Your new debug token shows Pi-hole is active and working (blocking) as it should.
Your screenshot from your PC look suspicious as nothing is blocked there. Do you run any software on that machine that could interfere with DNS? Some anti-virus, anti-malware software? Avast real site?
I do have Avast on my PC, but the thing is on all my devices Pihole is not blocking, other devices are iPhone, ipad, Samsuns S20FE, and a macbook. So on the other devices I do not have any antivirus.
For completeness, what happens when you try the following commands in the Pi-hole Linux terminal:
dig @127.0.0.1 flurry.com +short
nslookup flurry.com
nslookup flurry.com localhost
And then what do you get when you try the following commands from your Windows terminal:
nslookup flurry.com
nslookup flurry.com 192.168.0.170
Note you can right-click the Windows terminal afterwards and select Mark and then drag the area to copy and press Enter to copy the text, and paste that directly in here, rather than have to do a screenshot.
Are you sure your PC is using the DNS servers configured on your router?
Sometimes you need to renew the DHCP lease before the changes take effect.
On the same screen (below the items on the image), there should be a section called "DHCP Client List".
Do you see your PC there? do you see all other devices there?
Here is what I get for the first command on the Pi-hole device:
dig @127.0.0.1 flurry.com +short
nslookup flurry.com
nslookup flurry.com localhost
0.0.0.0
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: flurry.com
Address: 74.6.136.150
Name: flurry.com
Address: 98.136.103.23
Name: flurry.com
Address: 212.82.100.150
Server: localhost
Address: 127.0.0.1#53
Name: flurry.com
Address: 0.0.0.0
Name: flurry.com
Address: ::
And this is what I get on my windows PC
flurry.com
Server: pi.hole
Address: 192.168.0.170
Non-authoritative answer:
Name: flurry.com
Addresses: 98.136.103.23
212.82.100.150
74.6.136.150
C:\Users\selwa>nslookup flurry.com 192.168.0.170
Server: pi.hole
Address: 192.168.0.170
Non-authoritative answer:
Name: flurry.com
Addresses: 98.136.103.23
212.82.100.150
74.6.136.150
Yes I do see my PC here in the list it is the one that ends with .201
On top of that I did flush my DNS to make sure my PC is using the Pi-hole DNS and I added it in the network:
And I also made sure I am only using IPv4 as you can see in the second picture:
Note: I did make sure the DNS to be set as 192.168.0.170 manually on all my devices just in case the router does not change them.
Try to address your PC issues first.
AVAST Real-Site's DNS feature may force your PC's DNS through their own DNS servers.
That feature should be disabled if you'd want your PC to use Pi-hole.
Also, let's have a look at the DNS servers that your clients are aware of.
Run from your Windows PC, search the output of the following command:
ipconfig /all
We'd just be interested in the few lines of the DNS server section from that output.
1 Like
Well, I have some weird updates. Today when I deactivated the Real Site from avast, the msn.com was blocked and I checked all of my devices and msn.com is being blocked on all of them except my iphone. So what could be happening here, note I checked the ipad to see the difference in the wifi setting and they are both identical with DNS being set manually on 192.168.0.170
Here is the command output:
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-D8MIRA6
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Unknown adapter SecureLine:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Avast SecureLine Wintun Adapter
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V
Physical Address. . . . . . . . . : BLURRED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, March 14, 2023 11:02:27 AM
Lease Expires . . . . . . . . . . : Tuesday, March 14, 2023 3:53:49 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.170
NetBIOS over Tcpip. . . . . . . . : Disabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8723B Wireless LAN 802.11n USB 2.0 Network Adapter
Physical Address. . . . . . . . . : BLURRED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : BLURRED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : BLURRED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : BLURRED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
So if you look at your Pihole query logs, do you see queries to msn.com? If so, what are the responses that are logged ("OK," "BLOCKED," etc.)?
Well here is a screenshot of how it looks like from my PC if I am trying to access msn.com.
However in the Querey Log I do not see that I accessed msn.com from my mobile here is a picture of the logs, and I did access msn.com at 18:41 and at 18:43. I do not see the logs alot from my phone. Only sometimes do I see logs.
Looks like Pihole is working when accessed from your device at 192.168.0.201.
Whatever device is at 192.168.0.64 is sending requests to the Pihole as well, but I don't know what device that is. If you accessed msn.com from your iPhone during this logged period you've shown, the iPhone doesn't seem to be using Pihole for DNS for those queries.
The takeaway is that you're going to want to determine what device is using which DNS. iPhones show their configured DNS under Settings/Wifi then clicking on the Info button by the SSID you're connected to, Configure DNS. The DNS servers will be listed on "Configure DNS" details screen. If they're not what you're expecting, you can switch to Manual on this screen and enter the address of your Pihole (at least for testing).
That is exactly what I did, the 192.168.0.64 is actually the iPhone ip address, DNS was configured automatically to 192.168.0.170. When I saw that this did not solve the problem I added it manually. Even with it being available manually sometimes it does not use this DNS. That is what I think atleast because it doesn't always show under query log in Pi-hole.
Do you use the iCloud Privat-Relay function?
I just checked and it is off
That looks as expected.
One of your previous screenshots shows that you have explicitly disabled IPv6 on your Windows machine.
However, your debug log shows that your network has indeed full IPv6 connectivity:
*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] smetrics.home.kpmg is :: on lo (::1)
[✓] smetrics.home.kpmg is on eno1 (fe80::<redacted>)
[✓] No IPv6 address available on wlp1s0b1
[✓] doubleclick.com is via a remote, public DNS server (2001:4860:4860::8888)
Together with your observation that none of your iPhone's DNS requests are registering in Pi-hole, that would strongly suggest that your iPhone would use another DNS server, most likely your router's IPv6.
You should be able to verify that by re-enabling IPv6 protocols on your Windows machine and rechecking its ipconfig DNS servers.
I did not understand properly. But do you mean if I see an IPv6 Address in the cmd command, then that would mean that my router is enabling IPv6? and I should disable IPv6 on my router?
.
.
This is the command output on CMD after enabling IPv6:
ipconfig
Windows IP Configuration
Unknown adapter SecureLine:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : BLURRED
IPv4 Address. . . . . . . . . . . : 192.168.0.201
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
.
.
If you meant I should run ipconfig /all then this is the part regarding the Ethernet adapter:
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V
Physical Address. . . . . . . . . : BLURRED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : BLURRED(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, March 14, 2023 11:26:05 PM
Lease Expires . . . . . . . . . . : Wednesday, March 15, 2023 1:51:59 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 122473578
DHCPv6 Client DUID. . . . . . . . : BLURRED
DNS Servers . . . . . . . . . . . : 192.168.0.170
NetBIOS over Tcpip. . . . . . . . : Disabled
.
NOTE: I honestly have no idea if I am supposed to show the IPv6 address or not, so when you see BLURRED I removed the addresses and write it manually.
.
.
The screenshot shows that I did not set a DNS address (as I do not know whether I should do it for Pi-hole or not, neither do I know how):
.
.
This screenshot shows the router settings, and I do not know or understand IPv6, and I have not changed anything before:
You can check what DNS server(s) is/are advertised via router IPv6 RA (Router Advertisement) if install below on the Pi-hole or other Linux host:
sudo apt install ndisc6
FYI:
$ apt show ndisc6
[..]
Description: IPv6 diagnostic tools
ndisc6 gathers a few diagnostic tools for IPv6 networks including:
- ndisc6, which performs ICMPv6 Neighbor Discovery in userland,
- rdisc6, which performs ICMPv6 Router Discovery in userland,
- rltraceroute6, a UDP/ICMP IPv6 implementation of traceroute,
- tcptraceroute6, a TCP/IPv6-based traceroute implementation,
- tcpspray6, a TCP/IP Discard/Echo bandwidth meter,
- addrinfo, easy script interface for hostname and address resolution,
- dnssort, DNS sorting script.
If you run below one, it will show you the MAC address from which the RA is coming from, the IPv6 prefixes and DNS server(s) advertised:
rdisc6 <NETWORK_INTERFACE_NAME>
Maybe it needs sudo in front of it or root powers for your distro.
I do not understand what do you mean, did you check my previeous post? Because I think IPv6 is switched off or am I wrong?
Are you not curious?
If no RA's are advertised on your LAN (could be any device in theory), you should see something like below:
pi@ph5b:~ $ rdisc6 eth0
Soliciting ff02::2 (ff02::2) on eth0...
Timed out.
Timed out.
Timed out.
No response.
EDIT: But if there are:
$ rdisc6 eth0
[..]
Prefix : fd00::/64
[..]
Recursive DNS server : fd00::3ea6:xxxx:xxxx:xxxx
[..]
Source link-layer address: 3C:A6:2F:XX:XX:XX
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.