Pi-hole by-passed via IPv6 on Asus RT-AC66U-B1

Bucking_Horn,
Stumbled upon this because I am having a somehwhat similar issue (moderator edit: to Unexplained Drop From 13% to 2-6% Block Rate).

My output:

nslookup pi.hole
Server:  2600-0011-0f02-4319-0000-0000-0000-0001.res6.spectrum.com
Address:  2600:0011:0f02:4319::1

*** 2600-0011-0f02-4319-0000-0000-0000-0001.res6.spectrum.com can't find pi.hole: Non-existent domain
nslookup flurry.com
Server:  2600-0011-0f02-4319-0000-0000-0000-0001.res6.spectrum.com
Address:  2600:0011:0f02:4319::1

Non-authoritative answer:
Name:    flurry.com
Addresses:  212.82.100.150
          98.136.103.23
          74.6.136.150

my client IP 192.168.0.97 Pihole sits on 192.168.0.18 Router 192.168.0.9 DHCP running off the router range 200-254. WAN DNS setting on Asus RT-AC66U-B1 set to Connect to DNS Server automatically. Lan --> DHCP Server --> DNS Server set to 192.168.0.18 (Piholes IP). On the pihole running on RPI --> Settings --> DNS --> upstream DNS: Google (ECS) all 4 check boxes to the right are selected. listen on all interfaces is on. Advanced DNS Never Forward non -FQDN's and **Never forward reverse lookups for private IP ranges are both checked. Use DNSSEC is unchecked. Conditional forwarding is checked 192.168.0.0/24 IP address of your DHCP server (router) 192.168.0.9 local domain name: landsend. In network overview I see all clients are connecting to the pihole.

Is it normal not to get the "cant find Pihole" message?

Same advice with regards to IPv6 applies:

Not sure how do I do that? .
Under Advanced IPV6 if I disable Connection Type then all IP6 traffic is blocked and I https://test-ipv6.com reports :
No IPv6 address detected
When a publisher offers both IPv4 and IPv6, your browser appears to be happy to take the IPv4 site without delay.
Connections to IPv6-only sites are timing out. Any web site that is IPv6 only, will appear to be down to you.

Neither am I. :wink:

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.

If you router doesn't support that either, your clients will bypass Pi-hole via IPv6.

I think I found a way: Under Advanced IPV6 if I selected Passthrough Connection Type and IPv6 DNS Setting --> Connect to DNS Server automatically - Disable. IPv6 DNS Server 1 - Picked up the IPV6 off the Pihole Settings System page. Hopefully this is correct and helps someone in the future. Thanks

(I've moved your posts to a separate topic, so you can mark it as solved.)

To that end, it may help to know the firmware you used on your Asus RT-AC66U-B1 (version number and also stock vs. custom (e.g. Merlin) as applicable). :wink:

Stock Firmware: Firmware Version:[3.0.0.4.386_41634]

1 Like

Thanks all.

I have IP6 enabled and all seems to be working now...
NSlookup on pi.hole works as expected. Flurry.com is blocked as expected as it is in "in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts".