I set up Pihole on a Pi Zero, running Raspbian 9/10 about 6 months ago. It is connected to my router (Linksys Velop) via ethernet. I have reserved the Pi's IP address in the router's DHCP reservations, and I've enabled DHCP server functions on the router, pointing the Static DNS 1 to the Pi's IP, and the rest to 0.0.0.0. To my understanding, I followed the most up-to-date guidance at the time I went through the setup and it worked really well for months.
More recently, I have noticed that applications and sites that Pihole used to successfully block ads on now have ads again. For some reason, the router itself seems to be rate-limiting, and I don't yet know enough to work out why, and I don't know to what extent this is contributing to the overall problem.
Any help or guidance would be much appreciated. Sorry if this is the millionth time you've had this type of query - each other similar case I've looked at has gone over my head so far.
Note that rate-limiting by itself wouldn't make ads reappear.
It would primarily cause a delay in lookups - and that may have your router prefer another DNS server.
From your debug log, I can see that your router is distributing itself as DNS server:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
* Received 327 bytes from eth0:192.168.1.1
Offered IP address: 192.168.1.22
DHCP options:
Message type: DHCPOFFER (2)
dns-server: 192.168.1.1
router: 192.168.1.1
This is a valid setup if your your router is using Pi-hole as its upstream, but it has to be the sole DNS server, or clients will by-pass Pi-hole via your secondary.
You already stated that you have taken care of that by providing 0.0.0.0 for all of your router's secondary/alternative DNS server slots.
Your debug log also shows that you have full IPv6 connectivity.
Since that is the case, your router may be advertising its own IPv6 address as DNS server, and thus any device may by-pass Pi-hole via IPv6.
We could try to verify this, e.g. by running the following command from a Windows client:
ipconfig /all
Please share the output, preferably as text.
We'd only be interested in the entries of the DNS server section.
Thanks for clarifying how rate-limiting would impact. I notice that the bulk of query types (about 80%) are PTRs. Could this be causing the rate limiting?
I've read that even a network with a number of "chatty" clients on it (IoT etc), there's rarely a reason that a client would need to exceed the 1k queries-per-second limit, so I'd like to understand what's causing this than simply turning of rate-limiting.
I'm running MacOS, so I'm hoping the below provides the requested info re. DNS servers (command used was networksetup -getdnsservers Wi-Fi