Please follow the below template, it will help us to help you!
Expected Behaviour:
Ping to doubleclick.com should not succeed, from my Linux client (desktop PC, connected via ethernet to router. Also, pihole should log queries.
Router settings were (AFAICT) tuned to use only pihole as DNS server.
Checking DNS server used by my desktop PC:
nmcli dev show <eth_if> | grep IP4 | grep -i dns
IP4.DNS[1]: 192.168.1.207
Generally, I can see ads all around. I see no queries logged in the pihole web UI, in the main dashboard total queries (green) and queries blocked (blue) show 0.
Seems you are running your Pi-hole alongside Network Manager (deduced from usage of nmcli).
Note that by default, NetworkManager is configuring its own dnsmasq instance via /etc/NetworkManager/dnsmasq.d/, which might well result in conflicts with Pi-hole.
Uninstalling it could be an option, but if you are dependent on NetworkManager (e.g. because your favourite VPN tool requires it), you could first try to disable its dnsmasq by commenting the corresponding line in /etc/NetworkManager/NetworkManager.conf like this:
Only if you have NetworkManager running on the same machine as Pi-hole, and even then you could have a go at adopting NM's configuration first, like described above.
*** [ DIAGNOSING ]: Networking
[โ] IPv4 address(es) bound to the eth0 interface:
192.168.1.207/24 matches the IP found in /etc/pihole/setupVars.conf
[โ] IPv6 address(es) bound to the eth0 interface:
2a01:4b00:e058:7700:2ef7:f705:971e:74b4 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
fd01:a2ca:d909:0:42b6:7900:3ced:3eae does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
fe80::d079:907b:e4eb:68f0 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[โ] gostats.ro is 0.0.0.0 via localhost (127.0.0.1)
[โ] gostats.ro is 0.0.0.0 via Pi-hole (192.168.1.207)
[โ] doubleclick.com is 216.58.206.142 via a remote, public DNS server (8.8.8.8)
*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[โ] bob285.web3000.com is :: via localhost (::1)
[โ] Failed to resolve bob285.web3000.com via Pi-hole (fd01:a2ca:d909:0:dc42:4b1:d165:91bb)
[โ] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)
I configured setupVars to one of the IPv6 addresses shown. Now pihole -d is green on that check, and I restarted the pi, but I can still ping doubleclick
Hmm, not sure why this is happening. I don't seem to be using the pihole as a DNS server when using my Ubuntu PC as a client, so I can ping doubleclick.com... but I thought the DNS server is set correctly, as can be seen in the systemd-resolve command below? I can also see the DNS settings in the Settings app in Ubuntu, pointing to the pihole
user@user-System-Product-Name:~$ systemd-resolve --status | tail
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.1.207
DNS Servers: 192.168.1.207
fd01:a2ca:d909:0:6620:9fff:fe15:e2a5
2a01:4b00:e058:7700:6620:9fff:fe15:e2a5
DNS Domain: ~.
mynet
user@user-System-Product-Name:~$ ping -n www.doubleclick.com
PING www3.l.google.com (216.58.210.206) 56(84) bytes of data.
64 bytes from 216.58.210.206: icmp_seq=1 ttl=53 time=12.4 ms
64 bytes from 216.58.210.206: icmp_seq=2 ttl=53 time=11.3 ms
64 bytes from 216.58.210.206: icmp_seq=3 ttl=53 time=11.5 ms
@DanSchaper
Generally when using systemd-resolved instead of resolvconf, does Pi-hole handle this correctly? The installer pulls resolvconf, so I guess also uses it to set the DNS nameserver to 127.0.0.1 usually, but I don't know if systemd-resolved and resolvconf communicate with each other, so that DNS settings are set (in case synced) correctly, regardless if /etc/resolv.conf links to /run/resolvconf/.. or /run/systemd/resolve/..?
However this question is obsolete with Pi-hole v5, which does not call resolvconf anymore.
So I switched to run the DHCP server with pihole, in a bit of a desperate attempt. Still not working very well. I'm not sure I trust the configuration in my PC anymore, so I'm trying my Android phone and a Windows laptop. I can see doubleclick.com successfully in a web browser, so pihole definitely not working. Router DHCP is off, any ideas?
Here's from WSL:
$ ping -n www.doubleclick.com
PING www3.l.google.com (172.217.12.78) 56(84) bytes of data.
64 bytes from 172.217.12.78: icmp_seq=1 ttl=55 time=116 ms
64 bytes from 172.217.12.78: icmp_seq=2 ttl=55 time=629 ms
64 bytes from 172.217.12.78: icmp_seq=3 ttl=55 time=118 ms
So, after a long time checking android, windows and linux dns settings, I can see it works perfectly for all but new versions of android. I think that's a known thing about new versions of android? I've installed blokada there anyway, but back on the subject, pi hole is working OK...
... Which leads me to the next question, will it report ad blocking with its current DHCP server settings? I still see it as all zeroes. I don't really mind, just curious?