Pihole doesn't seem to be getting any queries, can still see ads, DNS seems OK

Please follow the below template, it will help us to help you!

Expected Behaviour:

Ping to doubleclick.com should not succeed, from my Linux client (desktop PC, connected via ethernet to router. Also, pihole should log queries.
Router settings were (AFAICT) tuned to use only pihole as DNS server.
Checking DNS server used by my desktop PC:
nmcli dev show <eth_if> | grep IP4 | grep -i dns
IP4.DNS[1]: 192.168.1.207

Actual Behaviour:

ping www.doubleclick.com
PING www3.l.google.com (216.58.210.46) 56(84) bytes of data.
64 bytes from lhr25s11-in-f46.1e100.net (216.58.210.46): icmp_seq=1 ttl=53 time=12.1 ms

Generally, I can see ads all around. I see no queries logged in the pihole web UI, in the main dashboard total queries (green) and queries blocked (blue) show 0.

Debug Token:

https://tricorder.pi-hole.net/a9f2ddneeb

Seems you are running your Pi-hole alongside Network Manager (deduced from usage of nmcli).

Note that by default, NetworkManager is configuring its own dnsmasq instance via /etc/NetworkManager/dnsmasq.d/, which might well result in conflicts with Pi-hole.

Uninstalling it could be an option, but if you are dependent on NetworkManager (e.g. because your favourite VPN tool requires it), you could first try to disable its dnsmasq by commenting the corresponding line in /etc/NetworkManager/NetworkManager.conf like this:

# dns=dnsmasq
1 Like

Hi, thanks for having a look.

That command I run from my PC where I see ads, not from the pihole. I also can see ads from other clients e.g. windows laptop through wifi

Would it still be an idea to disable network manager?

Only if you have NetworkManager running on the same machine as Pi-hole, and even then you could have a go at adopting NM's configuration first, like described above.

I checked and I don't think network-manager is enabled in the pihole, so I don't know yet why I can still see ads. Any ideas are more than welcome :slight_smile:

pi@raspberrypi:~ $ dpkg --get-selections | grep network-manager
pi@raspberrypi:~ $ ps aux | grep network
pi 1161 0.0 0.4 7332 1876 pts/0 S+ 21:24 0:00 grep --color=auto network
pi@raspberrypi:~ $ ls /etc/N*
ls: cannot access '/etc/N*': No such file or directory
pi@raspberrypi:~ $ ls /etc/n*
/etc/nanorc /etc/netconfig /etc/networks /etc/nsswitch.conf

/etc/network:
if-down.d if-post-down.d if-pre-up.d if-up.d interfaces interfaces.d

Can you get us a new debug token please?

Here it is
https://tricorder.pi-hole.net/hnvtwkhsjm

The IPv6 networking still looks incorrect:

*** [ DIAGNOSING ]: Networking
[โœ“] IPv4 address(es) bound to the eth0 interface:
   192.168.1.207/24 matches the IP found in /etc/pihole/setupVars.conf

[โœ“] IPv6 address(es) bound to the eth0 interface:
   2a01:4b00:e058:7700:2ef7:f705:971e:74b4 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
   fd01:a2ca:d909:0:42b6:7900:3ced:3eae does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
   fe80::d079:907b:e4eb:68f0 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

   ^ Please note that you may have more than one IP address listed.
   As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.

   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[โœ“] gostats.ro is 0.0.0.0 via localhost (127.0.0.1)
[โœ“] gostats.ro is 0.0.0.0 via Pi-hole (192.168.1.207)
[โœ“] doubleclick.com is 216.58.206.142 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[โœ“] bob285.web3000.com is :: via localhost (::1)
[โœ—] Failed to resolve bob285.web3000.com via Pi-hole (fd01:a2ca:d909:0:dc42:4b1:d165:91bb)
[โœ—] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

I configured setupVars to one of the IPv6 addresses shown. Now pihole -d is green on that check, and I restarted the pi, but I can still ping doubleclick

New pihole -d
https://tricorder.pi-hole.net/ncoix2rt9k

What IP address does doubleclick resolve to for you? dig output would be helpful.

Edit: Doesn't look like any client is using Pi-hole?

   [2020-03-07 21:54:31.140 558] Database successfully initialized
   [2020-03-07 21:54:31.140 558]  -> Total DNS queries: 0
   [2020-03-07 21:54:31.140 558]  -> Cached DNS queries: 0
   [2020-03-07 21:54:31.140 558]  -> Forwarded DNS queries: 0
   [2020-03-07 21:54:31.141 558]  -> Exactly blocked DNS queries: 0
   [2020-03-07 21:54:31.141 558]  -> Unknown DNS queries: 0
   [2020-03-07 21:54:31.141 558]  -> Unique domains: 0
   [2020-03-07 21:54:31.141 558]  -> Unique clients: 0
   [2020-03-07 21:54:31.141 558]  -> Known forward destinations: 0

Hmm, not sure why this is happening. I don't seem to be using the pihole as a DNS server when using my Ubuntu PC as a client, so I can ping doubleclick.com... but I thought the DNS server is set correctly, as can be seen in the systemd-resolve command below? I can also see the DNS settings in the Settings app in Ubuntu, pointing to the pihole

user@user-System-Product-Name:~$ systemd-resolve --status | tail
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 192.168.1.207
         DNS Servers: 192.168.1.207
                      fd01:a2ca:d909:0:6620:9fff:fe15:e2a5
                      2a01:4b00:e058:7700:6620:9fff:fe15:e2a5
          DNS Domain: ~.
                      mynet
user@user-System-Product-Name:~$ dig www.doubleclick.com
; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> www.doubleclick.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 647
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.doubleclick.com.		IN	A

;; ANSWER SECTION:
www.doubleclick.com.	2	IN	A	0.0.0.0

;; Query time: 5 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Mar 07 23:33:37 GMT 2020
;; MSG SIZE  rcvd: 64

What does the ping -n show for the IP address that ping is using? dig reports the correct address of 0.0.0.0

user@user-System-Product-Name:~$ ping -n www.doubleclick.com
PING www3.l.google.com (216.58.210.206) 56(84) bytes of data.
64 bytes from 216.58.210.206: icmp_seq=1 ttl=53 time=12.4 ms
64 bytes from 216.58.210.206: icmp_seq=2 ttl=53 time=11.3 ms
64 bytes from 216.58.210.206: icmp_seq=3 ttl=53 time=11.5 ms

Pi-hole is returning the correct IP address (0.0.0.0). It looks like your client is using the other DNS servers to get around the Pi-hole.

What does readlink /etc/resolv.conf; cat /etc/resolv.conf show as nameserver entry on the client?


Off-topic, since it is not about the client setup:

EDIT: Question basically answered: Pi-hole should not install resolvconf and hi-jack local DNS resolving by default ยท Issue #2988 ยท pi-hole/pi-hole ยท GitHub

@DanSchaper
Generally when using systemd-resolved instead of resolvconf, does Pi-hole handle this correctly? The installer pulls resolvconf, so I guess also uses it to set the DNS nameserver to 127.0.0.1 usually, but I don't know if systemd-resolved and resolvconf communicate with each other, so that DNS settings are set (in case synced) correctly, regardless if /etc/resolv.conf links to /run/resolvconf/.. or /run/systemd/resolve/..?

However this question is obsolete with Pi-hole v5, which does not call resolvconf anymore.

Pi-hole v5 does away with all of that.

That doesn't address this particular issue since the client isn't using Pi-hole at all.

Yes indeed has nothing to do with Pi-hole. However content of client resolv.conf and to where it symlinks (If at all) should give a solution hint.

So I switched to run the DHCP server with pihole, in a bit of a desperate attempt. Still not working very well. I'm not sure I trust the configuration in my PC anymore, so I'm trying my Android phone and a Windows laptop. I can see doubleclick.com successfully in a web browser, so pihole definitely not working. Router DHCP is off, any ideas?

Here's from WSL:

$ ping -n www.doubleclick.com
PING www3.l.google.com (172.217.12.78) 56(84) bytes of data.
64 bytes from 172.217.12.78: icmp_seq=1 ttl=55 time=116 ms
64 bytes from 172.217.12.78: icmp_seq=2 ttl=55 time=629 ms
64 bytes from 172.217.12.78: icmp_seq=3 ttl=55 time=118 ms

1$ dig www.doubleclick.com

; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> www.doubleclick.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26065
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.doubleclick.com. IN A

;; ANSWER SECTION:
www.doubleclick.com. 82866 IN CNAME www3.l.google.com.
www3.l.google.com. 125 IN A 216.58.210.238

;; Query time: 18 msec
;; SERVER: 10.58.2.36#53(10.58.2.36)
;; WHEN: Fri Mar 13 21:07:10 STD 2020
;; MSG SIZE rcvd: 92

And, pihole -d token
https://tricorder.pi-hole.net/thjnh5ag65

So, after a long time checking android, windows and linux dns settings, I can see it works perfectly for all but new versions of android. I think that's a known thing about new versions of android? I've installed blokada there anyway, but back on the subject, pi hole is working OK...

... Which leads me to the next question, will it report ad blocking with its current DHCP server settings? I still see it as all zeroes. I don't really mind, just curious?

Thanks for all the help! :slight_smile:

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.