Pi-hole by-passed via IPv6 on Asus RT-AC66U-B1

nemoyi4714 · February 25, 2021, 1:13am

Bucking_Horn,
Stumbled upon this because I am having a somehwhat similar issue (moderator edit: to Unexplained Drop From 13% to 2-6% Block Rate).

My output:

nslookup pi.hole
Server:  2600-0011-0f02-4319-0000-0000-0000-0001.res6.spectrum.com
Address:  2600:0011:0f02:4319::1

*** 2600-0011-0f02-4319-0000-0000-0000-0001.res6.spectrum.com can't find pi.hole: Non-existent domain

nslookup flurry.com
Server:  2600-0011-0f02-4319-0000-0000-0000-0001.res6.spectrum.com
Address:  2600:0011:0f02:4319::1

Non-authoritative answer:
Name:    flurry.com
Addresses:  212.82.100.150
          98.136.103.23
          74.6.136.150

my client IP 192.168.0.97 Pihole sits on 192.168.0.18 Router 192.168.0.9 DHCP running off the router range 200-254. WAN DNS setting on Asus RT-AC66U-B1 set to Connect to DNS Server automatically. Lan --> DHCP Server --> DNS Server set to 192.168.0.18 (Piholes IP). On the pihole running on RPI --> Settings --> DNS --> upstream DNS: Google (ECS) all 4 check boxes to the right are selected. listen on all interfaces is on. Advanced DNS Never Forward non -FQDN's and **Never forward reverse lookups for private IP ranges are both checked. Use DNSSEC is unchecked. Conditional forwarding is checked 192.168.0.0/24 IP address of your DHCP server (router) 192.168.0.9 local domain name: landsend. In network overview I see all clients are connecting to the pihole.

Is it normal not to get the "cant find Pihole" message?

Bucking_Horn · February 21, 2021, 5:22pm

Same advice with regards to IPv6 applies:

nemoyi4714 · February 21, 2021, 5:22pm

Not sure how do I do that? .
Under Advanced IPV6 if I disable Connection Type then all IP6 traffic is blocked and I https://test-ipv6.com reports :
No IPv6 address detected
When a publisher offers both IPv4 and IPv6, your browser appears to be happy to take the IPv4 site without delay.
Connections to IPv6-only sites are timing out. Any web site that is IPv6 only, will appear to be down to you.

Bucking_Horn · February 21, 2021, 5:22pm

Neither am I.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.

If you router doesn't support that either, your clients will bypass Pi-hole via IPv6.

nemoyi4714 · February 24, 2021, 5:00pm

I think I found a way: Under Advanced IPV6 if I selected Passthrough Connection Type and IPv6 DNS Setting --> Connect to DNS Server automatically - Disable. IPv6 DNS Server 1 - Picked up the IPV6 off the Pihole Settings System page. Hopefully this is correct and helps someone in the future. Thanks

Bucking_Horn · February 21, 2021, 5:28pm

(I've moved your posts to a separate topic, so you can mark it as solved.)

To that end, it may help to know the firmware you used on your Asus RT-AC66U-B1 (version number and also stock vs. custom (e.g. Merlin) as applicable).

nemoyi4714 · February 21, 2021, 7:10pm

Stock Firmware: Firmware Version:[3.0.0.4.386_41634]

nemoyi4714 · February 25, 2021, 12:20am

Thanks all.

I have IP6 enabled and all seems to be working now...
NSlookup on pi.hole works as expected. Flurry.com is blocked as expected as it is in "in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts".