OpenDns Upstream Not Working

Fotingo · December 8, 2022, 5:21pm

I have Pihole configured and it is blocking ads great. I have OpenDns as the Upstream server, but adult sites are not getting blocked. When I go to welcome.opendns.com and I get a saying I am using their service, but content is not getting filtered.

I have OpenDns 208.67.222.222 - 208.67.220.220 in the WAN section of Asus AC86U
LAN DNS in router, I have pointing to the pihole.

In Pihole, I have checked both IPV4 OpenDns Upstream servers

I can't figure it out why it's not working..please help.

rdwebdesign · December 8, 2022, 11:42pm

Only the 2 OpenDNS or did you set any other?

Please generate a Debug Log (post only the token here).

Fotingo · December 9, 2022, 12:19am

I used only the 2 OpenDns

Here's the token.
https://tricorder.pi-hole.net/gcqgw5Xm/

As soon as I disconnect from Pihole, the OpenDns filtering starts working since I have it on the WAN.
I guess Pihole must not be forwarding DNS queries to OpenDns.

rdwebdesign · December 9, 2022, 12:56am

Your log shows pi-hole is working, forwarding queries to 208.67.222.222 and 208.67.220.220, and blocking domains.

You can check that reading your debug log using less /var/log/pihole/pihole.log and scrolling to the end of the file. Look for the -----tail of pihole.log------ section.

You can also verify the queries in real time:

using pihole -t on the command line or
accessing Tools > Tail pihole.log on the web interface.

rdwebdesign · December 9, 2022, 1:00am

You are using your router as DHCP server, but your router is advertising itself as DNS server:

      dns-server: 192.168.1.1

You need to set Pi-hole as DNS server on your router DHCP section.

Fotingo · December 9, 2022, 1:31am

That's how I have it. I have the Pihole DNS IP on the LAN DHCP section of the router.
This router does not accept unkown DNS servers in the WAN DHCP, so I can only use the LAN.

Pihole works and blocks ads as intended, but the content filtering from OpenDns is not working.

Fotingo · December 9, 2022, 1:40am

Since I couldn't get it to work, I started using Adguard, but before that I was testing different ways until I gave up. Maybe that debug I sent is showing one of the times I was messing with it.

I went back and setup Pihole like I had before and will run another debug.

rdwebdesign · December 9, 2022, 1:40am

Your debug log shows a different config:

   * Received 300 bytes from eno1:192.168.1.1
     Offered IP address: 192.168.1.78
     Server IP address: 192.168.1.1
     Relay-agent IP address: N/A
     BOOTP server: (empty)
     BOOTP file: (empty)
     DHCP options:
      Message type: DHCPOFFER (2)
      server-identifier: 192.168.1.1
      lease-time: 86400 ( 1d )
      renewal-time: 43200 ( 12h )
      rebinding-time: 75600 ( 21h )
      netmask: 255.255.255.0
      broadcast: 192.168.1.255
      dns-server: 192.168.1.1
      wpad-server: ""
      router: 192.168.1.1
      --- end of options ---

If your router was using Pi-hole as DNS server on the LAN section, we would see dns-server: 192.168.1.78 instead.

Fotingo · December 9, 2022, 2:08am

I believe is now working.. can you verify is doing what it's supposed to?

https://tricorder.pi-hole.net/rPoSMdyG/

rdwebdesign · December 9, 2022, 2:26am

Looks like it is working, BUT you are still using 192.168.1.1 as DNS server (Probably as "Secondary DNS"):

      dns-server: 192.168.1.78
      dns-server: 192.168.1.1

If you set an additional DNS server, Pi-hole will be bypassed when this DNS server is used.

I wrote Secondary in quotes, because when both DNS servers are working the router uses BOTH, not only the first one.

Fotingo · December 9, 2022, 2:28am

Hmm.. .Well, i don't know what it could be. I only added one IP to the LAN and left the 2nd blank.
Should I enter the same IP twice?

rdwebdesign · December 9, 2022, 2:32am

Depends on the router...

If blank it's not working, you could try to use the same IP twice.
If it doesn't work too, try to add an unused IP from your network range (outside your DHCP range to avoid conflicts).

Fotingo · December 9, 2022, 2:37am

Ok, added the IP twice and seems to be working as well.

https://tricorder.pi-hole.net/iKszH1sm/

rdwebdesign · December 9, 2022, 2:50am

Two things:

Looks like your router always advertises itself. Now you have it as "Tertiary DNS server":

      dns-server: 192.168.1.78
      dns-server: 192.168.1.78
      dns-server: 192.168.1.1

We always try to help, but we also like to teach users to find it's own solutions, when it's possible.
You can find the answer yourself, looking at your log:
- you can generate and read the log on the command line;
- you can generate and read the log on Web Interface;
- you can use less /var/log/pihole/pihole.log to read the last generated debug log.

Fotingo · December 9, 2022, 2:53am

Thank you. I can read it, but that doesn't mean I will understand it enough to know what I need to do to fix it, lol. But I appreciate the help and time..thanks again.

Fotingo · December 9, 2022, 2:55am

Actually... I just saw an option in my Asus AC-86U router that says "Advertise router's IP in addition to user-specified DNS" - It's set to YES.

Fotingo · December 9, 2022, 3:13am

Here is a token with that setting set to OFF.

https://tricorder.pi-hole.net/nW1KU3qh/

Fotingo · December 9, 2022, 3:28am

Now the log shows as
dns-server: 192.168.1.78
dns-server: 192.168.1.78
router: 192.168.1.1

Does that look ok?

rdwebdesign · December 9, 2022, 3:30am

Yes!
It is using only 192.168.1.78 as DNS server.

Fotingo · December 9, 2022, 3:36am

Nice.. now, if I you allow a quick question on something related to pihole.. If I need to create a new thread let me know.
On my Asus router running Merlin's firmware, I use a few DNSmasq scripts to force SafeSearch network wise and it works well, but I notice once I point my computer to use Pihole's DNS, I lose the SafeSeach feature.

Is this what's supposed to happen or I should be able to run pihole and DnsMasq scripts enforced?