Pihole dashboard not logging all DNS queries after network transfer

ignition · August 2, 2019, 2:45pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

That any and all DNS queries from clients linked to my router run through the pi hole and enter the log in real time (upon refresh), with the ability to white and blacklist them as required.

Actual Behaviour:

Only some queries are being logged, mostly seemingly the localhost (pi?) itself and the regular automatic 'phone home' requests from Alexa, Sky+, outlook etc.

Debug Token:

https://tricorder.pi-hole.net/0t2yi897wm

I recently changed networks to a new internet provider - Hyperoptic - that provide a ZTE ZXHN H298A router. I have moved my pihole to this network and reallocated it a static IP - (was 192.168.0.57, now 192.168.1.57).

The router runs dual band, 2.4ghz and 5ghz. The pihole is connected via ethernet. The router handles the DCHP and the DNS is pointing to the IP of the pihole.

On my previous network with Sky, I had to set the pihole to handle DCHP as well as DNS since I was not able to change the DNS on the Sky router. The outcome of this use of the pihole had worked exactly as expected - that is: all queries from all clients went via the pihole and entered the log, whether blocked or allowed, in real time.

I never set up dns redirection from any of the clients while using the previous network - they all just went via the router and therefore the pihole.

I had some initial difficulties when transferring the pihole to the new network. I followed a guide that said to sudo pihole -r and reconfigure the pihole to set the new IP. I received a number of errors when I did this at first that prevented me from proceeding.

Eventually I tried changing the nameserver in /etc/resolv.conf from 127.0.0.1 to 1.1.1.1 and then ran pihole -r again, which seemed to work and allowed me to finish the process, but I'm not sure if I've messed something up in my fiddling in between.

The blocklists etc have all been carried over, but in terms of volume of queries blocked its averaging about 75% less than what it blocked on the old network.

In my (admittedly layman) view, it seems like the router might be resolving queries by some other means that somehow bypasses the pihole. I am also of the understanding that whether or not the pihole handles DCHP should have no bearing on what enters the logs, other than perhaps more detailed identification of client names?

Is this correct? What can I do to fix this? I likely messed something up in the transfer process. Short of wiping the pi and starting again I have no idea what to do now.

jfb · August 2, 2019, 2:52pm

Your debug log shows that Pi-Hole is working normally and processing received requests. It is highly likely that your new router is routing some of the DNS traffic to somewhere other than Pi-Hole.

Wiping the Pi will not resolve the problem with your router. That was the thing that was recently changed, and the behavior you are seeing is in the router.

You could try a few things -

Have Pi-Hole provide DHCP service to your clients, and disable this on the router.
Check through ALL of the router settings to ensure there is no other DNS path (IPv6, family friendly DNS, etc.).
From a connected client, run nslookup pi.hole The DNS reply should be from Pi-Hole and the answer should be the IP address of the Pi-Hole. If you get something else, that client has an alternate DNS.
To narrow down, you could manually assign a client to use Pi-Hole DNS (which would override any DHCP information) and see if this allows the client to connect to Pi-Hole.

DanSchaper · August 2, 2019, 2:53pm

Take a look at http://pi.hole/admin/network.php on the Pi as well to see if the Pi-hole can even see the clients on the network segment.

ignition · August 2, 2019, 4:08pm

I actually think I tried this before as well, but will try again next. Will report back asap, though as a longer term solution I think I'd prefer it not to handle the DHPC if possible.

The router settings appear to be somewhat sparse and I think I've directed the only available IPv4 DNS options to the pihole.

The LAN client address is showing as the IP of the pihole.

Here are a selection of screen grabs from the menu options. If anything jumps out here that you'd benefit from seeing more of let me know

The reply was the pihole IP. This was tried with both automatic DNS settings on the client and also by manually changing the DNS to that of the pihole on the client.

Done that on this device. Tried 4 websites (bbc, cnn, fox news, pornhub) as a selection of websites that should either a) show up on the log as their own primary domain and b) should also come with ad domains (blocked or not) - only the single main domain for pornhub appeared on the log. No ads, and none of the other sites at all.

Even if this worked, this isn't an option that I would like as I want any client connected to the network to automatically benefit from the pihole (friends and fam etc).

Yes the clients all appear to be their under their respective IP names

system · August 23, 2019, 4:08pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.