Only router in Query Logs

Help
1

Expected Behaviour:

Queries from individual Lan clients should show up in Query Log.
I have seen this question asked before, but none of them shows that the DNS IP in clients is accually the piholes (192.168.1.7).

My Android
My Android1024×2219 84.7 KB

PiHole runs on TrueNAS Scale.
I have UniFi UDM as a router where I have set Pihole as DNS server. I have multiple VLANs.

I have seen actual clients in Query Log earlier in this exact pihole installation. Nowdays its only the router with hostname "unifi.localdomain".

Actual Behaviour:

Query Log shows only router making queries to the pihole.

Debug Token:

https://tricorder.pi-hole.net/AfAlXAhV/

2

Your DHCP server is the router on 192.168.1.1 and it is advertising itself, not Pi-hole, as the DNS server.

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)

   * Received 305 bytes from enp4s0:192.168.1.1
     Offered IP address: 192.168.1.7
     Server IP address: 192.168.1.1
      [...]
      dns-server: 192.168.1.1
      router: 192.168.1.1

Also Pi-hole is configured to use the interface eth0 but you don't have an eth0 interface. The offered .7 address is on the enp4s0 interface. Add the INTERFACE option:

    environment:
      INTERFACE: enp4s0

Extra

Unrelated to the above, in your domains you have various wildcard domains of the form

*.example.com

These won't reliably work since the * has special meaning in regex. Remove these and replace them by adding them in Domains > Domain > Add domain as wildcard. This will create a regex that looks like the below which will have the intended result.

(\.|^)example\.com$

Similarly in your no blocking group you are whitelisting the regex

*

but this needs to be deleted and replaced with the regex

.*

and this will then have intended result.

3

Thank you for the reply!
Im not questioning what you're saying, but how is it possible that clients tell the DNS server to be the PiHole (1.7) if DHCP server is telling 1.1, like in the picture? I checked also my Windows 10.

4

I'm not sure, I'm just going by what the DHCP scan found in the debug log. Is there something specific to this setup which would present different settings to the clients vs the Pi-hole?

5

Aha! I found it out, as I said I had different VLANs in my network, i have forgot to set the 192.168.1.0/24 subnet to use pihole as it's DNS. I changed it.
However this wouldn't explain why on 192.168.2.0/27 subnet devices which know DNS to be PiHole, are not showing on the client list in PiHole... Very strange..

I updated the token: https://tricorder.pi-hole.net/q9xdyFzj/

I just happened to notice that Client Activity graph shows many clients at 22.11.2023 19:00 - 20.00. How some clients are showing but not others are not? :open_mouth:

Kuvakaappaus 2023-11-23 15-26-05
Kuvakaappaus 2023-11-23 15-26-051366×768 144 KB

Edit2: I also found out that request in a live log:

Nov 23 15:53:08: query[A] gateway.icloud.com from 192.168.4.12
Nov 23 15:53:08: forwarded gateway.icloud.com to 1.0.0.1
Nov 23 15:53:08: reply gateway.icloud.com is <CNAME>
Nov 23 15:53:08: reply gateway.fe.apple-dns.net is 17.248.214.64
6

Solved!
Ubiquiti has introduced ad blocking option by themselfs. It seems that they redirect DNS traffic via their adblocking daemon and then to PiHole.

asd
asd326×179 10.2 KB

(Learn more directs you to: UniFi Gateway - Ad Blocking)

Disabling this option returned the clients to use directly Pi-Hole. I also verified it.

1 Like
7

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.