I've installed the latest version of pi-hole in the last few days.
I can get all of the features (Adlist, blacklist, whitelist) to work for clients who are a member of the 'Default' group working fine.
However I have created other groups and these don't seem to take effect at all. Only when I apply the domain/client to the Default group do I see it take effect. As soon as the client is removed from the default group, and put in another group, no filtering takes place regardless of what domains or Adlists are applied to that group.
I must be missing something really obvious! I've tried restarting services and refreshing DNS but can't get it to take effect. Any tips please?
I've uploaded a debug log https://tricorder.pi-hole.net/xf3j8juzwf. My phone is in a group called 'new' (only) and there is one blacklisted domain associated with that group. I can access that domain even though it is blacklisted.
Im using the web interface only but placing at the debug it looks like the group, device etc are all OK to my untrained eye, so what am i missing?
How did you let your clients know about Pi-hole?
From your debug log, your router advertises only itself as DNS server.
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
Timeout: 10 seconds
* Received 300 bytes from wlan0:192.168.1.1
Offered IP address: 192.168.1.10
Server IP address: 192.168.1.1
Relay-agent IP address: N/A
BOOTP server: (empty)
BOOTP file: (empty)
DHCP options:
Message type: DHCPOFFER (2)
server-identifier: 192.168.1.1
lease-time: Infinite
netmask: 255.255.255.0
broadcast: 192.168.1.255
router: 192.168.1.1
dns-server: 192.168.1.1
domain-name: "broadband"
ntp-server: 192.168.1.1
So clients will send DNS requests to your router, wich I presume, will send the requests to Pi-hole. This is supported by
[2021-06-22 16:21:49.620 30531M] Imported 10475 queries from the long-term database
[2021-06-22 16:21:49.621 30531M] -> Total DNS queries: 10475
[2021-06-22 16:21:49.621 30531M] -> Cached DNS queries: 763
[2021-06-22 16:21:49.621 30531M] -> Forwarded DNS queries: 9608
[2021-06-22 16:21:49.621 30531M] -> Blocked DNS queries: 36
[2021-06-22 16:21:49.621 30531M] -> Unknown DNS queries: 0
[2021-06-22 16:21:49.621 30531M] -> Unique domains: 1568
[2021-06-22 16:21:49.621 30531M] -> Unique clients: 2
From Pi-hole's view, all requests are coming from the router, meaning it can not distinguish different clients. For the group management to work, your need to distribute Pi-hole's IP as DNS server via DHCP (or configure every client manually), so it does know "the real" source of the requests.
I've been testing this with one device with manually configured DNS set only to use pi-hole; everything else is going direct through my router and upstream DNS currently.
I can see the DNS requests coming in via the logs, pi-hole knows the device name and I can see it successfully passing the requests upstream. When I apply rules to the default group and join that device to the group, the rules take effect.
Your phone is in group 3 only. The only blacklist regex associated with this group is (\.|^)bbc\.co\.uk$ .
Edit: copy past error on my sideIf bbc.co.uk is the domain you wanted to blacklist, please not that the above regex does not cover this domain (see https://regex101.com/r/9mvupK/1)
OK, as a side point, I added bbc.co.uk using the web front end and it created the regex for it... however, I don't think this is the problem.
I've just added 192.168.1.109 (harvs-iphone) to the "default" group and browsed to bbc.co.uk, as you can see from the log, this is still unblocked (as expected).
2021-06-23 09:03:26 HTTPS idcta.api.bbc.co.uk Harvs-iPhone.broadband OK (forwarded to resolver2.opendns.com#53)
Now, I've added the bbc.co.uk domain to the "default" group and browsed again, this time you can see that it does block it (as expected)
Finally to confirm I've removed 192.168.1.109 from the "default" group and it continues to block the domain (not expected):
2021-06-23 09:09:28 A a1.api.bbc.co.uk Harvs-iPhone.broadband Blocked (regex blacklist)
It's leading me to think that pi-hole isn't recognising the device / the groups it is in, despite it appearing in the logs correctly and appearing in the clients list. Any tips to debug further are greatly appreciated!
Bingo! I think i've got it - I've gone back into 'clients' and found my device by MAC address instead of IP and it now accepts the Group assignments and works as expected.