Pihole is working, responding, tracking etc but is not actually blocking anything.
Setup Notes:
Pihole in docker on a Synology, connected to the host network. Kept up to date via portainer (currently 2024.03.2 v5.25.1)
All network devices receive their dns settings via dhcp (not managed by pihole), they get the pihole IP first and the gateway/dhcp server second
I use the Pihole's local dns for some internal names
Only a single adlist installed and enabled (stevenBlack)
Dashboard Stats:
pihole dashboard shows queries going throuhg (reset the contain a few mintues ago, already up to 4600 queries, and 49 clients... previously has shown 100k+ queries and 150 clients)
Domains on Adlists box shows 125k
Queries Blocked usually shows '0' (right now it shows 36 but they are all 'database blocked' and occured during restart of the container)
Testing Steps:
From the terminal on a local Mac:
nslookup pi.hole -> succeeds, reports the responding dns server is 10.0.4.110 and the address is 10.0.4.110
nslookup kibana.valhalla -> succeeds, reports the responding dns server is 10.0.4.110 and that it is a cname for a core.valhalla
nslookup core.valhalla -> succeeds, dns 10.0.4.110, actual address of core is correct
nslookup flurry.com -> succeeds, dns 10.0.4.110, 'non-authoritative ansers' gives two public IPs. This was expected to be blocked.
Interesting... that must have been set by the installer years ago. The two active network connections on that devices are eth4 and bond1 which didn't exist when pihoel was first installed.
I had the UI set to "Settings -> DNS -> Interface settings -> Recommended settings" and even to the 'dangerous' "Permit all origins"
Since it was replying with the custom local names and showing that it was caching things, I'm not sure what that config line actually means. I have set it to eth4 and the diagnostics now have this section:
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth4 interface:
10.0.4.110/23
[✓] IPv6 address(es) bound to the eth4 interface:
fd29:68e8:9c4e:654b:9209:d0ff:fe3b:ce55/64
fe80::9209:d0ff:fe3b:ce55/64
[i] Default IPv4 gateway(s):
10.0.4.1
* Pinging first gateway 10.0.4.1...
[✓] Gateway responded.
[i] Default IPv6 gateway(s):
I'm testing from a mac that is in that 10.0.4. range and still nothing is being blocked. I've flushed, restarted dns, restarted system from the settings UI. THe 'network' tab shows my clients with green 'uses...' marks.
But trying from both the original computer and a second computer, nslookup flurry.com still succeeds with real public IPs.
Tailing the pihole log I just saw this during a test:
Apr 12 11:57:57: query[A] flurry.com from 10.0.4.112
Apr 12 11:57:57: forwarded flurry.com to 10.0.4.1
Apr 12 11:57:57: reply flurry.com is 76.223.84.192
Apr 12 11:57:57: reply flurry.com is 13.248.158.7