Pihole blocking on devices that are not on the groups designated to be blocked

LiquidOracle · June 30, 2025, 8:52pm

Expected Behavior: I put my kids devices (via mac address) on a group called kids, and all the blocklists are set to block on kids, it's blocking on ALL devices and yes I've verified that the blocklists are assigned to only that group

Replace this text with what you think should be happening. Please include as much detail relevant to your system/install as possible including, but not limited to:

iPad OS
iPads
Truenas SCALE App

Actual Behaviour:

Pihole is blocking on devices that are not part of the block group

Bucking_Horn · June 30, 2025, 8:52pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or if you run your Pi-hole as a Docker container:

docker exec -it <pihole-container-name-or-id> pihole -d

where you substitute <pihole-container-name-or-id> as required.

LiquidOracle · July 1, 2025, 2:15pm

https://tricorder.pi-hole.net/CSWECnVT/

Here you go thank you

rdwebdesign · July 1, 2025, 6:24pm

Apparently your groups are correctly configured and devices in "kids" group should be blocked, but not the devices in Default group.

Can you please post a screenshot showing the query log table rows where devices from Default group are blocked? Please remember to click on the rows to expand the details, like this:

LiquidOracle · July 2, 2025, 4:44pm

Sure, this is a block on my that was triggered for my phone

DanSchaper · July 2, 2025, 5:49pm

Are there other domains besides Apple ones being blocked?

Pi-hole will block tracking from Mozilla and Apple by default. I'm trying to find the link to documentation to explain how and why it is configured but I can't find any valid links to the proper configuration documentation anymore.

darkexplosiveqwx · July 2, 2025, 6:01pm

The description of the settings are giving an explanation of why Mozilla and Apple queries are blocked:

LiquidOracle · July 3, 2025, 2:06pm

Looking through it, it seems to be mostly just Apple at the moment

wd9895 · July 5, 2025, 6:32am

As you are blocking MAC addresses for the kids group, are you sure that the devices are not using variable MAC addresses?

In the meantime it's a default setting due to security reasons.

LiquidOracle · July 7, 2025, 11:08am

So update on this, I just tested going to pornhub.com on my kids ipad pihole just straight up allowed the traffic.

Here is my debug token just in case: https://tricorder.pi-hole.net/a0aNDe0P/

DanSchaper · July 7, 2025, 4:34pm

How have you assigned that client to the Kids group?

I see only the following:

*** [ DIAGNOSING ]: Clients
   id    group_ids     ip                                                                                                    date_added           date_modified        comment                                           
   ----  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1     1             10.0.0.19                                                                                             2025-06-27 15:11:28  2025-06-27 15:11:28  Nintendo Switch                                   
   2     1             34:A8:EB:68:F2:B7                                                                                     2025-06-27 15:24:35  2025-06-27 15:24:35   iPad                                        
   3     1             44:C6:5D:43:1A:94                                                                                     2025-06-27 15:25:41  2025-06-27 15:25:52   iPad                                       
   5     1             DC:08:0F:B1:02:33                                                                                     2025-06-27 15:36:17  2025-06-27 15:36:17   iPad

Are those mac addresses stable or do your Apple devices have mac address randomization enabled so that the mac addresses change when they connect?

Wi-Fi privacy with Apple devices - Apple Support

LiquidOracle · July 7, 2025, 5:52pm

yes those mac addresses are stable as I have disabled that private wifi address on the ipads

DanSchaper · July 7, 2025, 6:00pm

Then please open a new topic since this one is about unintended blocking.