Pi Hole showing my router IP as client as well as devices IPs

Cheap-Patience · January 4, 2020, 11:06pm

I'm having a strange issue where my Router WAN IP is showing as a client in the Pi Hole dashboard. It's not the usual issue where it only shows the Router IP for all requests, in my case it does show all my devices IPs individually AND my router IP, see below:

https://imgur.com/RpJttlO

If I go to the IP shown on the list in my browser I get my router dashboard screen that I'd normally get when visiting the local router IP.

Is this normal? Further down I can see my router local IP not going through Pi Hole which is what I would expect:

https://imgur.com/ZkbI5Hl

I have my Pi Hole setup with a static IP and set it up in my router as the DNS, DCHP is enabled in my router and disabled on Pi Hole. I have my Raspberry Pi connected via Wifi to my router (A+ model so no eth port)

Everything works fine as far as I can tell, I'm just getting a bunch of requests coming from this client that I don't think should be going through Pi Hole.

Expected Behaviour:

Pi Hole dashboard should only display the IPs of the clients connected to it.

Actual Behaviour:

Pi Hole dashboard displays both client IPs and router IP.

Debug Token:

oj2itsg3u5

Tesserax · January 5, 2020, 6:56am

@Cheap-Patience Welcome to the Pi-hole community!

Let's double-check your Pi-hole's settings. Please provide the output for the following commands while ssh'd into the Pi-hole:

cat /etc/pihole/install.log
cat /etc/pihole/setupVars.conf

Cheap-Patience · January 5, 2020, 10:46am

Thanks, here it is:

[✓] Checking for user 'pihole'
[✓] Installing scripts from /etc/.pihole

[i] Installing configs from /etc/.pihole...
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
[✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf

[i] Installing blocking page...
[✓] Creating directory for blocking page, and copying files
[✗] Backing up index.lighttpd.html
No default index.lighttpd.html file found... not backing up

[✓] Installing sudoer file

[✓] Installing latest Cron script

[✓] Installing latest logrotate script
[i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old
[✓] man pages installed and database updated

WEBPASSWORD=dec21b823d6e534194fbfa90a6cf0533ff01a2ea47b33ce527a4d06260ef30e8
BLOCKING_ENABLED=true
DHCP_START=192.168.1.101
DHCP_END=192.168.1.251
DHCP_ROUTER=192.168.1.1
DHCP_LEASETIME=24
PIHOLE_DOMAIN=lan
DHCP_IPv6=false
DHCP_rapid_commit=false
DNSMASQ_LISTENING=single
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false
DHCP_ACTIVE=false
PIHOLE_INTERFACE=wlan0
IPV4_ADDRESS=192.168.1.6/24
IPV6_ADDRESS=fd58:1f28:6cb:7100:a74f:819a:ed30:96aa
PIHOLE_DNS_1=127.0.0.1#54
PIHOLE_DNS_2=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true

I'm using DoH through cloudflared so the DNS points to 127.0.0.1#54.

Tesserax · January 5, 2020, 5:39pm

Hmm, I would have expected that the PIHOLE_DNS values would be set to the upstream recursive Cloudflare DNS servers and not back to itself.

Cheap-Patience · January 5, 2020, 7:56pm

cloudflared is running locally on port 54 and pointing to Cloudflare's 1.1.1.1 and 1.0.0.1 domains, I used the following guide:

Tesserax · January 5, 2020, 8:16pm

@Cheap-Patience Ah, you did mention this in your previous reply and thanks for the link to the article. Ok, I see what you have been up to. I personally haven't tried this myself, so I really can't offer any thoughts. My best guess at this time is that changing the servers manually in the 01-pihole.conf file (which is used to control how dnsmasq functions) to point to it 127.0.0.1 address, may be the reason your router is showing up in the Pi-hole Dashboard. Sorry, that I couldn't provide you with an exact answer.

Cheap-Patience · January 5, 2020, 9:28pm

Thanks for your comments, now that I have a better look at it some of the requests showing up in the log as the router are coming from real devices, for example if I go to pi-hole.net on my laptop sometimes it'll show with my router IP in the logs and sometimes it'll show the actual device IP.

I think I'd be better off if I set up my Pi Hole as the DHCP server, would that fix the issue?

Bucking_Horn · January 5, 2020, 9:40pm

Three questions:

How is your laptop connected? Via WLAN or via Ethernet cable, or maybe both?
How did you configure your router to use Pi-hole? Specifically, did you employ more than one configuration option to set Pi-hole as DNS, e.g. something like Internet WAN settings and local DHCP settings?
Are you using a WLAN repeater or an additional access point to extend your WiFi?

Cheap-Patience · January 5, 2020, 9:48pm

WLAN, all my devices are including the Pi Hole itself.

Well there's 2 places where I set it up, my router is a Huawei HG633 btw:

https://imgur.com/ckpXl02

And here:

https://imgur.com/a/Uz1KSe1

No, just the one wifi router / modem from my ISP.

Bucking_Horn · January 5, 2020, 10:15pm

You have configured your router to issue Pi-hole both as

local DNS server to be used by its DHCP clients (through your router's DHCP panel)
as well as
the router's upstream DNS server (through your router's Internet_VDSL panel)

Strictly speaking - as your router supports it - only option 1. would be required to make Pi-hole resolving DNS queries on your local network.

But as you see quite a few queries in Pi-hole's Query Log that seem to originate from your router, it seems like
a.) your router is still receiving DNS queries from your network clients that it passes on to its upsteam DNS, or
b.) your router issues these queries all by itself

Option b.) would imply that you only see router related domains being queried, i.e. no youtube or google searches, but rather only requests to Huawei sites, time servers and the like.

Option a.) could happen if your router offers at least two WLAN networks, often a home and a guest network, where the guest network auto-configures the router as local DNS.
(The same could be true for a WLAN repeater forwarding requests to your router, but you have ruled that one out - no repeaters on your net - or if your laptop would connect to home net via Ethernet and to guest net via WLAN, which you also ruled out).

Option a.) also would occur if you setup and enabled Pi-hole only recently. Your router might advertise the new Pi-hole DNS only on lease expiration, which your screenshot shows to be happening after a day currently.

At the moment, this seems the most likely explanation.for your observation.
Once the 24 hour lease duration expires, your devices will finally get to know Pi-hole for sure. Note that DNS filtering by Pi-hole still might lag behind, as your devices might still cache responses to previous DNS queries that were not answered by Pi-hole.

You could enforce lease renewal by switching off or disconnecting a device, or by a router reboot.

Edit:
Oh, and I almost forgot: You can upload images straight into a forum post, without a third party like imgur. That saves a few clicks for you on upload as well as for your readers here, by allowing for easier viewing

Cheap-Patience · January 5, 2020, 10:38pm

Thanks for your detailed answer, to address some of your comments:

I see, should I change the router’s upstream DNS server to something like cloudflare's IPs then?

From the logs I can see my devices queries showing up (youtube, google, etc) so we could rule this one out.

Maybe, I just setup the Pi yesterday so does this mean it'll fix itself over time?

Thanks I didn't know that, will keep it in mind

Bucking_Horn · January 5, 2020, 10:52pm

Entirely up to your preferences.

If your router does provide a WiFi guest network, your current setting may well be your only option to force Pi-hole on your guest network (though it's up to you if you want to actually enforce this).

For the time being, I wouldn't touch the setting until you have confirmed that your network clients have successfully switched over to Pi-hole after lease expiration - roughly another 24 hours

Yes, that it will.

As your laptop shows up in your Query Log now, it likely has renewed it's lease and is using Pi-hole as DNS server now.
On clients that support it, you could also verify this by issuing an nslookup command for your favourite web site from a command prompt or terminal window (usually PCs and laptops can, while smartphones or IoT devices do not offer CLI action off the shelf).

Keep in mind that device DNS caching can delay Pi-hole's filtering. You will know this if you see same-type ads on some devices but not on others, with those devices showing ads not querying Pi-hole for the ad's origin sites at all.
This will grow out once the device DNS cache expires. Alternatively, a device restart should wipe its cache and fix this straight away.

Either way, your *.131 router should gradually disappear from the top of Pi-hole's Query Log over the next 24 hours.

Jawbone · January 7, 2020, 4:43am

Interesting thread. My pihole also showed my router IP address as a client, and had several blocked domains including netflix. I am definitely confused by that since I have an Asus router that shouldn't be contacting netflix by itself. From this thread I am guessing it's another client, however I had mine setup such that only my desktop computer routed to pi-hole for dns, and my router was normal.

I just switched my router to point to the pihole for DNS so it will be interesting to see if this changes anything with my router showing up as a client.