Pi Hole Working Intermittently

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

pi-hole should be working consistently across all devices.

Actual Behaviour:

Getting intermittent success, but usually failing to block. I am testing with the suggested page here: Block Ads!

This morning it was saying that blocking was successful on my desktop, but was not working correctly on my phone. Came back after work to try and diagnose phone issues and now desktop is also not working.

Initial suspicion was that it was falling back to a google DNS but I double checked and I only have my pi-hole IP listed as DNS servers on both my phone and desktop.

Fair warning that Im very new to raspberry pis and pi-hole, so apologies if it's something obvious.

Debug Token:

it4h7lyus0

3

Looking at your debug log, there are a few errors reported, perhaps not the cause of your problem but we'll fix them.

The IPV4 address on the ethernet interface does not match the IP address that Pi-Hole is using. Is there a wireless interface on the Pi that you are using? What static IP have you assigned to the Pi from your router, and is this the same as the IP you have put into your clients?

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
   192.168.0.23/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

What is the output of the following command run from the Pi terminal:

cat /etc/pihole/setupVars.conf

4

The pi has both wireless and eth. Static IP was set at 192.168.0.23 for ethernet and 192.168.0.18 for wireless.

Was trying to setup eth0 as the address for it to use, so the below seems correct to me? Clients are also configured with the 23 address.

PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.0.23/24
IPV6_ADDRESS=2601:....
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=8.8.8.8
PIHOLE_DNS_2=8.8.4.4
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false
5

Just to ensure it is using the correct interface (which I suspect it is, but debug log has the error) - run pihole -r and select reconfigure. Select the ethernet IP address when asked which one to use.

6

Then re-run debug log, upload it, and post the token.

7

So not to confuse things, but I ran the reconfigure and selected the wifi connection instead, as I think thats actually what I want long term.

Debug output toke is: knu9f38s5m

Seems that networking now has no errors, but new IP address for DNS is the .18 one instead. I configured my DNS at the router level and still see the same issue.

8

Another thing that I noticed is that when I shut off the pi, everything still continues to work... which leads me to believe maybe my pihole is configured properly but maybe my router/client isnt?

On my desktop I have the following settings:

Windows IP Configuration

   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:...e(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:...(Preferred)
   Link-local IPv6 Address . . . . . : fe80::70dd:f956:a8dd:b13e%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.14(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, September 20, 2018 8:16:48 PM
   Lease Expires . . . . . . . . . . : Friday, September 21, 2018 8:16:48 PM
   Default Gateway . . . . . . . . . : fe80::a263:91ff:fe5d:408a%13
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 126408694
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-C4-E5-1A-88-D7-F6-40-11-A0
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       192.168.0.18
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\billy>ping 192.168.0.18

Pinging 192.168.0.18 with 32 bytes of data:
Reply from 192.168.0.14: Destination host unreachable.

Ping statistics for 192.168.0.18:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Control-C

So it can't reach the DNS server but then...

C:\Users\billy>curl google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>

And everything continues to work in my browser... So it seems that Im not even leveraging the proper DNS server?

9

You appear to have another DNS bypassing the Pi-Hole. I would look carefully at IPV6 as well as IPV4. Go client by client to figure this out.
Some routers have hard to find settings that provide sneak paths. Encrypted DNS, Disney filtering, etc.

1 Like
10

Ok, maybe some further progress.

It seems that maybe it has to do with having ipv6? My router provides no option to specify an IPv6 DNS server as far as I can tell, but it seems that my desktop at least is leveraging the IPv6 DNS address.

If I run an nslookup without the DNS set manually I get:

C:\Users\billy>nslookup google.com
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4005:802::200e
          172.217.5.78

But if I change my IPv6 DNS server explicitly on my desktop to be the pihole:

C:\Users\Tim>nslookup google.com
Server:  raspberrypi
Address:  2601:...

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4005:808::200e
          172.217.5.110

And then ads seem to be blocked properly!

It does seem as though my router has no ability to set IPv6 DNS: C3700-100NAS how to set IPv6 DNS servers - NETGEAR Communities

In this case, what would the recommended action be? Should I leverage the built in DHCP server instead here to make this easier? Or is it best to just set all clients IPv6 DNS manually?

11

I would go with the Pi-Hole DHCP.

13

Well, it seems that even with the DHCP server running on the pi, it still is retrieving IPV6 from the router, and I dont have a way to disable that. Looks like it might be time for a new router...

15

Done, and thank you. I don't see an obvious setting in my router for this... Is there an easy way to test this?

18

Your new debug log looks completely normal. The previous errors are corrected.

The problem is likely in the router. What router are you using?

20

Thanks. I missed that in the previous reply.

22

I took a look at the manual for your router. Looks like one provided by an ISP. Since this is both the modem and router, you can hang on to this one if you decide to get a new router, and just use the modem part (turn off the router, put it in bridge, turn off the radio, etc.).

Since your Pi-Hole is working intermittently, it looks like clients are going to an alternate DNS path on occasion. A few places I would check on your router:

  1. Parental controls - this uses OpenDNS in the background and that feature would provide a bypass, but all the time. Page 25 of the manual.
  2. Dynamic DNS - you don't want to use this. Page 62 of the manual.

It's not likely that you have either of these enabled.

Not being a fan of ISP routers that can't be configured by the user, I would second your thought that it's time for a new router.

23

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.