Pi-hole should be blocking ads across all devices on my network. I expect that when using Pi-hole as the DNS server, ads should not be displayed on websites or apps. The setup includes Pi-hole running alongside Unbound as the DNS resolver.
Operating System: Ubuntu 22.04.4 LTS
Actual Behaviour:
Ads are still being displayed across all devices. Initially, I was unable to access the internet when configuring my Pi-hole IP as the DNS server. After trying various solutions, I managed to restore internet connectivity, but Pi-hole does not seem to block ads at all. Additionally, I’ve noticed that port 53 is being used by Pi-hole, which is expected, but I’m wondering if there’s a conflict or other issue causing the ad-blocking to fail.
Here is the output from a dig command querying google.com through Pi-hole:
maxxi@vmi1635959:/$ dig google.com @pihole_IP
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> google.com @pihole_IP
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43958
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 275 IN A 142.250.102.113
google.com. 275 IN A 142.250.102.102
google.com. 275 IN A 142.250.102.100
google.com. 275 IN A 142.250.102.138
google.com. 275 IN A 142.250.102.139
google.com. 275 IN A 142.250.102.101
;; Query time: 0 msec
;; SERVER: pihole_IP#53(pihole_IP) (UDP)
;; WHEN: Mon Aug 19 21:41:47 CEST 2024
;; MSG SIZE rcvd: 135
hosted via a Rasbery pi with dietpi OS working fine
hosted via Truenas container
hosted on an ubuntu linux VM machine
1 works flawless but 2 and 3 dont get even most of the request i sendt to them and by that do not block them. Its like the Linux its catching them and responding to the request instead.
The way i have tested is was in windows with "nslookup [Webaddress] [ip of dns server / pihole]
when i send it to 1 i can see the querries going to the right nettwork and it responding as it should .. but 2 and 3 dont even log and DNSqueries even though i send it to them. Hence they are not blocking ads or websites as they should at all.
here is an example, itavisen.no is blocked on all piholes.
192.168.0.17 is the pihole, 192.168.6.199 is the VM with the latest linux server and pihole installed
it clearly looks like that 192.168.6.199 is responding correctly and the server name is also correct but it cleary gives a respond it should not because itavisen is also blocked there. But pihole query logs are empty because pihole has never recived a request.
i am not a linux user but this makes no sense to me at all
I've changed the Unbound port from 5335 to 5353 to see if it resolves the issue. However, I'm still experiencing the same problem where Pi-hole is not blocking ads. Any additional insights or suggestions would be greatly appreciated.
You are running an open resolver (which is a very bad practice) and you should close it as soon as possible.
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.
We do not support open resolvers because of the number of threats they impose for both the server and all others on the Internet.
If you are not running an open resolver by intention, block inbound port 53 on your router (or your cloud instance), and consider accessing your cloud-based Pi-hole via authenticated, secure VPN connections exclusively.
Your debug log shows that your Pi-hole is receiving DNS requests from public IP addresses.
As rdwebdesign has mentioned, you are running it as an open resolver, posing a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
You should close port 53 immediately.
A sensible use case of setting up Pi-hole in the cloud is to be exclusivly accessible for VPN clients via authenticated, secure VPN connections.
