In this context 192.168.8.1 is my home router, yet it still isn't able to reach the device. I'm was using VPN indeed, however ultimately Pi-Hole is expected to only serve the TV (no baked-in adds and hopefully a little more enjoyable experience when using Youtube) and smartphones (since Add block isn't really available there either). So it isn't mean to be used in connection with VPN. I'm using my computer as the client only to resolve the problem with DNS.
So, it seems that I made a mistake. The nslookup I did before was from the client, but I never changed the network settings to use RPi as the DNS server. Sorry for the confusion.
When changing RPi to be the DNS server, this is the output I get:
nslookup flurry.com 80.241.218.68
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 80.241.218.68
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
Note: the only change I did on my router is assign a static IP to my RPi, otherwise it works with default settings. And I only changed the IPv4 settings on my client (PC) to use RPi (192.168.8.104) as the DNS server and no backup DNS server (so it should only rely on RPi).
The above output is wrong since I didn't properly configure my computer before running these commands (since setting RPi as my DNS means I cannot access internet). Sorry for the confusion again!
The first two nslookups work as expected now:
Pi-hole is your client's DNS server, and it is blocking domains as expected.
However, the third nslookup should have returned 0.0.0.0, since the public DNS server queried blocks flurry.com as well.
There are routers that redirect DNS traffic to a public server of their likings, and that would normally result in some proper IP addresses for flurry.com.
In your case, it would seem that any attempt to access a public DNS server is just timing out.
That would indicate outbound DNS traffic (port 53) is blocked, maybe by your router or by a dedicated firewall in your network.
Well, there's no dedicated firewall in my network (aside from Window's firewall and whether a Smart TV has any noteworthy firewall on its own), so I guess it'd boil down to the router in question. I'll have to see if I can find anything useful for the Huawei H122-373 and try it out, since it doesn't seem to be on the side of Pi-Hole anyway ...
So, after some days spent tinkering and searching, I found something that might be of value:
It's for a slightly different model, but in a nutshell I suspect the issue at hand might be very similar => it's a 5G modem and there any port tinkering might be less-than-simple.
I have tried setting the RPi device in the DMZ, yet that didn't really help. I tried creating a virtual server on the device for port 53, but either the port is not correct, or this setting doesn't work the way it's supposed to.
I'll keep on trying and if I'll find something I'll post it here - perhaps some poor soul will benefit from my work
The article you've linked is about port forwarding, i.e. inbound traffic arriving at a certain port is fowarded to a certain specific device in your network.
You'd have to consult your router's documentation resources for an option that allows configuration of its firewall for blockling outbound ports. Note that it may not explicitly mentionfirewall or port, but use words like filtering or service instead.
If you cannot find a way to configure it, try to use your router as Pi-hole's sole upstream DNS server.
Maybe also look for DNS rebind protection. We've seen at least once in the past that a device was not allowed to talk to external DNS servers. Because the router had some rules to enforce the router as your DNS server.
Does
nslookup flurry.com 192.168.8.1
work?
If so, you may need to disable all DNS servers in Pi-hole and add your router as a custom one. Or replace your router, whatever is better for you
It seems that there might be something behind that. I tried to add my router as a custom upstream DNS router and it seems to work (at least my Windows client tells me internet works and my Smart TV seems to be quite content with this config). Alas this would probably mean I cannot configure Pi-Hole as a DNS server for the router, but rather rely on a per-device config ... And as for the router - unfortunately I cannot change much more than what I did. Seems like it's either the device manufacturer (Huawei) or the fact that it's a 5G router that makes the options so darn limited ...
Probably neither nor, it's rather that this has been engineered as an end-user device and a lot of vendors (including Huawei) are of the mindset: The less options, the less a user can break (and we'd need to support). As they're producing devices for the masses, they can live perfectly fine when some of them (even if hundreds) are unsatisfied with their devices and move on to another vendor.
I cannot really follow on this point right now. If it works when you set the router as custom DNS server, why isn't this a configuration you can just keep? Why any extra configuration on the clients?
In Pi-Hole I set my router as my upstream DNS. On my computer (and my TV) I manually set my DNS to point to my Pi-Hole. And this solution seems to work without any problems.
However when I tried to set Pi-Hole as my DNS server on my router, everything just broke - which makes sense. My Pi-Hole points to my router and my router points to my Pi-Hole. Not really a vaild solution.
Setting my router as my upstream DNS seems to work perfectly, no drops, I've been having this config for a few hours now and I'm extremely happy with the results. The only thing that irks me is that I am not able to set Pi-Hole as my router's DNS, so all devices connected to my network would be adds free without manually changing DNS config. That would really rock. But even without that, it's still an overall improvement compared to before.
It seems you've configured Pi-hole as your router's upstream DNS server then, and that above configuration would indeed close an endless DNS loop.
However, it was unclear how you did configure your router, since you never actually answered my previous question.
Note that it may be possible to configure your router to distribute Pi-hole as local DNS server via DHCP, provided your router supports it. That would also be the preferred way to make use of Pi-hole.
But since you mentioned it's just your TV that you want to be filtered by Pi-hole, your current manual setup (without setting up Pi-hole as your router's upstream) seems sufficient.
Being restricted to use your router as Pi-hole's only upstream is not a restriction at all when it comes to Pi-hole's filtering capabilities.
It may just limit your choice of upstream DNS servers to those that your router allows.
If your router would allow to distribute Pi-hole via DHCP, that would still be the preferred configuration.
If it does not support changing the DNS server propagated by the DHCP server, you may still be able to disable the DHCP server altogether on the router. You can then switch to the embedded Pi-hole DHCP server, enable this one and be immediately happy with the default setting. I'm doing this for years, never had a single problem with it.
I didn't. In the end I left the router settings as default, since I couldn't set Pi-hole as the DNS server (before I made it work by setting my router as the upstream DNS), so setting it there was ... yeah, it just brought the whole network down. So I left it as-is and now if I want to manually set Pi-hole as my router's DNS, it makes an endless loop and the whole system gets down again.
Unfortunately my DHCP settings are pretty limited. I basically consists of my router's LAN IP address (192.168.8.1), a toggle to turn on (or off) the DHCP server, DHCP IP range and DHCP lease time (by default set to 1 day). I cannot find an option to distribute Pi-hole via DHCP this way.
I will probably have to experiment with this and see whether this would work ...
It seems that the combination of Pi-Hole's DHCP server + using my router's LAN IP addr. as my upstream DNS server really did the trick. I've had no issues with connectivity, everything seems to be working the way it's supposed to and according to my dashboard ca. 15% of my queries were blocked so far. I've seen a noteworthy drop in adds on every connected client. Many pages are now add-free, some still have some and I'm constantly battling against Youtube (since no add-blocker exists for the TV), though I've seen many threads on this topic and apparently success is mixed to say the least.
I don't know how common are problems like the one I had with the whole DNS configuration, however this solution might hopefully help somebody in the future with their config.
This topic can now be closed, since the original problem has been successfully resolved. Thanks to everyone who took their time to answer in this thread.
