Hi there, I'm facing some issues with my pihole instance on my Orange Pi Zero device. I have also Unbound configured.
Expected Behaviour:
Pihole should be blocking the same ads both on desktop and mobile devices.
Actual Behaviour:
I recently made a change from ISP so they gave me a new router. From that moment Pi Hole started to work erratically, at least on my mobile devices (Android, with Private DNS already turned off anyway). Some ads are blocked, some are not. But those same ads are 100% blocked on my Windows device.
Also the DNS SEC test at https://dnssec.vs.uni-due.de/ fails, on every device for that matter, both mobile and desktop
DHCP is coming from the router, but I also tried with Pihole DHCP server, in both scenarios with the DNS setting on the router enabled (both DNS entries with the same Pihole IP address just in case). But anyway, this working okay before the ISP change.
I'm running out of ideas here so I can't think what could be wrong.
That's the setting that was showing when I had the DHCP server enabled on the router.
Now I've switched again to pihole as the DHCP server, and this is the new debug token: https://tricorder.pi-hole.net/PsW286Bk/
Hey guys, just checking if someone could have an idea on what to do with this issue?
I think I've found something weird regarding the new router. Even when I set the Primary DNS to 8.8.8.8 and Secondary DNS to 1.1.1.1, in Windows I get this (even then, windows and desktop devices seem to correctly block ads, issue is always with mobile)
So this router is somehow adding itself as a DNS server, and a third one?
Anyone knows what could be happening and how to solve this?
For what I've seen, it might have something to do with ipv6 somehow? But not entirely sure.
Right, in this case it's a ZTE router, so I guess this same issue happens here with the device automatically adding itself as a DNS server on the lan configuration, even when I configure otherwise.
So, nothing to do then I imagine unless I get my own router and ditch this one...
If you read that linked thread I posted above, you have the option to disable the DHCP service on the router and replace it with Pi-hole's own DHCP service.
Yes, but I had already tried with DHCP server from Pihole instead of the router. And that only seems to change who's assigning and distributing the IP addresses to the devices, it's not changing what's happening with the DNS blocking, since it fully works on desktop devices (wired or not), but it sometimes works and sometimes doesn't on mobile devices.
I can try from time to time with the mobile device to access http://pi.hole and sometimes it works, sometimes it doesn't, meaning the device is not using Pihole's DNS every single time.
So I guess this 192.168.1.1 as DNS server is still being used somehow, that's the only thing I can think of with this behavior.
Thanks
edit:
However, Windows is now reporting only the Pihole's IP as DNS, the way it should be:
But the problem remains on the mobile side. Quite weird...
Correct, Windows now reports only one DNS server now, the pihole's, after disabling the router's DHCP server.
I guess it could be cache somewhere. I do see requests from this mobile device on pihole's query log, but it's mostly allowed queries, and mostly from Google. There are very few blocked queries, that's why I see ads sometimes being blocked and sometimes not.
I'll restart the router, pihole and the devices and see if that helps.
This is I think the issue with mobiles. I downloaded another android app to check which DNS servers are being used on the phone, and got all this crap which I don't even know where it comes from. 3 other DNS servers!
Those are DNS servers most likely received via IPv6 router advertisement (RA) or a DHCPv6 instance.
Those are usually hard to get rid of.
Check your router user manual if you can change those IPv6 RA settings or if you see any presence of DHCPv6?
Or else you could try disable IPv6 entirely on the router for the LAN side only.
Your clients dont really mind and also IPv6 is only a bit useful if your ISP supports IPv6 upstream:
Yeah exactly. Unfortunately my new ISP provides this router with some modified firmware version so you can change as little as possible, and that includes not being able to disable ipv6.
I'll call them to ask if they can disable ipv6 remotely. Otherwise I might just get another decent low cost router to use instead of the ISP', something which has support for custom firmwares.
