Please create and automatically upload a debug log to Pi-hole's secure server, by running the command below, and then post the debug token URL here. The debug log will let Pi-hole staff see how your groups and clients are set up. Can you also indicate which client they will be looking for, eg its name and the name of the group it's in.
The IP is 192.168.168.100, CSM iPhone 12. Let me know if you also need the MAC. I must be missing something simple here. I thought it was working previously, but recently seems to be blocking, even with the unblocked group.
Your router is distributing its own IP address as DNS server:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
* Received 326 bytes from eth0:192.168.168.1
Offered IP address: 192.168.168.111
DHCP options:
Message type: DHCPOFFER (2)
dns-server: 192.168.168.1
router: 192.168.168.1
That would suggest that you've configured your router to use Pi-hole as upstream DNS resolver: Your clients talk to your router for DNS, and your router is then asking Pi-hole (for all domains but the known local hostnames of its DHCP clients).
That is a valid configuration, but note that your Pi-hole is now seeing all your network's DNS requests as originating from your router.
In effect, client-based filtering does not work in such a configuration.
If your router supports it, consider instead to configure your router to distribute Pi-hole as your local DNS resolver via DHCP, see also Making your network take advantage of Pi-hole.
Thanks. That is helpful and I’ll check into the router capabilities further. It is Linksys Atlas.
One thing I don’t understand though is that my phone is setup to Manual DNS config and pointing to Pi-hole, so it should see that directly an not through the router. I thought this would allow for the client filtering. Any thoughts on why that wasn’t working?
Likely unrelated to your issue:
Some of your custom domain entries contain a protocol/scheme, similar to: (\.|^)https://adclick\.g\.doubleclick\.net/$
Those won't be effective, as the protocol is never part of a domain.
In the above expression, you should consider removing that https:// part or alternatively, dropping the expression completely.
That is correct.
Do your phone's DNS requests register in Pi-hole's Query Log?
And could you provide an example from your Query Log showing a domain being blocked that you expect to resolve?