Pi-hole not blocking ads

Hello there,

I recently discovered Pi-hole through one of Linus' videos and thought I would give it a try. I downloaded VirtualBox and installed an Ubuntu minimal system, on top of which I installed Pi-hole. All my management is done on the host laptop, since i allocated 512 MB of RAM to the VM. I usually try to diagnose issues myself based on random forum posts, but this time I hit a brick wall. My Pi-hole simply refuses to block ads.

My router/ONT is from the ISP, and does not have an option to assign a custom DNS, so if I want to use Pi-hole, I need to manually assign it to each device in the house. Here are the steps I took:

  1. even before installing Ubuntu minimal, I took the MAC address of the VM and went to my router properties, assigned a static IP address.
  2. I installed Pi-hole with the default settings, basically "next, next, next, finish"
  3. Went on the host computer and set the network adapter's preferred DNS the IP of the Pi-hole (although I don't think it's necessary because of next step). No secondary DNS set, so ads don't leak through.
  4. Disabled my router's DHCP, I am using Pi-hole DHCP. All my devices appear under Currently active DHCP leases and all of them can access the Pi-hole GUI. I also checked Listen on all interfaces.
  5. ipconfig /all correctly displays the DNS server and DHCP server. The default Gateway is my router's IP.
  6. Results from nslookup pi.hole:
    Server: UnKnown
    Address: fe80::1

*** UnKnown can't find pi.hole: Non-existent domain
7. Results from nslookup pi-hole.net:
Server: UnKnown
Address: fe80::1

Non-authoritative answer:
Name: pi-hole.net
Addresses: 2604:a880:400:d0::1071:1
206.189.252.21
8. Restarted router and every device in the house.
9. Ran pihole -g -f from the client, I updated Gravity from the GUI as well.
10. Played a bit with some/all of the Upstream DNS Servers.
11. Did ipconfig /release, /flushdns, /renew
12. ubuntupit.com speedtest.net and ads-blocker.com all show ads.
13. My debug token is: https://tricorder.pi-hole.net/nm6avpiqbh

I kinda ran out of ideas on what to try next, any help would be greatly appreciated.

From what device was this command run? From the Pi-hole host terminal, or from a different client on the network?

Your debug log shows that Pi-hole is working and that DNS queries have been received from 9 clients, and about 22% were blocked by Pi-hole. This shows that ads should be being blocked.

   [2020-03-13 21:44:45.271 574] Imported 7335 queries from the long-term database
   [2020-03-13 21:44:45.271 574]  -> Total DNS queries: 7335
   [2020-03-13 21:44:45.271 574]  -> Cached DNS queries: 1275
   [2020-03-13 21:44:45.271 574]  -> Forwarded DNS queries: 3903
   [2020-03-13 21:44:45.271 574]  -> Exactly blocked DNS queries: 2157
   [2020-03-13 21:44:45.272 574]  -> Unknown DNS queries: 0
   [2020-03-13 21:44:45.272 574]  -> Unique domains: 804
   [2020-03-13 21:44:45.272 574]  -> Unique clients: 9
   [2020-03-13 21:44:45.272 574]  -> Known forward destinations: 9

What catches my eye is the 9 forward destinations, when you have only 1 upstream DNS selected. What is the output of these commands from the Pi-hole host terminal:

echo ">forward-dest" | nc localhost 4711

echo ">top-clients withzero (15)" | nc localhost 4711

echo ">top-ads" | nc localhost 4711

Hi,

I think I got my terminology wrong. For example, at step 3 i mentioned "host computer", but I was referring to the laptop that hosts the VM. But in this case, it should be referred to as a client, since it gets the network seeting from the Pi-hole VM. Sorry for the misunderstanding. I will try to be more specific than "host" or "client"
To answer your question, I ran the command on the laptop.
Running it from the Ubuntu VM that has the Pi-hole:

sorin@ubuntu:~$ nslookup pi.hole
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	pi.hole
Address: 192.168.100.25
Name: pi.hole
Address: 2a02:2f0b:b715:2400:a00:27ff:fe86:619d
sorin@ubuntu:~$ nslookup pi-hole.net
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
Name:	pi-hole.net
Address: 206.189.252.21
Name: pi-hole.net
Address: 2604:a880:400:d0::1071:1
sorin@ubuntu:~$ echo ">forward-dest" | nc localhost 4711
-2 27.57 blocklist blocklist
-1 17.14 cache cache
0 22.08 8.8.8.8 dns.google
1 21.36 8.8.4.4 dns google
2 5.16 4.2.2.1 a.resolvers.level3.net
3 4.08 1.1.1.1 one.one.one.one
4 2.14 1.0.0.1 one.one.one.one
5 0.21 149.112.112.11 dns11.quad9.net
6 0.16 84.200.70.40
7 0.08 149.112.112.10 dns10.quad9.net
---EOM---
sorin@ubuntu:~$ echo ">top-clients withzero (15)" | nc localhost 4711
0 3356 192.168.100.7
1 2112 192.168.100.3
2 446 127.0.0.1 localhost
3 369 192.168.100.213 desktop-qonv5am.lan
4 304 192.168.100.244
5 270 192.168.100.243
6 243 192.168.100.2
7 146 192.168.100.237
8 48 192.168.100.8
9 1 192.168.100.25 ubuntu
10 1 ::1 localhost
---EOM---
sorin@ubuntu:~$ echo ">top-ads" | nc localhost 4711
0 892 lcprd1.samsungcloudsolution.net
1 251 s.youtube.com
2 142 app-measurement.com
3 122 ads.samsungads.com
4 109 www.googleadservices.com
5 83 googleads.g.doubleclick.net
6 44 pagead2.googlesyndication.com
7 41 securepubads.g.doubleclick.net
8 38 s.click.aliexpress.com
9 35 graph.instagram.com
---EOM---

Did a pihole -r followed by sudo reboot and pihole -g -f. Nothing changed.

All this appears normal. Please provide a URL and screen capture of a situation where you are seeing ads, along with the IP address of that client.

You can post the screen capture directly into a reply.

The laptop that is hosting the Pi-hole: IP 192.168.100.213. It is listed as active DHCP lease.




Use these tools to determine if the ads can be blocked, and if so, which domains need to blocked.

It's not a question of IF the ads can be blocked. I know for a fact that they can. I disabled my browser based ad blocker to test Pi-hole. As soon as i re-enable it, ads get blocked. Besides, I also tried with a system-wide ad blocker (AdGuard) and it can block ads even in apps from the Windows Store. Additionally, I added entries in the host file from MoaAB (https://forum.xda-developers.com/showthread.php?t=1916098). Again, ads get blocked.
The biggest advantage of running Pi-hole and what sold me to it is that you can block ads on devices that don't support ad blocking, like smart TVs.