I installed pi-hole with raspbian three days ago on a newly installed 3b+. I didn't expect much problems. The setup process was easy. I changed the DNS-server that my router was broadcasting via DHCP from cloudflare to the pi-holes IP (IPv4 and 6 of cause).
I checked the pi-holes Dashboard. The thing was up and running. Then I checked the query log. I saw countless connections from a connected iPhone to something.ims.vodafone.com. So I tried to block this connections.
I opened the blacklist on the web-frontend and added ims.vodafone.com with a click on "Add (exact)". It doesn't work, as I could see on the query log. So maybe I should add ims.vodafone.com with "Add (wildcard)"? Sounds good for me - but it didn't work either.
Then I tried the same with a news site I visit from time to time. Adding www.golem.de or golem.de didn't work until I reboot the pi-hole. Is this how it should work?
I tried to find out more with nslookup. And now it becomes weird. When I use nslook with simply typing in the command, I get a time-out. And then I can't find anything.
If I use nslookup with the name of the pi-hole it is the same - the pihole is not able to resolve it's own dns-name. If I use nslookup with the IPv4-adress of the pi-hole it works as intended - I can't lookup anything in the blocklist. If I lookup for google.com I receive the correct IP. If I try the same with with nslookup domainname.com ipv6-adress it doesn't work.
The last thing I came up with was the debug log. And there was an error:
So it looks like the IPv6 gateway did not respond. I have no clue why, because:
I can send a ping to the IP-adress
I never set up an IPv6 default gateway (only IPv4 and that works fine)
Before you ask, my client configuration (Win 10) is fine. Like all clients it is setup with DHCP and the DNS-Servers (IPv4 and 6) are correct. It wouldn't explain the iPhone's behaviour anyway.
Your debug log shows a very high number of DNS requests to your Pi-Hole in the previous 24 hours. When you start pihole-FTL, it has to read all this data and this may be causing your problems.
[2019-10-02 15:23:30.193 755] Imported 756953 queries from the long-term database
[2019-10-02 15:23:30.194 755] -> Total DNS queries: 756953
[2019-10-02 15:23:30.195 755] -> Cached DNS queries: 9346
[2019-10-02 15:23:30.195 755] -> Forwarded DNS queries: 323652
[2019-10-02 15:23:30.195 755] -> Exactly blocked DNS queries: 423955
[2019-10-02 15:23:30.195 755] -> Unknown DNS queries: 0
[2019-10-02 15:23:30.195 755] -> Unique domains: 1122
[2019-10-02 15:23:30.195 755] -> Unique clients: 9
[2019-10-02 15:23:30.195 755] -> Known forward destinations: 4
Let's look at which clients are causing the traffic, and to where:
echo ">top-clients" | nc localhost 4711
echo ">top-domains" | nc localhost 4711
echo ">top-ads" | nc localhost 4711
From your debug log, you were including the wildcard characters, which is incorrect. Enter the domain only and then "add wildcard".
2019-10-02 07:59:15: *.ims.vodafone.de is not a valid domain
2019-10-02 07:59:18: *.ims.vodafone.de is not a valid domain
I tried the three commands. The top client is the iphone, the result for domains and ads was something.ims.vodafone.com.
Adding the domain as *.ims.vodafone.com with the wildcard-button was one thing I tried after everything else failed. So yes, it doesn't work, but it has nothing to do with the problem. There is no *.ims.vodafone.com in the blacklist.
You would not expect there to be. When you type in ims.vodafone.com into the blacklist entry window, then select "Add (wildcard)", this entry should go into the regex & wildcard blocking section of that page and the actual line entry would be in file /etc/pihole/regex.list
I find out something else. From my windows machine, I can ping the IPv6 adress from the router. But I cant ping the exact same adress on the pi. Why is that?
Neither of the IPv6 addresses assigned to the Pi match the IPv6 in the Pi-Hole setup. I altered the IPv6 address for posting purposes - your debug log has the specifics.
[✓] IPv6 address(es) bound to the eth0 interface:
xxxx....:7d7f:9a41 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
fe80::800f:2c5a:ed05:29e1 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
[i] Default IPv6 gateway: fe80::464e:6dff:fed8:37d5
fe80::464e:6dff:fed8:37d5
* Pinging fe80::464e:6dff:fed8:37d5
fe80::464e:6dff:fed8:37d5...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)
*** [ DIAGNOSING ]: Setup variables
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.178.5/24
IPV6_ADDRESS=xxxx....:6bff:fe8f
If you don't specifically need IPv6 on your network (and very few users do), then I would disable it on the network and avoid potential IPv6 problems. The IPv6 DNS queries can still be handled by IPv4.
But why? As I said, the system was setup from zero. I didn't configure anything with IPv6 on it. Any idea why the config is wrong and how I could fix it? /I fixed the IPv6 part myself now.
I solved the IPv6 problem. The pi is connected via LAN but the WIFI adapter was still activated. I disabled it and I have no warning anymore.
But I still have the problem that I cannot block something.ims.vodafone.com for some reason. I can only block parts of it:
Oct 2 19:11:10 dnsmasq[3399]: query[AAAA] mplusps.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: /etc/pihole/regex.list mplusps.ims.vodafone.com is 0.0.0.0
Oct 2 19:11:10 dnsmasq[3399]: query[SRV] _sip._udp.mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded _sip._udp.mplus.ims.vodafone.com to 2606:4700:4700::1001
Oct 2 19:11:10 dnsmasq[3399]: query[SRV] _sips._tcp.mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded _sips._tcp.mplus.ims.vodafone.com to 2606:4700:4700::1001
Oct 2 19:11:10 dnsmasq[3399]: query[A] mpluswf.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: /etc/pihole/regex.list mpluswf.ims.vodafone.com is 0.0.0.0
Oct 2 19:11:10 dnsmasq[3399]: query[AAAA] mpluswf.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: /etc/pihole/regex.list mpluswf.ims.vodafone.com is 0.0.0.0
Oct 2 19:11:10 dnsmasq[3399]: query[NAPTR] mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded mplus.ims.vodafone.com to 2606:4700:4700::1001
Oct 2 19:11:10 dnsmasq[3399]: query[SRV] _sip._tcp.mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded _sip._tcp.mplus.ims.vodafone.com to 2606:4700:4700::1001
Oct 2 19:11:10 dnsmasq[3399]: query[A] mplusps.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: /etc/pihole/regex.list mplusps.ims.vodafone.com is 0.0.0.0
Oct 2 19:11:10 dnsmasq[3399]: query[AAAA] mplusps.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: /etc/pihole/regex.list mplusps.ims.vodafone.com is 0.0.0.0
Oct 2 19:11:10 dnsmasq[3399]: query[SRV] _sip._udp.mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded _sip._udp.mplus.ims.vodafone.com to 2606:4700:4700::1001
Oct 2 19:11:10 dnsmasq[3399]: query[SRV] _sips._tcp.mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded _sips._tcp.mplus.ims.vodafone.com to 2606:4700:4700::1001
Oct 2 19:11:10 dnsmasq[3399]: query[A] mpluswf.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: /etc/pihole/regex.list mpluswf.ims.vodafone.com is 0.0.0.0
Oct 2 19:11:10 dnsmasq[3399]: query[AAAA] mpluswf.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: /etc/pihole/regex.list mpluswf.ims.vodafone.com is 0.0.0.0
Oct 2 19:11:10 dnsmasq[3399]: query[NAPTR] mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded mplus.ims.vodafone.com to 2606:4700:4700::1001
Oct 2 19:11:10 dnsmasq[3399]: query[SRV] _sip._tcp.mplus.ims.vodafone.com from 192.168.178.23
Oct 2 19:11:10 dnsmasq[3399]: forwarded _sip._tcp.mplus.ims.vodafone.com to 2606:4700:4700::1001
Oh, that is easy. It's my landlords wife smartphone. Vodafone is her provider). I might take a look at it. I believe it's a "use wifi for calls"-setting or something like that.
Well.... it sounds like it is not possible to handle them like all other blacklisted requests? I'm a bit puzzled why pi-hole is answering the requests, but maybe I get the concept wrong. I thought, if I set a name on the blacklist it would be blocked no matter if its a name record or mx or whatever.
But thanks up to here, now I know why this happens. The IPv6 problem is solved. My last question is a minor one: Why does't nslookup on win 10 work as supposed? When I start nslookup it starts after a timeout because it cant find the DNS server. If I use the command like
nslookup google.com 192.168.178.5
I get the expected result. nslookup alone doesn't work. Any idea? I flushed the cache, restarted the machine and restarted the network. Ipconfig doesn't show me anything unexpected.
I send you a private message with the output. The DNS-server is 192.168.178.5 for ip4 and it is ok for the ip6-part. It should work, as far as I can say.
The ipv6-adress from the dns server was wrong. I took it from a screen from pi-hole that said something like "this is your dns server" followed by an ipv4 and an ipv6 adress. The ipv4 adress was ok, but the ipv6 adress was from the disabled wifi-card.
I saw it after looking through the system to find out what the ... is going on. I changed the ipv6-settings on the router, he now broadcasts the correct ipv6-dns-server and after disabling-enabling my win 10 internet connection, nslookup finally works.
I look at the bright side: That will never happen again to me. So I guess I learned something today
I don't know how it works here, but I finally have a solution that might be worth to mention. It is not inside a single post, so I create a new one. I find this solution mainly with the help of @jfb
If you intend to install Pi-hole on a fresh installed computer and do NOT intend to use WIFI, then switch it off prior to the installation and configuration of pi-hole. I didn't; and that caused my IPv6 problems. For some reasons pi-hole showed me the ipv4-adress from the ethernet-module and the ipv6-adress of the WIFI-module as DNS-server-adress. After I switched off the WIFI on the raspberry and used the correct IPv6-adress as DNS-server-adress, everything worked fine (including my win 10 nslookup).
The domains I talked about are actually blocked. But the request type (SRV) is not blocked by pi-hole.
For me, every question is now answered and everything works as it should. Case closed thanks jfb
