Hello, i recently installed Pi-hole on my raspberry pi4. First after installing it blocked around 30% of total queries. So i added some lists, still working fine with a few million domains. About 2 hours later it wouldnt block anything anymore. Deleted all lists, added the standard again - nothing. I now added a few very aggressive lists, sitting at almost 56 million domains for testing.
0.8% blocked.
Every adblock tester tells me it blocks about nothing.
I've checked and edited my static ip and dns config a few times now. Router seems to forward the correct dns aswell. Installed unbound to use as dns, still doesnt work. Reconnected my devices and rebooted my pi and router.
Maybe reinstall as a whole? I dont know if that would fix it.
Hope to get some help why it isnt working. This is my first networking project.
https://tricorder.pi-hole.net/dx14GUxx/
Your debug log shows your Fritzbox router is advertising its own IPv6 addresses as local DNS servers:
* Received 208 bytes from fe80::<redacted>c @ eth0
(…)
Recursive DNS server 1/2: fd98:<redacted>c
Recursive DNS server 2/2: 2a00:<redacted>c
DNS server lifetime:1200 sec
This will allow clients to by-pass your Pi-hole via those IPv6 addresses.
You'd have to configure your router to stop advertising its own IPv6 as DNS server, or to advertise your Pi-hole host machine's IPv6.
FritzBox models support deactivating IPv6 DNS servers via Home Network|Network|Network Settings|IP Addresses|IPv6 Settings:
a. Untick Also announce DNSv6 server via router advertisement (RFC 5006).
b. Tick Disable DHCPv6 server in the FRITZ!Box for the home network and
b.1. choose There are no other DHCPv6 servers for the home network.
This will have clients construct their IPv6 addresses via auto-configuration (SLAAC) exclusively, and will leave them with just an IPv4 address for DNS.
Okay, i did that. But the problem isnt fixed. I still see like every ad on cnn, yahoo or any other website.
I did a new debug:
https://tricorder.pi-hole.net/6lEIv4aV/
According to your most recent debug log, your Fritzbox no longer advertises IPv6 DNS server addresses.
Judging by your first debug log's DNS server lifetime, clients may have held on to the previous advertised IPv6 addresses for up to 20 minutes.
If you still suspect your clients to by-pass Pi-hole, please share the result of the following command as run from a client:
nslookup flurry.com