Pi-Hole is connected but doesn't seem to block onsite ads

Luna · September 26, 2024, 12:20pm

The issue I am facing:

It looks like Pi-hole receives request from my pc and responds to them, I can block domains (adding as wildcard to the blacklist) and it blocks them but every possible ad on the website is still shown (I have added many adlists that are getting updated and are dedicated for my country) also local dns and pi.hole work. There are queries blocked but every ad on the website is still visible the moment I turn off my browser adblocker

Details about my system:

From what I can tell IPV6 is disabled on my network completely

PC:
I have set the DNS and did ipconfig /flushdns

ipconfig /all

   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.187(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, September 23, 2024 6:26:25 AM
   Lease Expires . . . . . . . . . . : Friday, September 27, 2024 8:50:36 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.6
                                       192.168.0.6

Proxmox:
Pi-Hole (192.168.0.6) is hosted on a Debian container, unbound (192.168.0.7) is hosted on another container (Alpine Linux) on the same network and the same proxmox node

DHCP is enabled on my router but Pi-Hole and also Unbound have ips 192.168.0.6 & 192.168.0.7 reserved permamently and added as a rule

What I have changed since installing Pi-hole:
Created a container for unbound then removed Pi-Hole container and installed it on a new one hole so technically nothing. Unbound still resolves requests - there is also wireguard on another container (Alpine Linux) that uses Pi-Hole local IP as a dns (192.168.0.6)

Debug token

https://tricorder.pi-hole.net/FSySRoU8/

Bucking_Horn · September 26, 2024, 12:43pm

From a client that you observe not blocking sites as expected, what is the output of the following commands:

nslookup pi.hole

nslookup flurry.com

nslookup flurry.com 192.168.0.6

Luna · September 26, 2024, 12:50pm

Here are the responses:

C:\Users\Luna>nslookup pi.hole
Server:  pi.hole
Address:  192.168.0.6

Name:    pi.hole
Addresses:  fe80::be24:11ff:fed2:ed16
          192.168.0.6


C:\Users\Luna>nslookup flurry.com
Server:  pi.hole
Address:  192.168.0.6

Name:    flurry.com
Addresses:  ::
          0.0.0.0


C:\Users\Luna>nslookup flurry.com 192.168.0.6
Server:  pi.hole
Address:  192.168.0.6

Name:    flurry.com
Addresses:  ::
          0.0.0.0

From what I can see the first nslookup answers with a ipv6? maybe I just don't have a public one. It never got detected and there is nothing about ipv6 in the router settings

When I disable blocking nslookup flurry.com responds with normal ip not 0.0.0.0, as I said the whole site gets blocked but any ads on site dont

Bucking_Horn · September 26, 2024, 1:10pm

Your nslookup results demonstrate that the client you ran them from is using Pi-hole for DNS, and that Pi-hole is blocking correctly when queried.

If you still can connect to blocked sites in your browser, then that could indicate an issue with your browser by-passing Pi-hole via DoT.

You should verify that DNS-over-HTTPS (DoT) is disabled in your browser.

Luna · September 26, 2024, 1:17pm

DNS-over-HTTPS is disabled in my browser same in windows settings.

I'm kinda confused by how it works, I can't connect to blocked sites (from blocked domains and adlists) but yet every ad on the website is displayed. Even though I use nearly the same lists like uOrigin for example and I disable uOrigin itself every ad is displayed even though pi-hole is still turned on

Bucking_Horn · September 26, 2024, 2:13pm

You can't use lists designed for uBO with Pi-hole. uBO works fundamentally different.

As a DNS filter, Pi-hole only ever receives DNS requests. It can filter your entire network's DNS traffic, regardless which device or software is making a request.
It can either block or allow a domain. In particular, that means that Pi-hole cannot block a domain that is used to play out contents as well as ads without blocking the contents also.

uBO is a browser extension that sees the complete HTTP request, i.e. it can filter on any resource element in the path, not just the domain, but it will only ever filter requests of the very browser that it's been installed into.

Thus, using both Pi-hole and uBO side by side complements each other.

Bucking_Horn · September 26, 2024, 2:42pm

If it would, then that would indicate that Pi-hole would have been by-passed, so you would not see any corresponding query in Pi-hole's Query Log.

Luna · September 26, 2024, 3:15pm

Okay so, if I were to go for example cnn site pi-hole should block it with the default adlist right?

Bucking_Horn · September 26, 2024, 3:41pm

I'm not privileged to know whether that 'cnn site' would happen to include ads from flurry.com.
In general, any website linking to that domain would have that domain blocked by Pi-hole, provided Pi-hole would receive the respective DNS request, and a blocklist with that domain is active in Pi-hole, and blocking is configured correctly, where the latter two have been confirmed by your nslookup result.

system · October 17, 2024, 3:42pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.