Pihole not blocking anymore

Expected Behaviour:

Blocking the blocked domains.

Actual Behaviour:

I noticed that my Pihole isn't blocking anything anymore. Based on the graphics query log, it started last November. But I havn't noticed it at all.

During debug log creation, the Pihole blocked the randomly picked domains successfully:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] duitmyself.com is 0.0.0.0 on lo (127.0.0.1)
[✓] duitmyself.com is 0.0.0.0 on eth0 (192.168.178.40)
[✓] doubleclick.com is 142.250.181.238 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] globalarrangeme.com is :: on lo (::1)
[✓] globalarrangeme.com is :: on eth0 (2a02:560:4d7a:dc00:52c9:b014:7457:a2d0)
[✓] globalarrangeme.com is :: on eth0 (fe80::3bdf:ac09:3944:e581)
[✓] doubleclick.com is 2a00:1450:4001:828::200e via a remote, public DNS server (2001:4860:4860::8888)

Looking at the debug log, I only see these three warnings/errors:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
   * Received 548 bytes from eth0:192.168.178.1
     Offered IP address: 192.168.178.49
     Server IP address: 192.168.178.1
     Relay-agent IP address: N/A
     BOOTP server: (empty)
     BOOTP file: (empty)
     DHCP options:
      Message type: DHCPOFFER (2)
      server-identifier: 192.168.178.1
      lease-time: 864000 ( 10d )
      renewal-time: 432000 ( 5d )
      rebinding-time: 756000 ( 8d 18h )
      netmask: 255.255.255.0
      router: 192.168.178.1
      dns-server: 192.168.178.1
      domain-name: "fritz.box"
      broadcast: 192.168.178.255
      ntp-server: 192.168.178.1
      Port Control Protocol (PCP) server: 192.168.178.1
    
   DHCP packets received on interface eth0: 1
   DHCP packets received on interface lo: 0
   DHCP packets received on interface wlan0: 0

*** [ DIAGNOSING ]: contents of /var/log

-rw-r--r-- 1 pihole pihole 1.9K Mar  7 21:42 /var/log/pihole-FTL.log
   -----head of pihole-FTL.log------
   [2022-03-07 01:00:00.092 31072/T31076] Notice: Database size is 126.35 MB, deleted 169 rows
   [2022-03-07 02:00:00.956 31072/T31076] Notice: Database size is 126.35 MB, deleted 106 rows
   [2022-03-07 03:00:00.502 31072/T31076] Notice: Database size is 126.35 MB, deleted 65 rows
   [2022-03-07 04:00:00.331 31072/T31076] Notice: Database size is 126.35 MB, deleted 49 rows
   [2022-03-07 05:00:00.317 31072/T31076] Notice: Database size is 126.35 MB, deleted 92 rows
   [2022-03-07 05:59:01.033 31072/T31076] Notice: Database size is 126.35 MB, deleted 74 rows
   [2022-03-07 07:00:00.773 31072/T31076] Notice: Database size is 126.35 MB, deleted 73 rows
   [2022-03-07 08:00:00.640 31072/T31076] Notice: Database size is 126.35 MB, deleted 97 rows
   [2022-03-07 09:59:00.443 31072/T31076] Notice: Database size is 126.35 MB, deleted 5 rows
   [2022-03-07 10:59:00.871 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 11:59:00.689 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 12:59:00.334 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 13:59:00.458 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 15:00:00.608 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 16:00:00.599 31072/T31076] Notice: Database size is 126.35 MB, deleted 1 rows
   [2022-03-07 17:00:00.561 31072/T31076] Notice: Database size is 126.35 MB, deleted 1 rows
   [2022-03-07 19:00:00.689 31072/T31076] Notice: Database size is 126.35 MB, deleted 201 rows
   [2022-03-07 20:00:00.564 31072/T31076] Notice: Database size is 126.35 MB, deleted 305 rows
   [2022-03-07 21:00:00.711 31072/T31076] Notice: Database size is 126.35 MB, deleted 331 rows
   [2022-03-07 21:42:01.392 31072/T31076] ERROR: SQL query "END TRANSACTION" failed: database is locked
   [2022-03-07 21:42:01.393 31072/T31076] WARNING: Storing devices in network table failed: database is locked

   -----tail of pihole-FTL.log------
   [2022-03-07 01:00:00.092 31072/T31076] Notice: Database size is 126.35 MB, deleted 169 rows
   [2022-03-07 02:00:00.956 31072/T31076] Notice: Database size is 126.35 MB, deleted 106 rows
   [2022-03-07 03:00:00.502 31072/T31076] Notice: Database size is 126.35 MB, deleted 65 rows
   [2022-03-07 04:00:00.331 31072/T31076] Notice: Database size is 126.35 MB, deleted 49 rows
   [2022-03-07 05:00:00.317 31072/T31076] Notice: Database size is 126.35 MB, deleted 92 rows
   [2022-03-07 05:59:01.033 31072/T31076] Notice: Database size is 126.35 MB, deleted 74 rows
   [2022-03-07 07:00:00.773 31072/T31076] Notice: Database size is 126.35 MB, deleted 73 rows
   [2022-03-07 08:00:00.640 31072/T31076] Notice: Database size is 126.35 MB, deleted 97 rows
   [2022-03-07 09:59:00.443 31072/T31076] Notice: Database size is 126.35 MB, deleted 5 rows
   [2022-03-07 10:59:00.871 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 11:59:00.689 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 12:59:00.334 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 13:59:00.458 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 15:00:00.608 31072/T31076] Notice: Database size is 126.35 MB, deleted 2 rows
   [2022-03-07 16:00:00.599 31072/T31076] Notice: Database size is 126.35 MB, deleted 1 rows
   [2022-03-07 17:00:00.561 31072/T31076] Notice: Database size is 126.35 MB, deleted 1 rows
   [2022-03-07 19:00:00.689 31072/T31076] Notice: Database size is 126.35 MB, deleted 201 rows
   [2022-03-07 20:00:00.564 31072/T31076] Notice: Database size is 126.35 MB, deleted 305 rows
   [2022-03-07 21:00:00.711 31072/T31076] Notice: Database size is 126.35 MB, deleted 331 rows
   [2022-03-07 21:42:01.392 31072/T31076] ERROR: SQL query "END TRANSACTION" failed: database is locked
   [2022-03-07 21:42:01.393 31072/T31076] WARNING: Storing devices in network table failed: database is locked

From time to time I also updated the Raspberry Pi itself. Could this be the root cause?

Unfortunately I have no clue what the actual problem is, nor how to solve this. I hope there is a fast and easy way without resetting my Pihole at all. Thanks in advance!

Versions:

• Pi-hole v5.9
• FTL v5.14
• Web Interface v5.11

Debug Token:

https://tricorder.pi-hole.net/393J4ADb/

From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of

nslookup pi.hole

nslookup flurry.com

nslookup flurry.com 192.168.178.40

Thank you for your fast response, jfb!

Here are the results:

Server:  fritz.box
Address:  fd00::464e:6dff:fea1:f837
*** pi.hole wurde von fritz.box nicht gefunden: Non-existent domain.

Server:  fritz.box
Address:  fd00::464e:6dff:fea1:f837

Nicht autorisierende Antwort:
Name:    flurry.com
Addresses:  98.136.103.23
          74.6.136.150
          212.82.100.150

Server:  pi.hole
Address:  192.168.178.40

Name:    flurry.com
Addresses:  ::
          0.0.0.0

The client is using the IPv6 DNS server provided by the FritzBox, and not Pi-hole.

This is shown in the first two replies.

The third query was directed at Pi-hole, and returned the correct answer.

The issue is with the router.

Alright, thanks! In the end it makes sense. My ISP activated IPv6 some time ago for me, so before that I only used IPv4, which was using the Pi-hole.

I‘ll try and figure out how to set the DNS to Pi-hole for IPv6.

Hope this saves you some time.

Cheers!

Thanks a lot!

Unfortunately I cannot get it to work. I followed the steps, rebooted and navigating to website with lots of ads. But nothing seems to be blocked, nor can I see any blocked queries in the query log of the Pi-hole.

So I modified the /etc/dhcpcd.conf by adding static ip6_address=<fe80::XXX>. Saved that file.

Went to Pi-hole admin center > Settings > DNS > Upstream DNS Server > Custom 3 (IPv6) and also added the static IPv6 there but without the \64 suffix.

Then I went to my Frity.box and added the static IPv6 address as the preferable DNSv6-Server and also as the local DNSv6-Server for my network (can do some screenshots, if helpful).

Fortunately I still have access to the internet.

I also executed nslookup flurry.com 192.168.178.40 which got blocked by the Pi-hole.

Any advice by any chance?

Were you able to check if it was working before you pointed your router to the PiHole IPv6?
Some routers just push their own DNS regardless of the field, though it's also possible that if you didn't DC / RC it was still using old settings.

Just to confirm, were you able / do you know how to temporarily turn off IPv4 and set the custom IPv6 DNS on a specific device? that way we can find out if it is a router or config problem

I'd like to discourage you from manually setting a static IPv6 address.

IPv6 is heavily emphasizing auto-configuration.
You are introducing multiple dependencies to changes that you may not have direct control of, creating additional maintenance efforts to reflect those changes in your static IPv6, and you can easily cut your machine from IPv6 connectivity if you don't know what you are doing.

Besides, a network interface's link-local IPv6 address (starting with fe80::) already is stable by design, regardless whether its interface identifier is calculated according to RFC4291, RFC7217 or other similar methods.

I'd recommend to roll-back all of your related changes.

Then retrieve your Pi-hole host machine's true link-local IPv6 address, e.g. by running ip -6 address.
Take a note of that address and enter it as local DNS server in your FritzBox - with a German language model, that should be at Heimnetz|Netzwerk|Netzwerkeinstellungen|IPv6-Adressen: DNSv6-Server im Heimnetz.

Note that link-local addresses are only accessible by devices on the same link (commonly, those are all devices directly connected to your router)

If you wouldn't run a flat network, you'd have to use your Pi-hole host's IPv6 ULA instead (range fd00::/8). FritzBox routers can be configured to always hand out a specific, stable ULA prefix.

Avoid using a public GUA address (range 2000::/3): Depending on your country of residence and your actual ISP plan, that prefix would be subject to change regularly (like once a week or one every 24 hours) or upon router reboot or exchange.
If that happens, not only will your static IPv6 become unusable, but because of using a GUA, your DNS requests may even be leaving your private network (theoretically).

You should remove that entry.
By adding Pi-hole's IPv6 as an upstream Server of Pi-hole, you'd have closed a DNS loop.

Alright, I reverted all changes. Thank you guys for helping me out!

Another question I have is: should I tick the IPv6 Upstream DNS Servers, provided in the Pi-hole Settings > DNS list? Or should I only use IPv4 here?

They are equivalent. As long as you have outbound IPv4 connectivity an IPv4 is fine (IPv6 will do no harm either). Every DNS server, regardless of how you reach them can serve answers to A (IPv4 addresses) and AAAA (IPv6 addresses) queries.

I don't have an IPv6 connection but can get an IPv6 address by asking a DNS server via IPv4 connection.

dig google.com AAAA 

;; ANSWER SECTION:
google.com.		228	IN	AAAA	2a00:1450:4016:808::200e

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.