Pi-Hole Not Blocking Ads on Clean Install with Asus router

Hey there!
I have just installed Pi-Hole on a fresh install of Raspbian Jessie-Light on my Pi 3. I am currently connected to the internet via Ethernet and I have installed and configured Pi-Hole correctly. I can see things being Pi-holed in the query log, as well as seeing devices in the top clients table. https://i.zelakto.tv/fcVnb5O.png

However if I access a site like reddit.com, or cnn.com, I do not see ad's being blocked. I have flushed my DNS in Windows, tried multiple devices, and cleared my cookies.

Currently, I have the DNS in my router (Asus RT-AC5300) set to the Pi (192.168.1.179). Just to confirm my IP address is set to my Pi:

Any help would be greatly appreciated. I have also run the debug command, and my token is dteh7ehmlv. Thank you for your time.

On the Windows station, what is displayed when you do below in a cmd prompt:

  • Am only interested in the "DNS Server(s)" line.

    C:>ipconfig /all
    Windows IP Configuration
    DNS Servers . . . . . . . . . . . : 10.0.0.8

Is it only displaying the Pi-Hole IP addres or are there others ?

                                       192.168.1.179
                                       192.168.1.1```

Sigh.. I figured it out. Turns out I'm just dumb.

My issue was that I was configuring this in my LAN > DHCP settings in my router:

When in reality, I didn't notice there was a DNS setting in WAN > Internet Connection.

Sorry about that, thanks for the time and sorry for the inconvenience. If you want, mark this as solved, or just delete it. Either works. Have a good day! :smiley:

Edit: Seems like I have to have both set to the Pi for it to work correctly.

What if you disconnect ethernet and reconnect after few seconds on the Windows station ?
Is the "ipconfig /all" command now displaying only one DNS server namely that of Pi-Hole ?
If not, you still gonna have troubles with ads sometimes blocking and sometimes not.

Sadly, it still shows up. I've also tested it on my laptop as well, and it shows the same IP addresses for the DNS server. However it seems to be working quite successfully, but I do understand your concern. Is there anything you'd recommend at this point?

Well you're doing it in a weird way that seems to fix an annoying behaviour of some or maybe all Asus routers.
What I can read from your posts, it seems like your clients now have 2 path's for DNS resolution:

  1. [Client] --> [Pi-Hole] --> [Google DNS] --> [Root servers]
  2. [Client] --> [Asus] --> [Pi-Hole] --> [Google DNS] --> [Root servers]

Your not suppose to offer the router as an DNS resolver to the clients (only Pi-Hole).
But the annoying thing about my Asus router is that besides the DNS server configured in the Asus DHCP server settings, the router always pushes, via DHCP, its own DNS service too.
This means the clients will always receive the Asus routers IP address for DNS resolution plus the one configured in the DHCP server settings.
If you were to default your routers WAN DNS setting, you would have this situation:

  1. [Client] --> [Pi-Hole] --> [Google DNS] --> [Root servers]
  2. [Client] --> [Asus] --> [DNS from your modem] --> [ISP DNS] --> [Root servers]

That would mean that the second path wont resolve using Pi-Hole so about half of the time, ads will be displayed.
You just lucky you set it up this way without knowing about the Asus annoyance I have.
But most importantly, it works :slight_smile:
Keep in mind that your stats will be off now as about half of the requests processed by Pi-Hole will be coming from your router.

You could test responses from both DNS services (path's) with the nslookup command in a command prompt like so:

nslookup pi.hole 192.168.1.1
&
nslookup pi.hole 192.168.1.179

Both should resolve to the same IP address 192.168.1.179.

Ohw Ps. remove the second DNS server 8.8.8.8 in your routers WAN DNS Settings or else you got a split path again that wont resolve via Pi-Hole!

  1. [Client] --> [Asus] --> [Google DNS] --> [Root servers]

I changed title of this thread into below to make it easier for others with similar Asus issues ... if you dont mind ?

"Pi-Hole Not Blocking Ads on Clean Install with Asus router"

What might be a simpler solution is to use your pihole as your DHCP server. That way, when it sends DHCP responses, it will set itself as the DNS server. That way you don't need to worry about the config of your router.

1 Like

I agree.
And the stats displayed on the web gui would be accurate again.

Thanks very much. I flashed my asus router w/ LEDE and thought I had reconfigured everything properly, but noticed I was still getting ads. Your post made me realize I had set the DNS in LAN instead of WAN same as you did. Things are in order now. Noted to put pihole DNS in WAN settings from now on.

Where did I say that ?
As soon as I noticed the Asus router pushing its own DNS server whatever setting I applied, I switched to the Pi-Hole provided DHCP service.
And that is what me and @gmrza trying to tell you to do as well.
Running it the way you have now is, for example, not giving you accurate stats on the web GUI.
About half of the queries will come from your router and the others from your clients.

FYI, just received this from the Security Focus mailing list:

If your Asus router is on the list, better update your firmware!