Pihole does not Block Queries, 0% Blocked displayed. But I dont see many Ads either

Hectorino · March 15, 2022, 12:54pm

Noob disclaimer: I am new to this, if there is any important information missing (screenshots, etc.) please let me know so I can provide it asap. (instructions on how it can be provided or feedback for the next time are appreciated)

Expected Behaviour:

I Installed pihole on my Raspberry Pi 4 and tried to configure it as an DNS. However my Vodafone Router prevents me from configuring it as an DNS. So i assinged it a static IP and configured all devices to use this static IP as their DNS. I Chose Google as the outbound DNS. This worked fine for about a week. I added several Add lists and Regex. I am a noob so I followed several tutorials for this. had about 25% of traffic blocked.

Actual Behaviour:

When I came back 2 weeks later, I noticed that there are next to 0 queries blocked and the percentage was firmly sitting at 0% for several days now with no difference in usage. However I dont see many more Ads. I tested it with some webpages that are for testing your pihole, no Ads. I still see an odd Ad on a newspage here or there, but "cnn.com" is completly ad free for me.

I thought maybe the router broke something on its own, so I tried to use pihole as my DHCP unsing this tutorial: How do I use Pi-hole's built in DHCP server (and why would I want to)? (also to safe myself the hassle of configuring all devices).

I also disabled the DHCP Sever in the vodafone cable router. (or at least I think I did, not many config options with that piece of junk)

I now have a lot more clients, that run past the Pihole, but the block percantage remains at 0%

Unfortunatly I am a little out of my depth here (linux and pihole wise) and i am not sure if what i am trying is helping or makeing it worse. (I tried a lot of the similar posts solutions, but none really seem to apply, I also did a lot of updating and rebooting, problems remain)

Two odd points i discovered when uploading the log where that i always need to change the Adress in the /etc/resolve.config

and that it says the the OS is not on the supported list. (I followed a tutrial that recommended the raspberry lite OS)

Some other parts of the debug log I simply dont understand, but red is bad I guess. To gather some stuff to log I clicked a bit around reddit and some news pages so there should have been stuff to block.

Debug Token:

https://tricorder.pi-hole.net/7CJozhAg/

yubiuser · March 15, 2022, 2:10pm

Please post the output from this command running on your Pi-hole host device

echo ">stats >quit" | nc 127.0.0.1 4711

Hectorino · March 15, 2022, 2:19pm

grafik

yubiuser · March 15, 2022, 4:49pm

Please run from a client

nslookup flurry.com

Hectorino · March 15, 2022, 5:32pm

grafik

(In case this is wrong, can you specify "from a client")

Hectorino · March 15, 2022, 5:45pm

this is from my Tower PC (win 10)

grafik

yubiuser · March 15, 2022, 6:40pm

The call from the tower PC is a client like I meant it

It shows, that this client uses an IPv6 address as DNS server which is not Pi-hole and not reachable at all.

In general, I see all your clients got GUA addresses (2a02) which are not stable over time and can change e.g. if your ISP delegates a new prefix to your router. If you need IPv6 for your LAN you should use ULA addresses.

If you don't need IPv6, try disabling it and see if blocking works again as expected.

Hectorino · March 15, 2022, 6:56pm

I tried to disable that in the adapter settings of the client. no change, how would i disable it on the pi? and why would I need IPv6?

Hectorino · March 15, 2022, 6:58pm

grafik

yubiuser · March 15, 2022, 6:59pm

To exaggerate: If you don't know why you need it, you probably don't need it. If you have some time read about the reason for the invention of IPv6.
__

You need to disable it at a router level and dis/reconnect all clients from the network.

Hectorino · March 15, 2022, 7:10pm

the router does not allow for any such actions. What else can I do?

Hectorino · March 15, 2022, 7:30pm

grafik
I tried to configure the IPv6 DNS of the client to be the current IPv6 of the PiHole. Above was the result of your test.
But no result in blocking behavior.

yubiuser · March 15, 2022, 7:34pm

Please have a look in /var/log/pihole.log for flurry.com and post the lines around it. It will be interesting to see what Pi-hole did to this known ad-domain.

yubiuser · March 15, 2022, 7:37pm

It's this regex

||doubleclick.net^$xhr,redirect-rule=noop.txt,domain=thingiverse.com

delete it and blocking will be restored.

Hectorino · March 15, 2022, 7:49pm

> Mar 15 20:26:22 dnsmasq[634]: reply settings-prod-weu-2.westeurope.cloudapp.azure.com is 20.73.194.208
> Mar 15 20:26:22 dnsmasq[634]: reply settings-win.data.microsoft.com is <CNAME>
> Mar 15 20:26:22 dnsmasq[634]: reply atm-settingsfe-prod-geo.trafficmanager.net is <CNAME>
> Mar 15 20:26:22 dnsmasq[634]: reply settings-prod-weu-2.westeurope.cloudapp.azure.com is NODATA-IPv6
> Mar 15 20:26:25 dnsmasq[634]: query[PTR] 5.2.b.6.f.a.9.5.1.3.d.f.b.3.e.8.0.c.7.4.0.4.6.8.9.0.1.8.2.0.a.2.ip6.arpa from >Mar 15 20:26:25 dnsmasq[634]: config 5.2.b.6.f.a.9.5.1.3.d.f.b.3.e.8.0.c.7.4.0.4.6.8.9.0.1.8.2.0.a.2.ip6.arpa is <PTR>
> Mar 15 20:26:25 dnsmasq[634]: query[A] flurry.com.lan from 2a02:8109:8640:47c0:dd2c:754c:5053:8f99
> Mar 15 20:26:25 dnsmasq[634]: config flurry.com.lan is NXDOMAIN
> Mar 15 20:26:25 dnsmasq[634]: query[AAAA] flurry.com.lan from 2a02:8109:8640:47c0:dd2c:754c:5053:8f99
> Mar 15 20:26:25 dnsmasq[634]: config flurry.com.lan is NXDOMAIN
> Mar 15 20:26:25 dnsmasq[634]: query[A] flurry.com from 2a02:8109:8640:47c0:dd2c:754c:5053:8f99
> Mar 15 20:26:25 dnsmasq[634]: forwarded flurry.com to 8.8.8.8
> Mar 15 20:26:25 dnsmasq[634]: reply flurry.com is 74.6.136.150
> Mar 15 20:26:25 dnsmasq[634]: reply flurry.com is 98.136.103.23
> Mar 15 20:26:25 dnsmasq[634]: reply flurry.com is 212.82.100.150
> Mar 15 20:26:25 dnsmasq[634]: query[AAAA] flurry.com from 2a02:8109:8640:47c0:dd2c:754c:5053:8f99
> Mar 15 20:26:25 dnsmasq[634]: forwarded flurry.com to 8.8.8.8
> Mar 15 20:26:25 dnsmasq[634]: reply flurry.com is NODATA-IPv6
> Mar 15 20:26:29 dnsmasq-dhcp[634]: DHCPSOLICIT(eth0) 00:02:00:00:ab:11:af:95:c1:13:8f:56:97:2d
> Mar 15 20:26:29 dnsmasq-dhcp[634]: DHCPREPLY(eth0) 2a02:8109:8640:47c0::131 00:02:00:00:ab:11:af:95:c1:13:8f:56:97:2d s>Mar 15 20:26:41 dnsmasq[634]: query[A] www.google.com from 2a02:8109:8640:47c0:8cdf:622d:705d:d9e3
> Mar 15 20:26:41 dnsmasq[634]: cached www.google.com is 172.217.16.132
> Mar 15 20:26:41 dnsmasq[634]: query[A] www.google.com from 2a02:8109:8640:47c0:8cdf:622d:705d:d9e3
> Mar 15 20:26:41 dnsmasq[634]: cached www.google.com is 172.217.16.132
> Mar 15 20:26:41 dnsmasq[634]: query[A] www.google.com from 192.168.0.230

Is there a linux way to search for that? like, give me all things around something flurry.com?
No clue if that is the part you wanted, its the only stuff I found by scrolling through that list

yubiuser · March 15, 2022, 7:56pm

There is no need anymore for this. The solution should be

Hectorino · March 15, 2022, 8:06pm

It started blocking again

How did I break things? So I dont do it again in the future.

So i can revert the IPv6 Changes to the client?

yubiuser · March 15, 2022, 8:18pm

You added an invalid regex that basically whitelisted everything. You can check regex with online tools like https://regex101.com.

Yes you can. But my advice about GUA and ULA is still valid.

system · April 8, 2022, 6:13pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.