rpi4 - Previously, my pi-hole seemed active, like it was constantly blocking. Now it's only working in fits and starts. Total queries and queries blocked is exceptionally low for a blocklist of like 300k.
The log reveals that the router is the DHCP server and is giving itself (the router's IP) to clients to use as the DNS server, instead of giving Pi-hole's IP. To fix this, go into your router's settings, find the DHCP/LAN section and edit the DNS servers so that Pi-hole's IP is being used. Savr the changes, then take each device on your network and bounce it off and back on the network to pick up the new settings.
Remove the secondary DNS server, because any device using it will be bypassing Pi-hole. Don't forget to take your devices and computers off and back on the network to pick up the DNS settings.
From a computer which should be using Pi-hole, try the following commands in a terminal to confirm that it's using Pi-hole:
Check what server it's using – only Pi-hole can resolve this special domain name
nslookup pi.hole
Check again, this time explicitly asking Pi-hole
nslookup pi.hole 192.168.1.197
Check if this domain is being blocked, it will be if Pi-hole is being used
nslookup flurry.com
Check again, once again explicitly asking Pi-hole
nslookup flurry.com 192.168.1.197
Appreciate your help so far.
Starting with that first nslookup - it says server cant find pi.hole. Server is 8.8.8.8. Issue with the secondary DNS thing is my router is one of the Spectrum routers and I have to put a 2nd DNS
So it's bypassing Pi-hole and using Google's public DNS. Since that didn't come from the router (which has Cloudflare as a secondary), perhaps it's adding Google itself. I know some Android smartphones will do this, seemingly with no way to disable it. You need to find out where that Google entry is coming from and eliminate the source, if possible, or else that device will always be able to bypass Pi-hole.
Another possibility, for anyone seeing this later on, is some routers have a firewall capability which lets you redirect traffic, so you could arrange that all traffic to 8.8.8.8 is sent to Pi-hole, so even if it tried to bypass it, it ends up going to Pi-hole anyway. But it sounds like your router cannot do that. Another option, instead of redirecting it is to simply block it. At least then nothing can easily work around Pi-hole. Again, it needs a firewall feature on the router which supports this, but this is a bit more common than the previously mentioned redirection option.
As for the Spectrum router, are you able to enter the Pi-hole IP for both entries? If you're forced to have a non-Pi-hole entry then clients will always have a server which bypasses Pi-hole.
Alternatively, are you able to disable the router's DHCP setting completely? If so, you could enable Pi-hole's DHCP server and use that instead. Note that it needs a little planning, depending on what you have on your network.
These awful Spectrum routers don't allow duplicate IPs or solo IPs. The entries have to differ. Is there a good secondary IP you recommend?
And no, router doesn't let me mess with DHCP at all.
Try 0.0.0.0.
Router only allows 1.0.0.0 - 255.255.255.255.
Would 1.0.0.0 work?
I don't know... try it.
Nah it didn’t like that. WiFi stopped working after I changed secondary DNS to that
Your Pi-hole has a wired interface with address 192.168.1.197 and a wireless interface with address 192.168.1.199. Pi-hole is configured to use the former.
See what happens if you use both of those addresses in your router for the Primary and Secondary DNS. Even if one fails, clients should settle on the working one.
It didn't like that either. Whenever I add a secondary DNS, wifi stops working altogether. Seems like it's blocking some embedded ads on desktop sites but nothing on mobile and nothing on my Roku TV, which it has done in the past. I fear this router may just not be compatible with the Pi.
A friend had a Roku and it had its own DNS hardcoded in. The only way around that was to firewall it on the router and redirect to the Pi-hole, but alas he lacked any hardware that could do that, so the Roku bypassed his Pi-hole all the time.
If you cannot leave the second DNS blank and cannot set it to another local IP, nor disable DHCP entirely, then speak with your ISP and get something else that's usable. Check your mobile devices and make sure they're not secretly adding Google's DNS in; for example the OPPO does that, also OnePlus.
Good call on setting my DNS manually on my phone. Seems like the queries shot up quickly so that tells me it's working. All the junk is blocked on cnn.com as well, which has been my litmus test. Thank you for that. I think this is about as good as it's getting to get.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.