Visiting www.dilbert.com on iPad and Mac, Pi-Hole successfully blocks ads. Visiting the same site from Windows 10 PC in Edge browser and in Chrome, Pi-Hole seems to initially block ads but then the ads appear after 10-20 seconds. I copied the link from the little icon at the bottom of each add, then added that link to blacklist, but I still have the same problem in Window 10. In Chrome I even disabled QUIC but that did not make a difference.
What can I do to fix this?
Please generate a debug log, upload it when prompted and post the token here.
Uploaded to https://tricorder.pi-hole.net/U5e3hcfw/
In addition to above mentioned unresolved issue on dlibert.com, on my Windows10 PC in outlook.live.com I get ads from Add Choices, looks like https://adclick.g.doubleclick.net then a long string.
Since your issue is specific for your Win10 client, it is likely that something on the client would by-pass Pi-hole.
Browsers may by-pass Pi-hole (or any classic DNS) if DNS-over-HTTPS (DoH) is enabled.
Please verify that DoH is disabled in your Edge and Chrome browsers.
Thanks for speedy reply. Tried that and found I do not have the option to turn on "Use Secure DNS" in Chrome as the setting is disabled on managed browsers--mine is managed by my employer. I also tried looking up Secure DNS Lookup in chrome://flags/#dns-over-https but that choice is not there in Chrome nor in similar space in Edge. I am checking with my tech support at work to see if they can make this option available--won't know until AM.
Is there any other option? I am currently using setup #3 for Pi Hole, I have select devices going to Pi Hole for DNS and I have others that do not. If I changed to any of the other options for Pi Hole setup, would it make a difference?
As it turns out I am able to change the settings in Edge but I still get ads in outlook.live.com in Edge.on Windows 10. Is there anything else I can try?
I don't know what you are trying to convey by "setup #3".
Could you elaborate?
If a browser has DoH enabled, it will by-pass Pi-hole.
The only way to change that is to disable DoH via the affected browser's options.
However, in general, companies are specifically keen on disabling DoH, since it would interfere with local domain resolution (at least if a company runs internal servers that should be accessible by name).
So if your company would somehow control your browser's settings, I'd expect DoH to be disabled.
If your issue is not with DoH, it may be related to another client-side component.
Some antivirus softwares have a DNS feature that would force DNS through their DNS servers, either by default or when they think they detect DNS issues (like Pi-hole blocking queries).
You may want to disable features like AVG Secure DNS or AVAST Real-Site.
And finally, I should also mention incorrect IPv6 DNS server configuration in your router as a possible cause, allowing all clients to by-pass Pi-hole via IPv6 - though in that case, I'd expect all your clients to be affected, not just Win10.
When I refer to option #3, I refer to this, “ you can always manually set each device to use Pi-hole as their DNS server.”
This is how I am currently using Pi Hole, with each device manually set to use Pi Hole as their DNS server. This way I have some that use it and some that do not.
Are you able to see any client side cause in the debug I sent?
No, as client configuration is done on a client.
The same is true for your router, though the DHCP server section at least tells us what your router is instructing your IPv4 clients to use.
However, it would be a good idea if you could post a fresh token, since your previous one has expired in the meantime (debug logs auto-delete after 48 hours, and yours has reached day 3 by now).
Note that in a network with IPv6 connectivity, you'd have to configure IPv4 as well as IPv6 DNS settings on your client.
Here is the new token
https://tricorder.pi-hole.net/RgeccSRx/
FYI I configured IPv4 and did nothing about IPv6 on Pi Hole and on all devices. I did not check my router for anything. Should I check router? Should I configure both?
I do not have the virus products referred to here.
My router does indicate IPv6 is enabled - Automatic. It shows a DUID setting with a long string that resembles a MAC address. It has 6rd tunnel disabled and nothing in the fields for Prefix, prefix length, border relay or IPv4 mask length.
What, if any, IPv6 setting do I need in Pi Hole and will this fix it for Win10 devices? iOS devices already block ads successfully.
Your debug log shows that your network has no public IPv6 connectivity.
Still, your router may distribute its link-local IPv6 address (starting with fe80:) as DNS server for IPv6.
Check your Win10 machine if that's the case by inspecting the DNS server section of the following command (run on your Win10 box):
ipconfig /all
If that is too hard to read, here is txt version:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DAVID-SCHWARTZ
Primary Dns Suffix . . . . . . . : alliedbeverage.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : alliedbeverage.com
verizon.net
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . : alliedbeverage.com
Description . . . . . . . . . . . : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Physical Address. . . . . . . . . : 00-05-9A-3C-7A-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3177:d1aa:5d97:caa2%7(Preferred)
Link-local IPv6 Address . . . . . : fe80::de0a:724f:246d:276d%7(Preferred)
IPv4 Address. . . . . . . . . . . : 10.16.192.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.192.0
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 218105242
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-10-DC-FD-E4-B9-7A-DC-84-11
DNS Servers . . . . . . . . . . . : 10.10.11.21
10.10.11.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : verizon.net
Description . . . . . . . . . . . : Realtek USB GbE Family Controller
Physical Address. . . . . . . . . : E4-B9-7A-DC-84-11
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f43d:a5a9:4038:f5d6%17(Preferred)
IPv4 Address. . . . . . . . . . . : 10.222.1.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.222.1.1
DHCPv6 IAID . . . . . . . . . . . : 132430202
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-10-DC-FD-E4-B9-7A-DC-84-11
DNS Servers . . . . . . . . . . . : 10.222.1.84
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
verizon.net
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : verizon.net
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8265
Physical Address. . . . . . . . . : DC-8B-28-59-62-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : DC-8B-28-59-62-FE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : DE-8B-28-59-62-FD
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : DC-8B-28-59-63-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
I have two Win10 PC's on network, each have a different link-local IPv6 address. Do I need to add these addresses somewhere in Pi Hole or do I need to change some other setting so both Win10 PCs have ad blocking?
Will it work better if I use Pi Hole as DHCP server for local network, that is, will doing so overcome this Win10 issue?
Your Windows machine is part of different subnets and has an overall total of 4 DNS server to choose from:
Your client would be free to by-pass your Pi-hole at 10.222.1.84 by any of the other DNS servers.
It will always do so for traffic that flows through your Cisco AnyConnect network adapter.
For the Realtek adapter, your client will by-pass Pi-hole via 8.8.8.8 at times.
Pi-hole has to be your sole DNS server, at least for your Realtek adapter connecting to your home network.
You should remove 8.8.8.8 from your cllient configuration.