Expected Behaviour:
Pihole blocking ads like it had been for a year or more.
Actual Behaviour:
Around 2 months or so back I started seeing ads start getting through. Not many but just intermittently I would see a solitary ad on a page. Over time it has gotten progressively worse and now am at the point where it is blocking what appears to be nothing. I’ll use CNN as an example.
CNN has ads sprinkled throughout their site pages. Ads in the main body of page and down the right sidebar just loads of ads.
Set up the Pihole and it wiped out all the ads. The only thing showing was white space where ads would be. Worked great. About 2 months ago as described above I might see an ad on CNN but not the full load of ads.
Now, it is showing all the ads as if Pihole did not exist.
I do not really understand what is going on because the Dashboard says it is functioning fine and just looking at the dashboard it says it is working fine. I have done nothing programmatically that would cause this. I update gravity periodically and I update Pi OS routinely and other than that I do not understand what is going on. I have had events in the past where blocking quit but in all those instances Pi-Hole had quit running and when I restarted Pi-Hole it started blocking just fine. This somewhat gradual loss of blocking has me baffled
Debug Token
https://tricorder.pi-hole.net/5Asd4lc4/
Your debug log shows two devices (both Netgear(?)) to each advertise their own IPv6 LLA as DNS server:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 6 seconds)
Scanning all your interfaces for DHCP servers and IPv6 routers
* Received 88 bytes from fe80::ca<redacted>8 @ eth0
(…)
Recursive DNS server 1/1: fe80::ca<redacted>8
DNS server lifetime:1200 sec
* Received 64 bytes from fe80::2a<redacted>a @ eth0
(…)
Recursive DNS server 1/1: fe80::2a<redacted>a
DNS server lifetime:1800 sec
This would allow IPv6 clients to by-pass Pi-hole via those IPv6 LLAs.
Assuming both LLAs would belong to your (Netgear?) router, probably to its wifi and ethernet interfaces, you'd have to find a way to configure your router to stop advertising its own IPv6 as DNS server, or to advertise your Pi-hole host machine's IPv6.
You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.
If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether, provided you'd not depend on IPv6 for reasons.
If your router doesn't support that either, your IPv6-capable clients will always be able to bypass Pi-hole via IPv6.
You could then try to mitigate this, by setting Pi-hole as the only upstream of your router, provided your router supports it.
But note that you won't be able to attribute DNS requests to original individual IPv6 clients in such a configuration.
Since I am somewhat ignorant about the vagaries of of servers I do feel good that I was somewhat on the right track. How to address it is an entirely different matter.
My router is a Netgear RAX70 and I had been wondering if this was tied to IPV6 and if I was bypassing Pihole by way of IPV6.
There is only one router device, the RAX70. I’ll attach these pictures because when I look at the IPV6 tab in the router settings, it asks about a IPV6 DNS but I do not know how to find or create the dns addresses for IPV6. I have looked on the pihole help help pages but have not found anything so far.
I feel like I need to swap to “Use these DNS Servers” rather than “Get automatically from ISP” and fill in the Primary and Secondary DNS lines but what and where do I get the numbers because the numbering scheme is different than IPV4
The physical setup is I have a Netgear dedicated cable modem with coax into modem ethernet cable from modem to RAX70. Ethernet cable from RAX70 to a Netgear switch and the devices near enough to the switch I have connected via ethernet cable. The rest use wifi
Pi-hole needs a stable IP, so you should avoid temporary addresses and also GUAs (range 2000::/3).
When run from your Pi-hole machine, the following command lists all its non-temporary IPv6 addresses:
ip -6 address show eth0 -temporary
You could then use either one of its ULA (range fd00::/8) or LLA (range fe80::/10) addresses and configure that as DNS server in your router.
I'm not familiar with Netgear routers at all, but your screenshots look like configuring the DNS servers your router itself would use, i.e. your router's upstream DNS servers.
That'll catch any by-passes, but as explained, you won't be able to attribute DNS requests to original individual IPv6 clients in such a configuration.
It would be preferred if you could instead configure your router to not advertise any IPv6 addresses for DNS at all, or one of your Pi-hole machine's IPv6.
Commonly, that's a LAN/DHCP kind of option.
What you are seeing is what the router has preconfigured into those locations. I did not enter any of that.
I’m going through the Router device lists router right now removing phantom devices. and assigning static IP addresses to everything but the IOT devices are hard to identify even using MAC Address lookup tools.
One of the items that seems to happen on the initial power up of a new Pi is it seems to immediately start broadcasting wifi even though that Pi was powered up with an ethernet cable in the port.
That is where the phantom devices are born. Router sees that wifi signal, then sees the ethernet connection so instead of the single ethernet IP there is also listed a wifi for the same device.
Why that?
And how does that relate to your Pi-hole being by-passed?
It wouldn't match any of my recommendations.
Continuing the discussion from Pi-Hole Functionality has decayed to no blocking:
I am still trying to sort this out. I did a Google search on the the following “how to configure a netgear router to use pi-hole”
Not being an IT professional, I find the Netgear router I own needlessly complicated with what seems like dozens and dozens of settings. That prompted the above search.
I came across this in the Netgear community forum and wanted to ask if you are familiar with this issue. My Netgear router DNS is set to the Pi-Hole which this says is wrong. The bottom picture seems like a less wordy explanation of the top picture.
It's not really wrong, but if you set Pi-hole on the Internet > DNS option, only your router will be seeing on Pi-hole web interface.
All devices will use the router as DNS server and only the router will use Pi-hole.
As far as I know, most Netgear routers only allow to set the DNS server on the Internet > DNS option. You probably will need to use Pi-hole as DHCP server.
I went and really started digging into this today and came across that article.
I would note that I am only seeing blocked queries for two devices.
172.16.0.1 which is my router. There are thousands of these things and they all appeared to come from two domains. mobile.events.data.microsoft.com and mobile.pipe.aria.microsoft.com
The other device is my TV. The Pi-Hole dashboard tells me there are only two configured clients, the router and my TV. The sites that came from the TV that were blocked (I think) were what I have historically seen as ad sites. I grabbed this one as representative googleads.g.doubleclick.net
This Netgear router has been a source of frustration for me since I bought it. There must be dozens of settings on the thing, almost all of which I do not really understand.
Could you perhaps recommend a couple of routers/brands that are more user friendly. The help and documentation is really lacking and I am about disgusted. I have had other Pi-Hole setups with different router brands and have not had anywhere near the problems this netgear router has given me. Mostly because there are way to many settings that do not translate over to the Pi-Hole documentation. Pi-Hole documentation is fine, it is the lack of documentation on the netgear side.
My only Netgear Router experience is the now very old and probably EOL model R7000 which was pretty straightforward even after the webGUI completely changed at some point.
Could you post a screenshot of the mentioned Settings webpage above where they tell you to Disable the DHCP Server ?
The LAN DNS Server IP Addresses should be on that webpage too! 
