Hello all - I'm new to Pi-hole and Linux. I just set up my Pi-hole last Sunday and loaded several porn sites for it to block.
I'm noticing that it's blocking Pornhub, but won't block xnxx.com, www.tushy.com etc. It's also not blocking ads when I turn of uBlock origin in Chrome.
Block ads and porn sites
Version Fios G3100 router
Windows 10 Home machine used to set-up pi-hole via VNC viewer
20H2
pihole connected via ethernet cable
Only blocks Pornhub
Please run from a client you can still access the porn site
nslookup www.tushy.com
and post the output.
Could you share an example of a successful DNS lookup for a domain that you expect to be blocked, please?
Whether Pi-hole would block a given porn site at all, or to which extent it would do so, would entirely depend on the blocklists that you chose to employ.
Any complaints concerning quality or content of those blocklists should be addressed with the respective blocklist maintainers.
You have about 6,700 domains on your local blacklist. Is there a reason you chose this route instead of subscribing to one of the public porn blocklists?
pi@pihole:~ $ nslookup www.tushy.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: www.tushy.com
Address: 104.20.90.240
Name: www.tushy.com
Address: 104.20.91.240
Does the
Server: 8. 8. 8. 8
and
Address: 8. 8. 8. 8#53
Mean that pihole is not filtering the DNS's?
Makes sense - will the above output work?
I got these from a list that I found in a repo that was seemed to be comprehensive - in fact I wasn't able to pull in all the domains in the list because it's so comprehensive. Just trying to cast a wide net as I want to block as much pr0n as possible.
I'm new Linux specifically and programming generally (most experience is with Node.js and front end dev) so I appreciate the patience and the help!
That client is not using Pi-hole for DNS. It is using the Google DNS servers, bypassing Pi-hole.
Cool, that's what I thought. Is this something that I should configure with pihole or is it something I should do with my router?
From what client are you running this nlsookup? That will determine how you change the nameserver for that client.
Edit - this appears to be from the Pi-hole host terminal. Are you seeing the same results from other network clients?
SSH from my Windows machine.
That's correct. I'm trying to SSH to pihole from my Macbook and it won't connect for some reason.
Run the nslookup directly from the Mac terminal or the Windows command prompt, and not via ssh to the Pi.
When I do nslookup using my Windows machine in the Git Bash terminal, this is what I get:
$ nslookup www.tushy.com
Server: G3100.myfiosgateway.com
Address: 2600:4040:1328:a300::1
Name: www.tushy.com
Address: ::
here's what I get from the Mac:
-MBP:~ $ nslookup www.tushy.com
Server: 2600:4040:1328:a300::1
Address: 2600:4040:1328:a300::1#53
*** Can't find [www.tushy.com](http://www.tushy.com): No answer
Could it be that it's working for my Macbook?
The Mac looks like it's using IPv6 instead of IPv4.
Both of these look like they The Mac appears to be using an IPv6 DNS from your ISP.
So it seems that the configuration of my router isn't right.
If the client is getting an IPv6 IP that is not Pi-hole, I think the problem lies in the router.
Got it. I'll dig into the docs for the router. Thanks for the help!
I've dug into the docs, set a static IP and played with a few more settings and unfortunately, my pihole setup is not blocking anything now, porn sites are getting through as are ads.
How should I go about seeing where the problem is?
From my Windows machine:
$ nslookup flurry.com
Non-authoritative answer:
Server: G3100.myfiosgateway.com
Address: 2600:4040:1328:a300::1
Name: flurry.com
Addresses: 212.82.100.150
74.6.136.150
98.136.103.23
Does the above mean that my router is using G3100.myfiosgateway.com as its DNS server?
Yes, via IPv6.
Is it possible that IPv4 is being bypassed and IPv6 is being used instead?
Is there a configuration I should do for IPv6 also?
That IPv6 adress ending in ::1 likely is that of your router.
With IPv6, your router may be advertising its own IPv6 address as DNS server, and thus any device may by-pass Pi-hole via IPv6.
You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server instead of its own.
You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.
If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.
If your router doesn't support that either, your clients will always be able to bypass Pi-hole via IPv6.