Pi-hole not blocking ads, but queries are hitting and supposely blocked

Help docker
1

Hi guys, sorry for posting another topic about this, but since none of what i found resolved my problem, here it goes.

I have a ARM board that is currently running armbian 22.08 and the pi-hole is running in a docker container.

Some acknowledges to help us find the problem:

  • The board is connected to the router and it's IP is 192.168.1.80.
  • The router is currently configured as the following:
    image
    image461×324 33.7 KB

    image
    image491×368 37.9 KB
  • The docker-compose.yaml is setup as the following:
version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'Europe/Lisbon'
      FTLCONF_LOCAL_IPV4: 192.168.1.80
    volumes:
       - './etc-pihole/:/etc/pihole/'
       - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 127.0.0.1
      - 1.1.1.1
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
  • I didn't change any DNS configuration in any of my devices (so it can be setup for what's defined on the router)
  • ipconfig /all:
Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:8a0:e406:6d01:526a:3bf7:79e5:fbe6(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:8a0:e406:6d01:30a0:9d9a:3e94:e8a5(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:8a0:e406:6d01:d12c:9f1b:c976:52bb(Deprecated)
   Link-local IPv6 Address . . . . . : fe80::aa3a:2f0d:d5a6:af2f%27(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::c6ea:1dff:fe6a:4754%27
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 330329791
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-72-39-1D-B0-6E-BF-CD-53-E0
   DNS Servers . . . . . . . . . . . : fe80::c6ea:1dff:fe6a:4754%27
                                       192.168.1.254
                                       192.168.1.80
   NetBIOS over Tcpip. . . . . . . . : Enabled
  • /etc/resolv.conf on ARM board (outside container)
# Generated by NetworkManager
search lan
nameserver 192.168.1.254
nameserver 192.168.1.80
nameserver fe80::c6ea:1dff:fe6a:4754%eth0
  • /etc/resolv.conf on container
search lan
nameserver 127.0.0.11
options ndots:0

After setting the whole environment, I went to test if pi-hole was working properly using these websites:

The result was not what I was expecting since the queries appeared on pi-hole as been blocked but I still got the ads on both websites.

image
image988×763 96.3 KB

I also performed the debug log and it can be found here: https://tricorder.pi-hole.net/U86zaiXL/

I don't know if this is too much information or if we need more to get to the solution.
Hope I followed the forum guidelines and sorry if I miss something since I'm new here.

Best Regards,
Jorge Moreira

2

Pi-hole has to be the sole DNS server for your network.

Your router is both distributing its own IPv4 address as local DNS server via DHCP as well as advertising its IPv6 address via NDP/RA.

This will allow clients to by-pass Pi-hole via your router.

In addition to changing your router's DHCP server configuration, you'd also have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server instead of its own.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.

If your router doesn't support that either, your clients will always be able to bypass Pi-hole via IPv6.

1 Like