Pi-Hole forwards requested IP to wrong recipient IP

Help
1

Hi Guys,

as I am german please be indulgent with my english skills.
But I hope to reach more specialists and maybe developers when writing in english.

Lets start:

Maybe important to know

Yesterday I installed PiVPN (GitHub - pivpn/pivpn: The Simplest VPN installer, designed for Raspberry Pi) in order to use Wireguard encrypted VPN to access my network from everywhere by smartphone.
It is fully script based and does the installation and configuration on its own.
Maybe this has changed something on my Pi-Hole?
When I installed it, PiVPN asked to use Pi-Hole as DNS Server for the VPN connection (so it detected the already installed Pi-Hole). I said yes.

Expected Behaviour:

Pi-Hole sends the answer to the IP that requested the DNS - always.

Actual Behaviour:

When starting my iPhone YouTube app (or when opening youtube.com with firefox on my computer) Pi-Hole sends the answer to the wrong IP (to my router ; FritzBox 7590) - not to the device that asks for the DNS / IP. Other requests work fine (as I can say for now)!

2021-05-20 13_27_40-Pi-hole - pihole
2021-05-20 13_27_40-Pi-hole - pihole1466×762 95 KB

What else should I mention:

One of the smartphones used in this household can connect using wifi to the Network. But somehow it has no internet. The other devices work well (except the youtube problem) as I can figure out for now.

Also important is to know that the Router is the DNS Server as he provides DNS Servers that don't collect data etc. I followed this manual (in german):

Debug Token:

https://tricorder.pi-hole.net/0poqmxhxpx

2

I think there may be some confusion in terminology here.

The Forwarded to... message is the IP address of the upstream dns server, which you have set as 192.168.2.1.

The result is then returned to the requesting client

Simply put:

  • 192.168.2.220 wants to know the IP address for mobile-gtalk.l.google.com
  • 192.168.2.220 sends a request to your Pi-hole 192.168.2.70
  • Pi-hole does not know the IP address for mobile-gtalk.l.google.com, so it forwards the request onto the upstream server 192.168.2.1
  • 192.168.2.1 returns the IP address to your Pi-hole 192.168.2.70
  • 192.168.2.2=70 returns the IP address to the requesting client 192.168.2.220

If I've wildly misunderstood your query, please let me know :slight_smile:

3

But just to add a note here, you should ask the PiVPN team if they have anything in their script that changes Pi-hole settings. We are not as familiar with their script as they are :wink:

4

Well I fought a few minutes now but I am not smart enough to quote as elegant as you :smiley: .
So I have to answer like this:

Your first post:
Ahhh so I missunderstood. Thanks for your explanation.
In general: Thanks for that quick response - even from a developer. Amazing!
This is not what I am used to :smiley: .

Your second post:
Of course I would. This was my second idea but I thought you can quickly find the trouble when watching the debug token.

Now I have to add something so you better understand me:
The problem was for me that YouTube didn't work. It started the "frame" so that you can see the rows and colums of the "have a look here"-section. But all images, previews and so on where white. It just didn't load. On my iPhone it even was worse. I got a blank page with a few text saying there are problems and i can click to try again.

Now hold on tight:
I did a reboot on the FritzBox, the attached Switch and the Raspberry Pi which is connected to the switch. Now it works fine. I can't understand what happened. After installation of PiVPN I did reboot all the devices (the Pi several times). It didn't help. Now it works and i am a little afraid that the error will come back.

5

image
image694×107 6.24 KB

Simply highlight the text you wish to quote, and then hit the "quote" button :slight_smile:

So, looking through your debug log, I notice you have quite a lot of adlists added to your Pi-hole. No harm in this, of course, but it could just be that you are being overly aggressive with your blocking tactics.

I haven't tried blocking ads on Youtube in a long time, as I opted to go with Youtube premium (which I personally think is worth the money , but that's another conversation for another time!) But I do know that the following will have little to no effect (and possibly even prevent normal videos from loading)

*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)
   id    type  enabled  group_ids     domain                                                                                                date_added           date_modified        comment                                           
   ----  ----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1        3        1  0             r[0-9-]-sn-[a-z0-9]-[0-9a-z]{4}.googlevideo.com                                                       2020-10-23 12:53:01  2020-12-02 11:10:10  YouTube Werbung 1                                 
   2        3        1  0             ^r[0-9-]-sn-[a-z0-9]-[0-9a-z]{4}.googlevideo.com                                                      2020-10-23 15:04:47  2020-12-02 11:10:19  YouTube Werbung 2

For youtube blocking you have three options:

  • Use a browser blocker (uBlock origin etc)
  • Use a modded mobile application (Vanced on android - not sure about iPhone)
  • Pay for it (:smirking_face:)

It's possible, of course, that one of your many blocklists updated and included some domains it should not have. This may have been spotted by the list maintainer and sorted out the next time your Pi-hole updated the lists (usually happens automatically once a week on a Sunday)

6

It works :smiley: . Thanks for the tipp.

In fact there are a some lists. But until now I never had problems when using them. But I found some dead lists that I deleted now. Are there some well maintained lists that are recommended? I just searched using startpage (trying to avoid google) and used what I found.

A few months ago I tried to avoid YouTube ads. There were more Regex rules and so on. But no chance. Nothing worked - like you said. I wonder why I still have these two rules. But until now I had no problems using YouTube - with ads. So the two rules doesn't help at all and will be deleted.

I need to have a look at uBlock etc.
Never heard from vanced - have to look for some iOS alternative.
Update: Seems that Brave Browser works good. For all interested:
https://apps.apple.com/de/app/brave-browser-private-internet/id1052879175
Paying would be OK but not at that price. But as you said: another discussion.

This will probably be the most likely explanation.
Anyway. Thank you for your quick response.
You helped me a lot - also to understand the forward issue.

7

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.