PiHole *apparently* works but it is not blocking ads

Expected Behaviour:

To block ads.

Actual Behaviour:

Ads are still popping up

Debug Token:

https://tricorder.pi-hole.net/8s1vykfed5

Notes:

I am fairly new to linux, and have decided to join in on PiHole. Installing the PiHole was a breeze but getting it to work is another.I am using a router provided from my ISP being the 5168N-110. I have tried going into my router's config and setting the primary dns server to the provided ip by the installer and also tried using DHCP by disabling it on my router and enabling it on the pihole. Thanks in advance.

Your Pi-Hole log shows that domains are being blocked:

   [2020-01-23 16:18:00.602 3846] Imported 4301 queries from the long-term database
   [2020-01-23 16:18:00.602 3846]  -> Total DNS queries: 4301
   [2020-01-23 16:18:00.603 3846]  -> Cached DNS queries: 618
   [2020-01-23 16:18:00.603 3846]  -> Forwarded DNS queries: 2867
   [2020-01-23 16:18:00.603 3846]  -> Exactly blocked DNS queries: 816
   [2020-01-23 16:18:00.603 3846]  -> Unknown DNS queries: 0
   [2020-01-23 16:18:00.603 3846]  -> Unique domains: 571
   [2020-01-23 16:18:00.603 3846]  -> Unique clients: 15
   [2020-01-23 16:18:00.603 3846]  -> Known forward destinations: 3

Where specifically are you seeing ads?

I've tested forbes, business insider, ads-blocker, and blackads.fivefilters. Essentially sites that were suggested to test if pihole was working. Forgot to mention I've also tried using two phones; LG V30 and on an iPhone 7 and on both ads still occur in their default browsers without using an adblocker.

What DNS servers are configured in your router in the DHCP settings?

What DNS servers are shown in use in the iPhone- settings > WiFi > click active network > configure DNS

In my iPhone the dns server is automatically set to 192.168.100.139. As for my router,

image804×329 7.71 KB

And for my DHCP settings I believe I'm limited to this.

image837×844 35.8 KB

What are the tools in the link provided above showing you? Use these tools on the Forbes site. I see no ads there on an iPad.

When going into the forbes site I get this using the extension

image1920×1080 387 KB

Here's one using the live query.

image1920×1080 558 KB

Notice that many of the requested domains are not seen by Pi-Hole? The DNS queries are going elsewhere. What browser is that being used?

Use the web inspector to find the URL of the banner ad, and see if that domain was seen by Pi-Hole.

For comparison, on IOS using Safari browser with no adblocker, and Pi-Hole for DNS; the following activity was seen in the query log when forbes.com was opened. The output may look different because this was run on the v5.0 beta which has some log changes but the same functionality. Blocked comains are shown with ::

16:48:09 dnsmasq[9072]: query[A] www.techradar.com from 192.168.0.134
16:48:09 dnsmasq[9072]: forwarded www.techradar.com to 127.0.0.1
16:48:09 dnsmasq[9072]: reply www.techradar.com is <CNAME>
16:48:09 dnsmasq[9072]: reply fte.web.future.net.uk is 185.113.25.56
16:48:09 dnsmasq[9072]: reply fte.web.future.net.uk is 185.113.25.55
16:48:10 dnsmasq[9072]: query[A] vanilla.futurecdn.net from 192.168.0.134
16:48:10 dnsmasq[9072]: forwarded vanilla.futurecdn.net to 127.0.0.1
16:48:10 dnsmasq[9072]: query[A] consent.cmp.oath.com from 192.168.0.134
16:48:10 dnsmasq[9072]: cached consent.cmp.oath.com is ::
16:48:10 dnsmasq[9072]: query[A] www.google-analytics.com from 192.168.0.134
16:48:10 dnsmasq[9072]: cached www.google-analytics.com is ::
16:48:10 dnsmasq[9072]: query[A] cdn.onesignal.com from 192.168.0.134
16:48:10 dnsmasq[9072]: cached cdn.onesignal.com is ::
16:48:10 dnsmasq[9072]: query[A] cdn.mos.cms.futurecdn.net from 192.168.0.134
16:48:10 dnsmasq[9072]: forwarded cdn.mos.cms.futurecdn.net to 127.0.0.1
16:48:10 dnsmasq[9072]: query[A] sb.scorecardresearch.com from 192.168.0.134
16:48:10 dnsmasq[9072]: cached sb.scorecardresearch.com is ::
16:48:10 dnsmasq[9072]: query[A] cdn.parsely.com from 192.168.0.134
16:48:10 dnsmasq[9072]: cached cdn.parsely.com is ::
16:48:10 dnsmasq[9072]: reply cdn.mos.cms.futurecdn.net is <CNAME>
16:48:10 dnsmasq[9072]: reply sslpxc.futurecdn.net.c.footprint.net is 67.24.123.252
16:48:10 dnsmasq[9072]: reply sslpxc.futurecdn.net.c.footprint.net is 67.27.83.252
16:48:10 dnsmasq[9072]: reply sslpxc.futurecdn.net.c.footprint.net is 8.252.100.252
16:48:10 dnsmasq[9072]: reply vanilla.futurecdn.net is <CNAME>
16:48:10 dnsmasq[9072]: reply sslpxc.futurecdn.net.c.footprint.net is 8.254.255.219
16:48:10 dnsmasq[9072]: reply sslpxc.futurecdn.net.c.footprint.net is 8.240.149.252
16:48:10 dnsmasq[9072]: reply sslpxc.futurecdn.net.c.footprint.net is 8.252.100.252
16:48:11 dnsmasq[9072]: query[A] ib.adnxs.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached ib.adnxs.com is ::
16:48:11 dnsmasq[9072]: query[A] us-u.openx.net from 192.168.0.134
16:48:11 dnsmasq[9072]: cached us-u.openx.net is ::
16:48:11 dnsmasq[9072]: query[A] sync.go.sonobi.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached sync.go.sonobi.com is ::
16:48:11 dnsmasq[9072]: query[A] purch-sync.go.sonobi.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached purch-sync.go.sonobi.com is ::
16:48:11 dnsmasq[9072]: query[A] ap.lijit.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached ap.lijit.com is ::
16:48:11 dnsmasq[9072]: query[A] eb2.3lift.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached eb2.3lift.com is ::
16:48:11 dnsmasq[9072]: query[A] purch-match.dotomi.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached purch-match.dotomi.com is ::
16:48:11 dnsmasq[9072]: query[A] ads.pubmatic.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached ads.pubmatic.com is ::
16:48:11 dnsmasq[9072]: query[A] bh.contextweb.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached bh.contextweb.com is ::
16:48:11 dnsmasq[9072]: query[A] px.powerlinks.com from 192.168.0.134
16:48:11 dnsmasq[9072]: forwarded px.powerlinks.com to 127.0.0.1
16:48:11 dnsmasq[9072]: query[A] cs.emxdgt.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached cs.emxdgt.com is ::
16:48:11 dnsmasq[9072]: query[A] sync.1rx.io from 192.168.0.134
16:48:11 dnsmasq[9072]: cached sync.1rx.io is ::
16:48:11 dnsmasq[9072]: query[A] ssc-cms.33across.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached ssc-cms.33across.com is ::
16:48:11 dnsmasq[9072]: reply px.powerlinks.com is <CNAME>
16:48:11 dnsmasq[9072]: reply pl-px.trafficmanager.net is 52.168.140.71
16:48:11 dnsmasq[9072]: query[A] ad.doubleclick.net from 192.168.0.134
16:48:11 dnsmasq[9072]: cached ad.doubleclick.net is ::
16:48:11 dnsmasq[9072]: query[A] orionis.techradar.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached orionis.techradar.com is ::
16:48:11 dnsmasq[9072]: query[A] pixel.servebom.com from 192.168.0.134
16:48:11 dnsmasq[9072]: cached pixel.servebom.com is ::
16:48:12 dnsmasq[9072]: query[A] bttrack.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached bttrack.com is ::
16:48:12 dnsmasq[9072]: query[A] qds0l.publishers.tremorhub.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached qds0l.publishers.tremorhub.com is ::
16:48:12 dnsmasq[9072]: query[A] ssum-sec.casalemedia.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached ssum-sec.casalemedia.com is ::
16:48:12 dnsmasq[9072]: query[A] sync.bfmio.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached sync.bfmio.com is ::
16:48:12 dnsmasq[9072]: query[A] sync.adkernel.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached sync.adkernel.com is ::
16:48:12 dnsmasq[9072]: query[A] secure-assets.rubiconproject.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached secure-assets.rubiconproject.com is ::
16:48:12 dnsmasq[9072]: query[A] cookie-matching.mediarithmics.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached cookie-matching.mediarithmics.com is ::
16:48:12 dnsmasq[9072]: query[A] pixel.advertising.com from 192.168.0.134
16:48:12 dnsmasq[9072]: cached pixel.advertising.com is ::
16:48:12 dnsmasq[9072]: query[A] targetemsecure.blob.core.windows.net from 192.168.0.134
16:48:12 dnsmasq[9072]: forwarded targetemsecure.blob.core.windows.net to 127.0.0.1
16:48:12 dnsmasq[9072]: reply targetemsecure.blob.core.windows.net is <CNAME>
16:48:12 dnsmasq[9072]: reply blob.ams20prdstr09a.store.core.windows.net is 52.239.242.148
16:48:13 dnsmasq[9072]: query[A] www.summerhamster.com from 192.168.0.134
16:48:13 dnsmasq[9072]: cached www.summerhamster.com is ::
16:48:13 dnsmasq[9072]: query[A] cdn.polyfill.io from 192.168.0.134
16:48:13 dnsmasq[9072]: forwarded cdn.polyfill.io to 127.0.0.1
16:48:14 dnsmasq[9072]: reply cdn.polyfill.io is <CNAME>
16:48:14 dnsmasq[9072]: reply dualstack.f3.shared.global.fastly.net is 151.101.186.109
16:48:14 dnsmasq[9072]: query[A] siteeuwest.slgnt.eu from 192.168.0.134
16:48:14 dnsmasq[9072]: forwarded siteeuwest.slgnt.eu to 127.0.0.1
16:48:14 dnsmasq[9072]: reply siteeuwest.slgnt.eu is 216.239.34.21
16:48:14 dnsmasq[9072]: reply siteeuwest.slgnt.eu is 216.239.36.21
16:48:14 dnsmasq[9072]: reply siteeuwest.slgnt.eu is 216.239.38.21
16:48:14 dnsmasq[9072]: reply siteeuwest.slgnt.eu is 216.239.32.21

From MacOS Chrome with no adblocker active, using a Pi-Hole V4.x as DNS server, here is the pihole log:

Jan 23 19:17:00 dnsmasq[19919]: query[A] forbes.com from 192.168.0.135
Jan 23 19:17:00 dnsmasq[19919]: forwarded forbes.com to 127.0.0.1
Jan 23 19:17:00 dnsmasq[19919]: reply forbes.com is 151.101.194.49
Jan 23 19:17:00 dnsmasq[19919]: reply forbes.com is 151.101.130.49
Jan 23 19:17:00 dnsmasq[19919]: reply forbes.com is 151.101.2.49
Jan 23 19:17:00 dnsmasq[19919]: reply forbes.com is 151.101.66.49
Jan 23 19:17:00 dnsmasq[19919]: query[A] www.forbes.com from 192.168.0.135
Jan 23 19:17:00 dnsmasq[19919]: forwarded www.forbes.com to 127.0.0.1
Jan 23 19:17:00 dnsmasq[19919]: reply www.forbes.com is <CNAME>
Jan 23 19:17:00 dnsmasq[19919]: reply g2.shared.global.fastly.net is 151.101.186.49
Jan 23 19:17:01 dnsmasq[19919]: query[A] i.forbesimg.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: forwarded i.forbesimg.com to 127.0.0.1
Jan 23 19:17:01 dnsmasq[19919]: query[A] thumbor.forbes.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: forwarded thumbor.forbes.com to 127.0.0.1
Jan 23 19:17:01 dnsmasq[19919]: query[A] cdn.speedcurve.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list cdn.speedcurve.com is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: query[A] native.sharethrough.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list native.sharethrough.com is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: query[A] contextual.media.net from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list contextual.media.net is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: reply thumbor.forbes.com is <CNAME>
Jan 23 19:17:01 dnsmasq[19919]: reply g2.shared.global.fastly.net is 151.101.186.49
Jan 23 19:17:01 dnsmasq[19919]: reply i.forbesimg.com is <CNAME>
Jan 23 19:17:01 dnsmasq[19919]: reply n2.shared.global.fastly.net is 151.101.186.49
Jan 23 19:17:01 dnsmasq[19919]: query[A] www.googletagmanager.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list www.googletagmanager.com is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: query[A] fuse.forbes.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: forwarded fuse.forbes.com to 127.0.0.1
Jan 23 19:17:01 dnsmasq[19919]: reply fuse.forbes.com is <CNAME>
Jan 23 19:17:01 dnsmasq[19919]: reply d.sni.global.fastly.net is 151.101.186.133
Jan 23 19:17:01 dnsmasq[19919]: query[A] static.criteo.net from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list static.criteo.net is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: query[A] c.amazon-adsystem.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list c.amazon-adsystem.com is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: query[A] z.moatads.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list z.moatads.com is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: query[A] cdn.adsafeprotected.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list cdn.adsafeprotected.com is 0.0.0.0
Jan 23 19:17:01 dnsmasq[19919]: query[A] www.googletagservices.com from 192.168.0.135
Jan 23 19:17:01 dnsmasq[19919]: /etc/pihole/gravity.list www.googletagservices.com is 0.0.0.0

The Chrome web inspector shows the following items which failed to load (they were blocked):

image2186×712 316 KB

Sorry for the late reply, I am using chrome. Also how does one grab the URL of said banner?

Edit: Never mind I got it.

The domain was not spotted. It's from googleadservices, by googlesyndication. Does that mean I should add it in the block list?

Just noticed something, just saw an ad's domain that should've been blacklisted but was not. Before asking for helping I had blacklisted ads from googlesyndication but just recieved one. Could there be a conflict?

image1920×1080 505 KB

And for my blocklist I just added dbl.oisd.nl and that's about it.

Is the cellular network on with the client?

If Pi-Hole never saw the request for the domain, then Pi-Hole has no opportunity to block the domain. Whether the domain is on your blocklist or not will have no bearing if the DNS request does not go to Pi-Hole.

All the indications are that the client has another DNS available, whether through a browser setting, a cellular connection, running the 1.1.1.1 DNS program, a VPN running, IPv6 DNS from the router providing a bypass, etc.

All the indications also show that your Pi-Hole is working normally and filtering those DNS requests that it receives.

Understood, thank you very much!

When you're on Android, using Chrome, many ads slip through.
On Firefox you'll notice these ads are filtered by PiHole.
Chrome uses it's own way to avoid ad blocking.
Use adb to tame Chrome like this:
adb uninstall --user 0 com.android.partnerbrowsercustomizations.chromeHomepage
It'll behave like expected afterwards.

O and btw
As I already mentioned in another post: vanced.app has a youtube app without ads.

Also if the sites you visit host advertising directly on the site, ie from the same domain as the site content, Pi-hole cannot block such ads without also blocking the content you are using. That is not a common occurrence though, since that would put the burden of hosting the content on the originating site. Most just hand off a url to forward your connection to an advertising host, and those Pi-hole can stop just fine.

I'm regularly amused by the annoying banner that google slaps across youtube videos. Since my pi-hole installation that banner now appears as a transparent bounding box with an active close button, I presume that frame is actually coming from google, but Pi-hole is swallowing the advertising URL that is intended to fill it. Not perfect, but much less annoying than the eye catching text and graphics that used to obscure the video.

Harry

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.