etc) which often fixes things
If it happens again, check on your router which device is causing the queries. Alternatively, you can try to change your router's configuration to see individual devices in Pi-hole.
This link has different options you can try, depending on your router:
Thank you so much. I flushed the logs too so I can get a better idea of any changes over the next 24 hours. The spikes were so high it flattened the data for the rest of the 23 hours on the graph.
But glancing at the clients attached to the pihole and skimming their logs it looks like nothing nefarious. As long as it is from being hacked I can deal with it later, and I don't use port forwarding etc etc so the chances are lot.
Btw I tracked down the spike to AAAA which means it's coming from all within my network as I run ipv4 on my ln on my router. I think it was an iot device like one of my Google doorbells going rogue. My computers and cell phones don't attempt to send AAAA packets but I've seen my iot devices send both a AAAA and an A packet at the same time. (I had ipv6 enabled a few weeks ago and my traffic was about 45 percent ipv6. Now after resetting logs it's back down to the normal 3 percent ipv6). Whatever it was it seems to have stopped as the last 10 hours everything looks normal.
@rdwebdesign I figured it out. It was the Ubuntu connectivity check randomly pinging home a zillion times a day. Not sure why because it is supposed to default to every 300 seconds. And it would be intermittent - seemingly normal function followed by a flurry of it trying to phone home. But I turned it off and all is calm on my pihole.
