Pi-Hole and VINCENT modem-router: DNS issues, pi-hole managing some traffic but Internet not working

The issue I am facing:

I have a Virgin VINCENT modem-router which necessitates me using pi-hole as my DHCP server. The VINCENT had its own DNS; the pi-hole was managing some traffic but ad traffic was coming through my whole network. When I try to set the pi-hole as the DNS on the VINCENT modem-router, Internet for the whole house is cut off (but the pi-hole is still managing some traffic).

Details about my system:

I have pi-hole running on a Raspberry Pi hard-wired into my Virgin VINCENT modem/router. The router is at 192.168.2.1; the Pi is at 192.168.2.19.

What I have changed since installing Pi-hole:

The pi-hole is set to be the DHCP server for the house. I have confirmed that it is the only DHCP server and that the DHCP server on the modem-router is turned off.

I've been using pi-hole as my DHCP server without incident for over a month, but ads are appearing everywhere, on all devices in the house.

This is not due to browsers circumventing DNS on their end; it is also happening in browsers where those features are confirmed off.

From previous threads, the issue seems to be that the VINCENT modem-router had its own DNS settings (207.164.234.193; 207.164.234.129). Despite the pi-hole being the house's only DHCP server, the theory was that the router was still pushing traffic through those DNSes, and I should update the router DNS settings to push all traffic to the pi-hole.

The issue is that when I do this, while the pi-hole continues to process traffic, I don't seem to be able to access the Internet normally, through browsers or via ping, on any device in the house.

First, I set the VINCENT modem-router DNS to
192.168.2.19 (pi-hole IP address)
1.1.1.1 (fallback)

After setting the DNS, and even after rebooting the modem, ping continued to work on my wired PC for various destinations, including sites I haven't tried in a while (cbc.ca, google.com, fark.com)

The Internet immediately stopped working on my phone and other devices in the house connected via wifi.

I shut down and rebooted the PC, and the Internet, including pings, no longer worked. I can still connect to and ping computers on the internal network.

In the pi-hole log, there are still queries coming from the Pc and devices in the house; watching the live feed, they are coming through (Windows, Synology, Microsoft, Firefox...) If I review Tools > Network, I can see both wired and wireless devices with "last query" after the IP address reset.

traffic-is-flowing-through-pihole973×311 20.3 KB

But no devices on the house can access the Internet. This includes the Pi that pi-hole is running on. Pings on the Pi deliver "Temporary failure in name resolution)". Pings on the PC (Windows) deliver "Ping request cound not find host ..."

When I run ipconfig on my desktop PC, it shows the default gateway as 192.168.2.1 (the router address).

When I run netsh interface ipv4 show dnsservers, it shows DNS servers configured through DHCP as the pi-hole address (192.168.2.19).

I have rebooted the modem; rebooted the Pi; shut down and restarted the PC; and have 'forgotten' the wifi and reconnected to it via my phone.

I've also deleted all the DHCP leases in settings > DHCP in the pi-hole. It's handing out new DHCP leases, but the devices receiving the leases still can't connect to the Internet (but I can see traffic for them in the query log)

In settings > pi-hole diagnosis, I'm seeing these errors:

Type NTP: Error in NTP client: Cannot resolve NTP servar address: try again

and

CONNECTION_ERROR Connection error (208.67.222.222#53): TCP connection failed (Host is unreachable)

Trying to update Gravity gives me "DNS resolution is currently unavailable. Waiting until DNS resolution is available."

After trying all of the above, I've reset the DNS on the router to restore Internet to the house; even that's a challenge; setting the router back to "Obtain DNS information automatically" didn't restore service (even though it did revert back to the DNS IP addresses above). I had to manually set the VINCENT DNS to 8.8.8.8 / 1.1.1.1 and reboot the device a few times to get Internet back online.

https://tricorder.pi-hole.net/vlXhTE7l/

If the Pi is going to act as DHCP server, it needs to be configured with a true static IP and not only a static DHCP reservation from the router!
How did you set a static IP on the Pi?
And what OS release is displayed if run below?

hostnamectl

If you set a "fallback", you allow ads to leak in:

And below for IPv6?

netsh interface ipv6 show dnsservers

Redact the latter part of IPv6 addresses listed, if any, and want to post here!

The static IP was set up using nmtui.Lots of back and forth about the setup process here: Setting up Pi-Hole on a Virgin Vincent modem-router - #3 by PantsMasterson

hostnamectl:
Operating System: Debian GNU/Linux 12 (bookworm)
Kernel: Linux 6.12.20+rpt-rpi-v8
Architecture: arm64

I appreciate your concern about the fallback DNS address, but since this is killing the entire Internet, it's doing a great job blocking ads right now. If we can get this up and running, should I just use the static IP 192.168.2.19 for both DNS entries on the router?

Presently, I've re-enabled the Internet by resetting DNS on the router to 8.8.8.8 and 1.1.1.1 as mentioned above, The current DNS servers configured through DHCP are fec0:0:0:ffff::1%1; 2%1; 3%1.

If you need to know what they are when I set the router DNS back to the pi-hole IP address, I can look that up when I try again, but understanding why this is relevant might be helpful.

Before configure anything on the router, does below one resolve to an IP when run on that Windows PC on a CMD prompt?

nslookup pi-hole.net 192.168.2.19

Eg:

C:\>nslookup pi-hole.net 10.0.0.2
Server:  pi.hole
Address:  10.0.0.2

Non-authoritative answer:
Name:    pi-hole.net
Address:  3.18.136.52

And does below one gets blocked (0.0.0.0)?

nslookup flurry.com 192.168.2.19

Eg:

C:\>nslookup flurry.com 10.0.0.2
Server:  pi.hole
Address:  10.0.0.2

Name:    flurry.com
Addresses:  ::
          0.0.0.0

Yes you could if it doesnt allow a single IP.

Is above from the netsh output?
If so:

I get a "DNS request timed out." with Server: UnKnown and Address: 192.168.2.19. This applies to any other URLs as well, including flurry.com.

Yes, sorry, I should have mentioned that those IPv6 addresses were via netsh. This router is not great in terms of giving end users much to do under the hood. There's a toggle for IPv6, I'll set it to "off" just to see what happens...

image1121×718 15.9 KB

That would mean you wont be able to let Pi-hole take over DHCP yet.
Need to fix that first.
Did you check the logs?

sudo less /var/log/pihole/pihole.log

sudo less /var/log/pihole/FTL.log

Firewall?

sudo nft list ruleset

Is she running?

sudo systemctl is-active pihole-FTL.service

Does the journal for the current --boot show any?

sudo journalctl --full --no-hostname --catalog --boot --unit pihole-FTL.service

EDIT: Or for the system in general?

sudo journalctl --full --no-hostname --catalog --boot --priority warning

I had to correct the log path for above posting of mine!
Wrong Pi

When I run the sudo less for pihole.log, it's thousands of lines long, and I'm not sure what to do with that information. Similarly, FTL.log is very long and I'm not sure what to look for, or how to copy and paste this information into a pastebin or something useable.

sudo nft list ruleset returns nothing, just goes back to command prompt.

It's running; in commannd prompt "active," and I can see the dashboard, the query log, etc. through the browser.

Here's the journalctl for the pihole-FTL.service:

May 24 13:13:44 systemd[1]: Starting pihole-FTL.service - Pi-hole FTL...
░░ Subject: A start job for unit pihole-FTL.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit pihole-FTL.service has begun execution.
░░ 
░░ The job identifier is 120.
May 24 13:13:45 systemd[1]: Started pihole-FTL.service - Pi-hole FTL.
░░ Subject: A start job for unit pihole-FTL.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit pihole-FTL.service has finished successfully.
░░ 
░░ The job identifier is 120.
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.133 EDT [1364M] INFO: ########## FTL started on raspberrypi>
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.148 EDT [1364M] INFO: FTL branch: master
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.148 EDT [1364M] INFO: FTL version: v6.1
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.148 EDT [1364M] INFO: FTL commit: a3313229
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.148 EDT [1364M] INFO: FTL date: 2025-03-30 17:53:24 +0100
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.148 EDT [1364M] INFO: FTL user: pihole
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.148 EDT [1364M] INFO: Compiled for linux/arm64/v8 (compiled>
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.188 EDT [1364M] INFO: Wrote config file:
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.188 EDT [1364M] INFO:  - 156 total entries
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.189 EDT [1364M] INFO:  - 144 entries are default
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.189 EDT [1364M] INFO:  - 12 entries are modified
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.189 EDT [1364M] INFO:  - 0 entries are forced through envir>
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.221 EDT [1364M] INFO: Parsed config file /etc/pihole/pihole>
May 24 13:13:45 pihole-FTL[1364]: 2025-05-24 13:13:45.221 EDT [1364M] INFO: PID file does not exist or not readab>
May 24 13:13:50 pihole-FTL[1364]: 2025-05-24 13:13:45.221 EDT [1364M] INFO: No other running FTL process found.

I'm also not sure what this means. pi-hole is DHCP. There is no other DHCP running on the system; it's turned off at the router, so the only DHCP on the network is pi-hole.

Look for errors and warnings.
Specificaly at the timestamp when you performed the nslookup's.

The rest of the ouptut looks good ... I think.

Do you run AV software on that Windows PC or any other security related software?
Try disabling them and try the nslookup's again.

Else I dont know what to look for.
You could upload a debug log for the devs and mods to have a look.
Post only the resulting token URL here thats displayed after a succesful upload and not the full log!

sudo pihole debug

Thanks -- here's the log:

https://tricorder.pi-hole.net/vlXhTE7l/

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.