The new Debug Token: https://tricorder.pi-hole.net/g0ksu2mgxt
Seems your Pi-hole does not receive DNS packets.
Let's check if your RPi is receiving these requests at all.
We need tcpdump on your RPi machine running Pi-hole for this (click for details)
If tcpdump isn't already installed, do so by executing the following commands from an RPi terminal:
sudo apt-get update
sudo apt-get install tcpdump
From your Pi-hole RPi, execute the following:
sudo tcpdump -c 14 -n udp port 53
Then, from your Windows PC, issue the following:
nslookup www.google.com 192.168.178.46
Once issued, you should see some lines appearing on your RPi.
tcpdump will finish executing as soon as having received 14 packets (as per -c 14).
Alternatively, you can always press <CTRL> <C> to cancel execution of tcpdump.
Does tcpdump register any activities for your nslookup ?
It does register activities now. While the PC still gets time outs, this will show on the Raspberry now:
pi@raspberrypi:~ $ sudo tcpdump -c 14 -n udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:28:17.503831 IP 192.168.178.30.52065 > 192.168.178.46.53: 1+ PTR? 46.178.168.192.in-addr.arpa. (45)
18:28:19.505806 IP 192.168.178.30.52066 > 192.168.178.46.53: 2+ A? www.google.com.fritz.box. (42)
18:28:21.508378 IP 192.168.178.30.52068 > 192.168.178.46.53: 3+ AAAA? www.google.com.fritz.box. (42)
18:28:23.509524 IP 192.168.178.30.52069 > 192.168.178.46.53: 4+ A? www.google.com. (32)
18:28:25.511344 IP 192.168.178.30.52071 > 192.168.178.46.53: 5+ AAAA? www.google.com. (32)
On a network level, your RPi is receiving DNS requests from your PC.
But nothing on your RPi is reacting to these requests (as tcpdump did not register any packets for the reverse direction), which is concludent with us observing the absence of any requests in pihole.log.
I am going to run out of ideas shortly 
It seems unlikely that another DNS resolver would interfere, as we have verified earlier that port 53 was bound to pihole-FTL only.
Nonetheless: Are you aware of any other DNS resolvers running on your RPi?
And also, what is the content of your resolv.conf ?
nano /etc/resolv.conf
EDIT: And as I don't have access, it would be good to know if @jfb has spotted any anomalies in your debug log.
nameserver 127.0.0.1
This is the only one in the resolv.conf
Actually.. now that you're talking about other resolvers... Does no-ip interfere with Pi Hole?
The nameserver setting in your resolv.conf reads ok.
Mine contains the following line in additon:
search fritz.box
Not sure what you mean by no-ip.
If you are referring to the DynDNS provider of that name:
DnyDNS itself should not interfere with your Pi-hole's operation, as that is happening outside of your local network.
Yet if you have installed some client software on your RPi, it may or may not interfere. I am not familiar with that product.
No-IP is the program for DynDNS yeah. I don't think it should interfere with it though to be honest... Doesn't make sense anyway, since I can connect on my phone still.
Do you have any other clients on your network that you could run
nslookup www.google.com 192.168.178.46 from?
I can try on my father's laptop tomorrow. Apart from that there's nothing else i can test it on.
Not yet:
Maybe your firewall is dropping packets.
Did you setup firewall rules on your RPi when installing Apache webserver?
What does the following command yield on your RPi ?
sudo iptables -L
I'm not sure about the firewall rules. I did make some firewall rules, not sure if it was for apache though.
The iptables spams my console with a bunch of REJECTs:
pi@raspberrypi:~ $ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 96-75-59-189-static.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- pool-96-225-97-102.nwrknj.fios.verizon.net anywhere reject-with icmp-port-unreachable
REJECT all -- 95.9.176.177.static.ttnet.com.tr anywhere reject-with icmp-port-unreachable
REJECT all -- static-124-118-60-95.ipcom.comunitel.net anywhere reject-with icmp-port-unreachable
REJECT all -- host16-118-dynamic.251-95-r.retail.telecomitalia.it anywhere reject-with icmp-port-unreachable
REJECT all -- dynamic-adsl-94-34-156-42.clienti.tiscali.it anywhere reject-with icmp-port-unreachable
REJECT all -- bulgartel.bg anywhere reject-with icmp-port-unreachable
REJECT all -- 93-41-223-197.ip83.fastwebnet.it anywhere reject-with icmp-port-unreachable
REJECT all -- 104.ip-92-222-91.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 86.ip-92-222-86.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 91.236.116.214 anywhere reject-with icmp-port-unreachable
REJECT all -- 194.33-183-91.adsl-static.isp.belgacom.be anywhere reject-with icmp-port-unreachable
REJECT all -- 91.145.17.125 anywhere reject-with icmp-port-unreachable
REJECT all -- ip129.ip-91-134-145.eu anywhere reject-with icmp-port-unreachable
REJECT all -- qkdreyer.dev anywhere reject-with icmp-port-unreachable
REJECT all -- 90-230-32-76-no78.tbcn.telia.com anywhere reject-with icmp-port-unreachable
REJECT all -- 89-212-131-14.dynamic.t-2.net anywhere reject-with icmp-port-unreachable
REJECT all -- 89.107.129.94 anywhere reject-with icmp-port-unreachable
REJECT all -- hostby.fcloud.biz anywhere reject-with icmp-port-unreachable
REJECT all -- bou91-1_migr-88-176-68-132.fbx.proxad.net anywhere reject-with icmp-port-unreachable
REJECT all -- lfbn-orl-1-1182-21.w86-244.abo.wanadoo.fr anywhere reject-with icmp-port-unreachable
REJECT all -- host86-148-255-252.range86-148.btcentralplus.com anywhere reject-with icmp-port-unreachable
REJECT all -- host86-143-133-138.range86-143.btcentralplus.com anywhere reject-with icmp-port-unreachable
REJECT all -- aa75.kobe.ba.cust.gts.sk anywhere reject-with icmp-port-unreachable
REJECT all -- c-df85e655.03-131-6c756e3.bbcust.telenor.se anywhere reject-with icmp-port-unreachable
REJECT all -- h2832605.stratoserver.net anywhere reject-with icmp-port-unreachable
REJECT all -- 84-255-243-12.static.t-2.net anywhere reject-with icmp-port-unreachable
REJECT all -- 84-236-64-163.pool.digikabel.hu anywhere reject-with icmp-port-unreachable
REJECT all -- bzq-84-108-40-223.cablep.bezeqint.net anywhere reject-with icmp-port-unreachable
REJECT all -- bpc142.neoplus.adsl.tpnet.pl anywhere reject-with icmp-port-unreachable
REJECT all -- access2.systemstats.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- lfbn-ncy-1-282-227.w83-196.abo.wanadoo.fr anywhere reject-with icmp-port-unreachable
REJECT all -- 82.200.204.254 anywhere reject-with icmp-port-unreachable
REJECT all -- friends.place anywhere reject-with icmp-port-unreachable
REJECT all -- 50.82-134-26.bkkb.no anywhere reject-with icmp-port-unreachable
REJECT all -- cpc116828-kemp8-2-0-cust3561.9-2.cable.virginm.net anywhere reject-with icmp-port-unreachable
REJECT all -- cpc134538-amer4-2-0-cust88.know.cable.virginm.net anywhere reject-with icmp-port-unreachable
REJECT all -- 81.95.232.238.b2b.sarkor.uz anywhere reject-with icmp-port-unreachable
REJECT all -- 78-27-124-225.bb.dnainternet.fi anywhere reject-with icmp-port-unreachable
REJECT all -- 78.187.35.146.dynamic.ttnet.com.tr anywhere reject-with icmp-port-unreachable
REJECT all -- primary.leadgeneration.online anywhere reject-with icmp-port-unreachable
REJECT all -- static.kpn.net anywhere reject-with icmp-port-unreachable
REJECT all -- ip4da35d17.direct-adsl.nl anywhere reject-with icmp-port-unreachable
REJECT all -- rrcs-76-79-74-58.west.biz.rr.com anywhere reject-with icmp-port-unreachable
REJECT all -- 74-92-107-149-Philadelphia.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- pool-74-110-139-157.rcmdva.fios.verizon.net anywhere reject-with icmp-port-unreachable
REJECT all -- c-73-63-68-254.hsd1.ut.comcast.net anywhere reject-with icmp-port-unreachable
REJECT all -- c-73-168-125-223.hsd1.in.comcast.net anywhere reject-with icmp-port-unreachable
REJECT all -- jnqrpq0607w-lp140-01-70-31-218-5.dsl.bell.ca anywhere reject-with icmp-port-unreachable
REJECT all -- chowm.ceumbrolatsm.com anywhere reject-with icmp-port-unreachable
REJECT all -- 2.ip-66-70-191.net anywhere reject-with icmp-port-unreachable
REJECT all -- 66.170.181.239 anywhere reject-with icmp-port-unreachable
REJECT all -- 64.122.244.195 anywhere reject-with icmp-port-unreachable
REJECT all -- ip-62-245-121-11.net.upcbroadband.cz anywhere reject-with icmp-port-unreachable
REJECT all -- 62-210-85-56.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 62-210-252-137.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 62-210-170-26.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- vpn2.company.local anywhere reject-with icmp-port-unreachable
REJECT all -- 61.85.28.79 anywhere reject-with icmp-port-unreachable
REJECT all -- 61.8.73.166 anywhere reject-with icmp-port-unreachable
REJECT all -- 61.78.107.30 anywhere reject-with icmp-port-unreachable
REJECT all -- 59.21.162.229 anywhere reject-with icmp-port-unreachable
REJECT all -- 59.14.195.50 anywhere reject-with icmp-port-unreachable
REJECT all -- 58.218.66.88 anywhere reject-with icmp-port-unreachable
REJECT all -- 79.ip-51-254-219.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 050-089-051-107.res.spectrum.com anywhere reject-with icmp-port-unreachable
REJECT all -- cable-5-28-64-140.cust.telecolumbus.net anywhere reject-with icmp-port-unreachable
REJECT all -- 5.255.68.179 anywhere reject-with icmp-port-unreachable
REJECT all -- 89.ip-5-196-226.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 5.188.10.76 anywhere reject-with icmp-port-unreachable
REJECT all -- 5.188.10.185 anywhere reject-with icmp-port-unreachable
REJECT all -- 5.188.10.179 anywhere reject-with icmp-port-unreachable
REJECT all -- 5.101.40.97 anywhere reject-with icmp-port-unreachable
REJECT all -- 47-37-32-155.dhcp.unas.mo.charter.com anywhere reject-with icmp-port-unreachable
REJECT all -- 46.29.160.15 anywhere reject-with icmp-port-unreachable
REJECT all -- 46.246.61.89 anywhere reject-with icmp-port-unreachable
REJECT all -- 46.17.45.239 anywhere reject-with icmp-port-unreachable
REJECT all -- 233797.cloudwaysapps.com anywhere reject-with icmp-port-unreachable
REJECT all -- 45.119.212.105 anywhere reject-with icmp-port-unreachable
REJECT all -- 42.7.26.61 anywhere reject-with icmp-port-unreachable
REJECT all -- 42.7.26.60 anywhere reject-with icmp-port-unreachable
REJECT all -- 42.7.26.49 anywhere reject-with icmp-port-unreachable
REJECT all -- 42.7.26.15 anywhere reject-with icmp-port-unreachable
REJECT all -- 42-2-63-100.static.netvigator.com anywhere reject-with icmp-port-unreachable
REJECT all -- 42-2-151-238.static.netvigator.com anywhere reject-with icmp-port-unreachable
REJECT all -- 40.118.29.158 anywhere reject-with icmp-port-unreachable
REJECT all -- 37.49.225.93 anywhere reject-with icmp-port-unreachable
REJECT all -- 37-222-96-156.red-acceso.airtel.net anywhere reject-with icmp-port-unreachable
REJECT all -- ec2-34-247-163-85.eu-west-1.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all -- ec2-34-244-135-66.eu-west-1.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all -- 31.28.163.34 anywhere reject-with icmp-port-unreachable
REJECT all -- 23.236.125.12 anywhere reject-with icmp-port-unreachable
REJECT all -- 222.187.232.39 anywhere reject-with icmp-port-unreachable
REJECT all -- 221.229.204.122 anywhere reject-with icmp-port-unreachable
REJECT all -- 221.140.31.7 anywhere reject-with icmp-port-unreachable
REJECT all -- 220-135-98-198.HINET-IP.hinet.net anywhere reject-with icmp-port-unreachable
REJECT all -- 218.87.109.152 anywhere reject-with icmp-port-unreachable
REJECT all -- 122.30.65.218.broad.xy.jx.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all -- 218.156.234.143 anywhere reject-with icmp-port-unreachable
REJECT all -- 218.156.127.163 anywhere reject-with icmp-port-unreachable
REJECT all -- 218.106.244.72 anywhere reject-with icmp-port-unreachable
REJECT all -- host246-5-61-217.static.arubacloud.de anywhere reject-with icmp-port-unreachable
REJECT all -- 217.160.11.159 anywhere reject-with icmp-port-unreachable
REJECT all -- 212-83-168-76.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 211.253.8.140 anywhere reject-with icmp-port-unreachable
REJECT all -- 210.56.19.88 anywhere reject-with icmp-port-unreachable
REJECT all -- 209-163-172-211.static.ctl.one anywhere reject-with icmp-port-unreachable
REJECT all -- 207.96.66.252 anywhere reject-with icmp-port-unreachable
REJECT all -- 206.189.94.170 anywhere reject-with icmp-port-unreachable
REJECT all -- 203-154-45-96.northern.inet.co.th anywhere reject-with icmp-port-unreachable
REJECT all -- 201-048-016-201.static.algartelecom.com.br anywhere reject-with icmp-port-unreachable
REJECT all -- 201.160.179.223.cable.dyn.cableonline.com.mx anywhere reject-with icmp-port-unreachable
REJECT all -- static.customer-201-116-201-78.uninet-ide.com.mx anywhere reject-with icmp-port-unreachable
REJECT all -- firewall.nexchannel.cl anywhere reject-with icmp-port-unreachable
REJECT all -- server.stephan.priv.at anywhere reject-with icmp-port-unreachable
REJECT all -- WimaxUser-197-159-222-36.vipnet.ci anywhere reject-with icmp-port-unreachable
REJECT all -- 195.3.147.49 anywhere reject-with icmp-port-unreachable
REJECT all -- 150319-6201A.teremki.kiev.ua anywhere reject-with icmp-port-unreachable
REJECT all -- ptr.ruvds.com anywhere reject-with icmp-port-unreachable
REJECT all -- 194.113.106.161 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.32.163.66 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.32.163.34 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.241 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.236 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.218 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.216 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.214 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.212 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.208 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.206 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.199 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.12 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.201.224.109 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.169.124.36 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.164.7.69.static.ttnet.com.tr anywhere reject-with icmp-port-unreachable
REJECT all -- 193.106.29.154 anywhere reject-with icmp-port-unreachable
REJECT all -- 193.105.134.97 anywhere reject-with icmp-port-unreachable
REJECT all -- 192.34.60.79 anywhere reject-with icmp-port-unreachable
REJECT all -- 192.207.60.26 anywhere reject-with icmp-port-unreachable
REJECT all -- 191-124-40-47.bam.movistar.cl anywhere reject-with icmp-port-unreachable
REJECT all -- dslb-188-099-056-069.188.099.pools.vodafone-ip.de anywhere reject-with icmp-port-unreachable
REJECT all -- 188.92.77.235 anywhere reject-with icmp-port-unreachable
REJECT all -- 188.92.75.248 anywhere reject-with icmp-port-unreachable
REJECT all -- 188.92.75.240 anywhere reject-with icmp-port-unreachable
REJECT all -- bcde739b.skybroadband.com anywhere reject-with icmp-port-unreachable
REJECT all -- ip-188-127-4-64.ennet.pl anywhere reject-with icmp-port-unreachable
REJECT all -- 187-162-20-23.static.axtel.net anywhere reject-with icmp-port-unreachable
REJECT all -- dsl-187-150-231-78-dyn.prod-infinitum.com.mx anywhere reject-with icmp-port-unreachable
REJECT all -- 186.188.206.12 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.254.120.6 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.246.128.25 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.246.128.11 anywhere reject-with icmp-port-unreachable
REJECT all -- 626l.cn anywhere reject-with icmp-port-unreachable
REJECT all -- . anywhere reject-with icmp-port-unreachable
REJECT all -- 185.110.132.49 anywhere reject-with icmp-port-unreachable
REJECT all -- ip-185-108-209-125.ip.asarta.ru anywhere reject-with icmp-port-unreachable
REJECT all -- 185.100.222.110 anywhere reject-with icmp-port-unreachable
REJECT all -- static-182-18-151-5.ctrls.in anywhere reject-with icmp-port-unreachable
REJECT all -- 180.250.248.39 anywhere reject-with icmp-port-unreachable
REJECT all -- 179.176.141.83.dynamic.adsl.gvt.net.br anywhere reject-with icmp-port-unreachable
REJECT all -- 179-101-95-14.user.vivozap.com.br anywhere reject-with icmp-port-unreachable
REJECT all -- scelex.com anywhere reject-with icmp-port-unreachable
REJECT all -- 178.32.61.87 anywhere reject-with icmp-port-unreachable
REJECT all -- 178.162.201.79 anywhere reject-with icmp-port-unreachable
REJECT all -- 178.128.212.141 anywhere reject-with icmp-port-unreachable
REJECT all -- 214.17.92.177.static.copel.net anywhere reject-with icmp-port-unreachable
REJECT all -- 175.208.140.113 anywhere reject-with icmp-port-unreachable
REJECT all -- dynamic-adsl.viettel.vn anywhere reject-with icmp-port-unreachable
REJECT all -- 170.80.224.244 anywhere reject-with icmp-port-unreachable
REJECT all -- f8.a3.37a9.ip4.static.sl-reverse.com anywhere reject-with icmp-port-unreachable
REJECT all -- 163-182-175-86.static.as40244.net anywhere reject-with icmp-port-unreachable
REJECT all -- 163-172-127-23.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 162.105.28.7 anywhere reject-with icmp-port-unreachable
REJECT all -- 159.65.205.44 anywhere reject-with icmp-port-unreachable
REJECT all -- 159.203.36.38 anywhere reject-with icmp-port-unreachable
REJECT all -- 157.157.91.93 anywhere reject-with icmp-port-unreachable
REJECT all -- unassigned.quadranet.com anywhere reject-with icmp-port-unreachable
REJECT all -- mbpce-gw.customer.alter.net anywhere reject-with icmp-port-unreachable
REJECT all -- 151.106.12.219 anywhere reject-with icmp-port-unreachable
REJECT all -- 143.ip-145-239-95.eu anywhere reject-with icmp-port-unreachable
REJECT all -- ns538396.ip-144-217-71.net anywhere reject-with icmp-port-unreachable
REJECT all -- 143.225.87.198 anywhere reject-with icmp-port-unreachable
REJECT all -- 142-4-4-41.unifiedlayer.com anywhere reject-with icmp-port-unreachable
REJECT all -- 41.141-0-98.customer.lyse.net anywhere reject-with icmp-port-unreachable
REJECT all -- static.vnpt.vn anywhere reject-with icmp-port-unreachable
REJECT all -- static.vnpt.vn anywhere reject-with icmp-port-unreachable
REJECT all -- 139.219.110.130 anywhere reject-with icmp-port-unreachable
REJECT all -- 139.219.100.104 anywhere reject-with icmp-port-unreachable
REJECT all -- scan-8.security.ipip.net anywhere reject-with icmp-port-unreachable
REJECT all -- msslab13.mss.uni-erlangen.de anywhere reject-with icmp-port-unreachable
REJECT all -- 129.213.88.157 anywhere reject-with icmp-port-unreachable
REJECT all -- 129.21.105.15 anywhere reject-with icmp-port-unreachable
REJECT all -- 129.205.98.180 anywhere reject-with icmp-port-unreachable
REJECT all -- 76.161.185.123.broad.dl.ln.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all -- 122.42.23.58 anywhere reject-with icmp-port-unreachable
REJECT all -- 122.32.167.22 anywhere reject-with icmp-port-unreachable
REJECT all -- 121.170.3.23 anywhere reject-with icmp-port-unreachable
REJECT all -- 121.132.149.181 anywhere reject-with icmp-port-unreachable
REJECT all -- 120.132.102.7 anywhere reject-with icmp-port-unreachable
REJECT all -- 12.178.76.78 anywhere reject-with icmp-port-unreachable
REJECT all -- 117.194.100.120 anywhere reject-with icmp-port-unreachable
REJECT all -- 242.12.52.116.broad.km.yn.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all -- dynamic-ip-adsl.viettel.vn anywhere reject-with icmp-port-unreachable
REJECT all -- dynamic-adsl.viettel.vn anywhere reject-with icmp-port-unreachable
REJECT all -- 112.33.11.22 anywhere reject-with icmp-port-unreachable
REJECT all -- customer.worldstream.nl anywhere reject-with icmp-port-unreachable
REJECT all -- 109.197.85.35 anywhere reject-with icmp-port-unreachable
REJECT all -- 107.155.200.24 anywhere reject-with icmp-port-unreachable
REJECT all -- 106.12.81.245 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.99.3.95 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.99.3.134 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.99.2.140 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.99.0.219 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.99.0.189 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.99.0.188 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.99.0.187 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.89.91.227 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.89.91.207 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.89.88.218 anywhere reject-with icmp-port-unreachable
REJECT all -- 50.157.31.103.cni.net.id anywhere reject-with icmp-port-unreachable
REJECT all -- 103.207.37.217 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.207.37.142 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.207.36.187 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.114.105.79 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.114.105.38 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.114.104.201 anywhere reject-with icmp-port-unreachable
REJECT all -- 102.165.32.158 anywhere reject-with icmp-port-unreachable
REJECT all -- 1.234.79.66 anywhere reject-with icmp-port-unreachable
REJECT all -- lemonplus125.cheomplus.com anywhere reject-with icmp-port-unreachable
REJECT all -- 1.23.62.172 anywhere reject-with icmp-port-unreachable
REJECT all -- 1.100.149.252 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc
ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ufw-user-forward all -- anywhere anywhere
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- anywhere anywhere ctstate INVALID
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ufw-not-local all -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900
ufw-user-input all -- anywhere anywhere
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-user-output all -- anywhere anywhere
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
DROP all -- anywhere anywhere
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-track-forward (1 references)
target prot opt source destination
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere ctstate NEW
ACCEPT udp -- anywhere anywhere ctstate NEW
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:22
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:fsp
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:443
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:80
ACCEPT tcp -- anywhere anywhere tcp dpt:81
ACCEPT udp -- anywhere anywhere udp dpt:81
ACCEPT tcp -- anywhere anywhere tcp dpt:25565
ACCEPT udp -- anywhere anywhere udp dpt:25565
ACCEPT tcp -- anywhere anywhere tcp dpt:25566
ACCEPT udp -- anywhere anywhere udp dpt:25566
ACCEPT tcp -- anywhere anywhere tcp dpt:9987
ACCEPT udp -- anywhere anywhere udp dpt:9987
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT udp -- anywhere anywhere udp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT udp -- anywhere anywhere udp dpt:mysql
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
In the iptables output, I dont see any rules to allow ports 53 UDP & TCP for DNS (udp dpt:domain & tcp dpt:domain).
Try to configure the UFW firewall to also allow incoming 53 UDP + TCP for your local network only!
And when run the iptables command, better add the -n argument for numerical output so the command doesnt try to resolve all the IP's to names and displays port numbers instead of port describtions eg:
sudo iptables -L -n
Plus I notice you have fail2ban active for SSH and it banned a bunch already so you must have SSH open to the public (port forwarded on the router or something):
sudo fail2ban-client status sshd
Dont do the same port forwarding with DNS port 53 UDP or you'll be contributing to DDoS amplification attacks!
And Pi-hole might be hampered by the amount and type of DNS traffic attracted.
1 Like
Okay so, i removed the SSH entry from the firewall and remade it for the local network only. I did the same for the port 53. After that i changed my router settings again to use the Pi Hole and right now it seems to work! I can access the internet on my PC and the ads i usually see are blocked as far as i noticed now.
But thank you for the help you've given so far! 
EDIT: I got the ad on YouTube on my PC aswell now. Could it be that they're using domains for their ads that are not in the lists yet, so that i could just block them in the admin interface?
Actually.. i think they use the same domain for the YouTube videos and their ads.. You would have to block every single ad one by one, right?
EDIT EDIT: I figured out why it didn't block on my phone. Didn't know my phone uses IPv6.
Glad we've got this sorted
I try to summarize what we did during the length of this thread.
We configured your FB to distribute 192.168.178.46 as local DNS server to its DHCP clients via Heimnetz | Netzwerk | Netzwerkeinstellungen | IPv4-Adressen
We also got rid of a possible DNS loop by ensuring your FB is configured to use its default ISP-provided DNS servers as upstream DNS servers via Internet | Zugangsdaten | DNS-Server. Specifically, we removed Pi-hole from these settings, as to avoid closing the loop with your Pi-hole using your FB as one of its upstream servers.
We verified that your Pi-hole is up and running at 192.168.178.46, it is correctly configured to listen on its wlan0 interface and showing no signs of port conflicts.
However, Pi-hole still didn't register any incoming DNS requests from your Windows PC in pihole.log.
Monitoring DNS a the network level did prove that your RPi running Pi-hole received DNS packets, suggesting that something dropped these packets before they would reach Pi-hole, most likely a firewall.
Indeed, your firewall wasn't configured to allow correct handling of DNS requests.
(Thanks go to @deHakkelaar for jumping in at the late hours when I was grabbing some sleep 
)
Adding corresponding rules finally made your Pi-hole operational.
As a firewall on your RPi was blocking DNS traffic per se, it seems unlikely that your phone was using Pi-hole as its DNS server when it was able to resolve hostnames while your PC wasn't.
Hence, I'd suspect your phone to still bypass Pi-hole.
You might want to check your IPv6 settings in your FB.
Unfortunately, even with a correct router IPv6 configuration, it is not uncommon for phones to use your ISP-provided DNS directly.
This can be attributed to IPv6 auto configuration which allows and in fact encourages a device's network integration at the complete discretion of the device, rather than leaving it to the central authority of a DHCP server.
The amount of ads that is getting blocked will depend entirely on the blocklists and reg ex filters you chose to employ. The default lists shipping with Pi-hole already do a decent job.
If you want to expand on that, go for quality and content, not for sheer volume.
WaLLy3k’s Blocklist collection is a good starting point, and Steven Black’s hosts files do a good job in grouping blocking lists by topics.
Focus your attention on the sites you visit regularly - if they still show ads, go tune your blacklists until satisfied. After all, it’s of little use having a domain on your block list that you never visit.
If you are still seeing ads in places you visit regularly, How do I determine what domain an ad is coming from? has good insights on how to decide what sites to block.
Personally, I use a browser extension (uBO Scope ) to help me determine what sites a web page contacts and tries to contact in the background.
As for Youtube, blocking embedded ads is almost impossible, as the bulk of them is getting served by the same domain as the content.
2 Likes
I figured as much. As for the phone, i already fixed that. I didn't setup Pi Hole for IPv6 because i thought nothing in my network uses it anyway. But apparently my phone does. So that's setup aswell now. Also thank you for the links to the collections! I'll see if i can add them to my Pi Hole.
Thank you all so much for the help! 
2 Likes
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.