Pihole doesn't always block ads

Demitri_1 · January 20, 2019, 12:35pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

Block ads at all times

Actual Behaviour:

Ad blocking is intermittent

Debug Token:

9doqoc2b0c

I've set the IP of my Pihole as the primary and secondary DNS servers.

jc82517 · January 20, 2019, 2:59pm

Expected Behaviour:

Block ads at all times

Actual Behaviour:

Ad blocking is intermittent

Debug Token:

qvz6avhdcd

I’ve set the IP of my Pihole as the primary and secondary DNS servers.

Using Speedport Modem (192.168.2.x) for Accessing the Web and Netgear Orbi 192.168.1.x) as Router.

Using Pi-Hole on my Mac mini with Docker.

jfb · January 20, 2019, 3:20pm

Your debug log shows that Pi-Hole is correctly responding to DNS requests.

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] bitmiles.miningpoolhub.com is 0.0.0.0 via localhost (127.0.0.1)
[✓] bitmiles.miningpoolhub.com is 0.0.0.0 via Pi-hole (10.0.0.4)
[✓] doubleclick.com is 172.217.160.14 via a remote, public DNS server (8.8.8.8)

The log also shows that two clients have been using the Pi-Hole in the previous 24 hours. If there are more clients, then there is likely a configuration problem with the docker configuration, router or clients, and the DNS requests for those clients are not going to Pi-Hole.

   [2019-01-20 08:12:35.884] Imported 6641 queries from the long-term database
   [2019-01-20 08:12:35.884]  -> Total DNS queries: 6641
   [2019-01-20 08:12:35.884]  -> Cached DNS queries: 2605
   [2019-01-20 08:12:35.884]  -> Forwarded DNS queries: 3535
   [2019-01-20 08:12:35.884]  -> Exactly blocked DNS queries: 501
   [2019-01-20 08:12:35.884]  -> Unknown DNS queries: 0
   [2019-01-20 08:12:35.884]  -> Unique domains: 635
   [2019-01-20 08:12:35.884]  -> Unique clients: 2
   [2019-01-20 08:12:35.884]  -> Known forward destinations: 4

Queries are shown coming from IP 42.61.241.18 in the bit of the /var/log/pihole.log included in your debug log

Jan 20 00:00:35 dnsmasq[103283]: query[A] lh3.googleusercontent.com from 42.61.241.18
Jan 20 00:02:37 dnsmasq[103283]: query[A] clients3.google.com from 42.61.241.18

jc82517 · January 20, 2019, 3:34pm

Ok. Thx. But on every device I‘m using, icluding the Pi-Hole-Server itself, I‘m getting ads. Tested here: [Mod Edit: Link no longer available]. Also I added the DNS Server manually on my iPhone and iMac to get sure but no effects.

jfb · January 20, 2019, 3:38pm

This indicates that the DNS queries are not going to the Pi-Hole. Use these tools in the thread below and they will help you determine why you are seeing ads. The query log and /var/log/pihole.log will have all the DNS queries received by Pi-Hole, along with the response from Pi-Hole. If you open a web page while you tail the pihole.log, and see no traffic in the pihole.log, then the DNS requests are going to somewhere other than Pi-Hole.

Demitri_1 · January 20, 2019, 4:46pm

Thank you for your response. Setting the DNS on the devices manually didn't help either. I'm using an Asus Repeater RP-AC68U and Pihole is hosted on Ubuntu 18.04 LTS on Azure.

Do you have any idea what could possibly be wrong and how do I further troubleshoot?

Demitri_1 · January 21, 2019, 1:30am

Tried both.

jfb · January 21, 2019, 2:07am

I would put your network DNS on Cloudflare or Google DNS and put a single client on the Pi-Hole to start. Then use the tools in the referenced thread to see if the ads are coming through Pi-Hole.

What are you seeing on one of the test domains? URL and screen snaps if you can provide them.

Demitri_1 · January 24, 2019, 3:32pm

Okay I just got that chance to try that, and visited the Pi Hole test AD Page which very well showed some ADs and here's the audit result:

Jan 24 15:28:35 dnsmasq[106589]: query[A] pi-hole.net from 42.61.241.18
Jan 24 15:28:35 dnsmasq[106589]: forwarded pi-hole.net to 149.112.112.112
Jan 24 15:28:35 dnsmasq[106589]: reply pi-hole.net is 206.189.252.21
Jan 24 15:28:35 dnsmasq[106589]: query[A] pi-hole.net from 42.61.241.18
Jan 24 15:28:35 dnsmasq[106589]: cached pi-hole.net is 206.189.252.21

I've also cleared DNS and browser cache on the device used to perform these tests.

Debug token:

2ymazn34sq

Do you have any idea how can I fix this?

jfb · January 24, 2019, 5:15pm

This latest debug log again shows that the Pi-Hole is blocking domains that are on the gravity list and is properly responding to DNS requests:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] scomly.cf is 0.0.0.0 via localhost (127.0.0.1)
[✓] scomly.cf is 0.0.0.0 via Pi-hole (10.0.0.4)
[✓] doubleclick.com is 172.217.27.110 via a remote, public DNS server (8.8.8.8)

If you are seeing ads (and please provide some screen shots and URL's so we can attempt to duplicate what you are seeing), it is because either (1) the ad-serving domains are not blocked, or (2) the clients are finding a way around Pi-Hole.

Of further interest (and this was in your previous debug log as well), you are getting DNS requests from an IP address that is not on your LAN (it maps to Singapore is publicly accessible). Are you running Pi-Hole on a local device inside your network or on a VPS or other remote device?

Jan 24 00:00:11 dnsmasq[82184]: query[A] mobile.pipe.aria.microsoft.com from 42.61.241.18

Demitri_1 · January 26, 2019, 12:55pm

I'm running PiHole on a VM hosted on Azure, so yes it's outside the network.

Having tested by visiting https://pi-hole.net/pages-to-test-ad-blocking-performance/ which as you can see still shows some ads:

Now as I mentioned earlier, I've had my Asus repeater's DNS IP set to that of the PiHole which seems to responding correctly based on the results of the nslookup query:

So I still can't seem to get why ad blocking is effective intermittently.

jfb · January 26, 2019, 2:16pm

From your previous description, ads have never been completely blocked by this Pi-Hole. That indicates that your devices are bypassing Pi-Hole and getting the ad domains from another DNS source. This typically is caused by a router configuration problem.

Do you have IPv6 enabled on your router and clients? That is a common cause for Pi-Hole bypasses.

Demitri_1 · January 27, 2019, 5:09am

I haven't enabled IPv6. Would you like me to generate another debug token?

jfb · January 27, 2019, 5:24am

This is not necessary. Nothing changed in the previous two debug logs.

On a client seeing ads, run the following commands from it's command terminal - we are testing to see which DNS server is answering and the results.

nslookup pi.hole

nslookup cnn.com

nlsookup cnn.com 1.1.1.1

nslookup flurry.com

nslookup flurry.com 1.1.1.1

Demitri_1 · January 27, 2019, 9:18am

Sure thing, here are the results:

indent preformatted text by 4 spaces
	nslookup pi.hole
Server:		192.168.1.254
Address:	192.168.1.254#53

** server can't find pi.hole: NXDOMAIN

nslookup cnn.com
Server:		192.168.1.254
Address:	192.168.1.254#53

Non-authoritative answer:
Name:	cnn.com
Address: 151.101.65.67
Name:	cnn.com
Address: 151.101.193.67
Name:	cnn.com
Address: 151.101.129.67
Name:	cnn.com
Address: 151.101.1.67


nslookup cnn.com 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	cnn.com
Address: 151.101.1.67
Name:	cnn.com
Address: 151.101.129.67
Name:	cnn.com
Address: 151.101.193.67
Name:	cnn.com
Address: 151.101.65.67

nslookup flurry.com
Server:		192.168.1.254
Address:	192.168.1.254#53

Non-authoritative answer:
Name:	flurry.com
Address: 98.136.103.26
Name:	flurry.com
Address: 74.6.136.153
Name:	flurry.com
Address: 212.82.100.153

nslookup flurry.com 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	flurry.com
Address: 212.82.100.153
Name:	flurry.com
Address: 74.6.136.153
Name:	flurry.com
Address: 98.136.103.26

system · February 17, 2019, 9:18am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.