Still, activate Wireguard on that Realm phone.
In that situation it doesn't route the normal way but from your phone through the wireguard VPN tunnel to PiHole.
To fill up that spot and prevent the device from using Google as a second DNS. It's not clear that Google does this, but filling the spot is a step to try.
Take your time, switch back to zero, uninstall PiHole and PiVPN
pivpn -u and pihole uninstall
Reboot your raspberry
Read this page GitHub - pi-hole/pi-hole: A black hole for Internet advertisements
install pihole
point your routers DNS tothe ip address of your raspberry
do a pivpn -a -p to get rid of the admin dasboard password
See if it works. Watch ip.of.your.raspberrypi/admin
Then install pivpn with standard options
Do the portforwarding on your router or it won't work
When pivpn doesn't act as expected read this page FAQ · pivpn/pivpn Wiki · GitHub
PS
When something does not work as expected I always step back and reset, read information and restart.
In most cases everything works perfect in a second attempt.
Maybe because I have overseen something or whatever.
Searching what causes trouble in software setup takes mostly more time then restart from the beginning.
I agree. I will try this.
I'm just surprised that pihole works for all my other devices, except this one. Seems that there's something else going on.
I think if it was an issue with the installation, then I'd get that problem with my other devices as well.
The 2nd DNS was 8.8.8.8 by default.
I had to set the phone to use static IP so I can edit that field.
I changed it to 192.168.1.100 and it didn't help.
I changed it to 192.168.1.2 (pihole's IP), and it didn't help either.
I'm quite lost. The phone doesn't even come up on the logs. As if it has a stealth mode.
What would you suggest to debug this?
Could the phone have some hardcoded way to get ads?
If we ignore the facts that this is a client issue, what's more concerning is that the client doesn't appear on the pihole logs.
I've done endless checks on the DNS and IP address and made sure secondary DNS is set to 192.168.1.2 and IPv6 is disabled on the router.
I restarted the phone, router, pihole... nothing seems to get this phone on the logs.
I've searched for similar issues, but nothing came up. I'll go to some forums.
The pihole DHCP picks the phone and I even assigned a static IP to it.
But nothing on the logs when I open sites with ads.
I recall having read something about some manufacturer's smartphone models falling back to hardcoded DNS servers if they deem existing user provided DNS settings as invalid.
Your phone seems to exhibit such behaviour.
I suspect you'll find this confirmed if you take a look at the DNS servers reported by sites like www.dnsleaktest.com: They won't list any of your configured upstreams.
To mitigate this, you could try to block outgoing DNS (port 53) for that device on your router, or even better, redirect that to Pi-hole if your router allows.
Actually, it's a native app that I'm using on that dodgy android phone.
On my phone, even if I use chrome app, ads are being blocked.
On my PC I use chrome as well and they are being blocked.
I would switch to Firefox if they had all the chrome extension I'm using.
If BOTH for Protocol translates to TCP + UDP, that's fine.
Likely, Internal Port should be blank.
You'd have to figure by your router whether Internal IP Address or Source IP would be the correct choice.
You should also make sure you've researched how your router would apply those settings (e.g.to your whole network or just a single device).
ok, I finally found the issue.
Digging in the phone settings there's a specific setting called Private DNS.
By default it is set to Auto, supposedly encrypting the DNS. I had to set it to OFF in order for it to respect my DNS settings.
If you own a Realme phone or some variant of Chinese phone, there you have it.