Pihole not blocking ads

Help
1

I am making a pihole using a raspberrypi 2011.12 1B (yes it's an old model).
I've been running into issues where the DNS servers do get checked, but only for google.com --> ads still go through

Expected Behaviour:

Ads should be getting blocked on my samsung (ran Test Ad Block - Toolz in chrome) and windows computer (ran same debug tool in edge)

Actual Behaviour:

All ads were shown, nothing was getting blocked according to the debug website

Debug Token:

https://tricorder.pi-hole.net/0a2UWhWz/

2

Can you provide an example of an ad that you are seeing? Some text links like Sponsored Advertisements in Google search results are part of the HTML and can not be blocked by a DNS based approach.

3

Sorry, I must have worded it poorly. I meant to say that all the requests I see in the logs that are from my phone only lookup google.com, when I go to a page like speedtest.net, where I know I will find ads, nothing new appears in the logs, and the ads show up on my phone.
Ads on speedtest.net do not get blocked either when visiting from my computer.

I cannot configure the router, so both these devices are using a manual DNS set to the pihole's ip

4

Hi,
Did you add only 1 dns (pihole) ip into the settings of your devices?

5

I see the DHCP server is set to hand out itself as the DNS server (192.168.1.1), can you show me the configuration you have set for your clients? I also see IPv6 addresses on the interfaces with the ability to reach and use a non-Pi-hole DNS server via IPv6. If your clients have the ability to access any other DNS server other than Pi-hole then they can and will use that to bypass Pi-hole.

Can you visit a site like Test your IPv6. on a client and see if they are showing DNS over IPv6?

6

Here are those for the desktop pc:

image
image362×461 12.7 KB

image
image402×452 11.9 KB

And the config for the samsung phone:
image
image402×452 11.9 KB

And the ipv6 test results:

image
image983×332 36.3 KB

Ads still show up on speedtest.net (from pc)

image
image1333×784 164 KB

7

Did not attach the phone config right, sorry.
here is it:

image
image367×820 64.2 KB

8

It looks like your clients are using an IPv6 resolver to get the ads. Can you disable IPv6 on a client and see if you still get advertisements? On the Windows box you can untick the 'Internet Protocol Version 6 (TCP/IPv6)' box.

9

That has fixed the problem for my pc.
Any way I could do this for my phone as well?

10

I've checked; it is impossible to disable ipv6 for my phone. Is it possible for my pihole to use this protocol, as it seems everything bypasses the pihole by using ipv6?
Do I have to have a static ipv6 address too?

11

I just now checked on my Samsung phone (Android 11) and cant find any settings either to disable IPv6 entirely or alter IPv6 DNS settings.
Maybe I'm lookin at the wrong spot :wink:

FYI, your router advertises IPv4 DNS server details via the DHCP protocol:

$ sudo pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
[..]
   dns-server: 10.0.0.2

And most likely the router advertises IPv6 DNS details via IPv6 RA (Router Advertisement):

$ rdisc6 eth0
[..]
 Recursive DNS server     : fd00::3ea6:xxxx:xxxx:xxxx

$ man rdisc
[..]
DESCRIPTON
       RDisc6 is an Unix program which implements the ICMPv6  Router
       Discovery in userland (it is normally done by the kernel). It
       is used to lookup the list of on-link routers and  IPv6  pre‐
       fixes.

You can install this rdisc6 tool on the Pi to inspect yourself by running below:

sudo apt install ndisc6

$ apt show ndisc6
[..]
Description: IPv6 diagnostic tools
 ndisc6 gathers a few diagnostic tools for IPv6 networks including:
  - ndisc6, which performs ICMPv6 Neighbor Discovery in userland,
  - rdisc6, which performs ICMPv6 Router Discovery in userland,
  - rltraceroute6, a UDP/ICMP IPv6 implementation of traceroute,
  - tcptraceroute6, a TCP/IPv6-based traceroute implementation,
  - tcpspray6, a TCP/IP Discard/Echo bandwidth meter,
  - addrinfo, easy script interface for hostname and address resolution,
  - dnssort, DNS sorting script.

Dont post full unredacted output for above ones here bc it can contain private details!

Only proper solution seems to be to get access to the router settings?
And no you dont necessarily need IPv6.
Usually IPv4 only will suffice.

2 Likes
12

try removing the 8.8.4.4 from DNS2 from your phone and leave it blank

1 Like
13

Good one but first need to get rid of the IPv6 RA advertised one(s).
Phones usually prefer IPv6 over IPv4 for DNS resolution.
EDIT: Oh most protocols do.

14

The 8.8.4.4 dns is greyed out, the field is empty. I'll probably set it as the cloudflare DNS.

As for IPv6 advertisement, I'll see what I can do. It's my family's router, and they don't like when I mess around with the equipment they need to work.. If disabling IPv6 RA doesn't make all the devices using the router unable to use the internet, and safely so, I could convince them to do that.

However, my ideal solution would be to have the pihole also be an IPv6 DNS too, as I feel like more modern standards are more future proof.

For now I'll try out disabling router IPv6 RA, and I'll post here with my results.

1 Like
15

May I ask why you do not set pihole IPv6 address as DNS in your clients?

1 Like
16

I don't know what IPv6 addresses are free to be reserved for my pi. I haven't set one in dhdcp config either.
Also it seems like my phone needs an IPv4 DNS, but I could be wrong

17

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.