PiHole randomly working

Expected Behaviour:

PiHole working on all devices and blocking on the first try.

Operating system: latest Raspberry Pi OS 64-bit installation (bookworm), done via rpi-imager. Output of uname -a: Linux myraspberrypi 6.6.62+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.62-1+rpt1 (2024-11-25) aarch64 GNU/Linux

I'm using a ZTE H6645P V2 modem, and I've set up the Raspi as a static IP (192.168.1.67). I've installed PiHole, setting up the correct interface eth0 (since the Raspi is connected to the modem via the Ethernet cable), then clicked on set static IP using current values, and I've temporarily selected Comodo. Then ran the following commands: sudo apt install unbound dns-root-data and copied the configuration file /etc/unbound/unbound.conf.d/pi-hole.conf from the official PiHole unbound guide. Restarted unbound and rebooted the Raspi, then I went to PiHole Web Settings, disabled Comodo and added 127.0.0.1#5335.
Then, the PiHole unbound guide tells me to run the following commands:
sudo systemctl disable --now unbound-resolvconf.service; sudo sed -Ei 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf; sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf; sudo systemctl restart unbound however the second and third (can't remove a file that doesn't exist) command both fail.

cat /etc/resolv.conf

# Generated by NetworkManager
nameserver 192.168.1.67
nameserver 192.168.1.1

Then I've set the PiHole as the Primary DNS Server (and, when testing, I've set the PiHole as the Secondary DNS Server too, but nothing changed).
I don't know if these errors are causing the issues I'm going to explain in the next paragraph.

Actual Behaviour:

Blocking, both on my Android phones and computer/laptop, sometimes works, sometimes doesn't work completely and sometimes it blocks only after I reload the page 2-3 times. Tried rebooting the modem, Raspi, devices, clearing all browser data and so on and so forth. I tried to use nmcli and edited my ethernet connection so that I get this output:

cat /etc/resolv.conf

# Generated by NetworkManager
nameserver 192.168.1.67

but it doesn't change anything. I have, for testing purposes, blocked soundcloud.com, and when I execute nslookup on my client computer:

➜  ~ nslookup soundcloud.com
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	soundcloud.com
Address: 0.0.0.0
Name:	soundcloud.com
Address: ::

Then, five minutes later, executing the same command again yields:

➜  ~ nslookup soundcloud.com
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	soundcloud.com
Address: 108.138.199.27
Name:	soundcloud.com
Address: 108.138.199.40
Name:	soundcloud.com
Address: 108.138.199.109
Name:	soundcloud.com
Address: 108.138.199.118

To be honest, I think it's the modem fault because, if I point point both Primary and Secondary DNS Servers in the modem, while rebooting the Raspi the DNS Resolutions work, while, technically it shouldn't work.
I had Raspi in DHCP mode before changing ISP (thus modem too) and all worked flawlessly, when the Raspi was down, everything was down too because everything was passing through the Raspi (and that's what I want). Now, if I enable DHCP in Raspi and disable DHCP in the modem, no devices are able to connect.

This is the page on my modem related to DHCP/DNS Settings (after a modem reset):

Schermata del 2024-12-05 18-15-55826×700 56.7 KB

Debug Token:

[✓] Your debug token is: https://tricorder.pi-hole.net/DNL5u0hx/

Thank you all for your help.

The guide needs a little update.
Above is expected if below package isn't installed:

$ apt policy openresolv
openresolv:
  Installed: (none)
  Candidate: 3.12.0-3
  Version table:
     3.12.0-3 500
        500 http://deb.debian.org/debian bookworm/main amd64 Packages

$ apt-file list openresolv
[..]
openresolv: /etc/resolvconf.conf

Have a read below:

Above you only have to enter the Pi-hole address in the "Primary DNS" field.
And if the router allows, you could also enter the same Pi-hole IP in the "Secondary DNS" field which is the default for the upcoming v6 release if Pi-hole's own DHCP service is enabled:

$ sudo pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
[..]
   dns-server: 10.0.0.2
   dns-server: 10.0.0.2

Usually no other router settings needs changing so leave them on default for diagnosing.

I used to have an ISP provided ZTE modem.
I believe it also supported IPv6.
Have you checked that bit?

You could try out a new Pi-hole v6 feature that scans for IPv6 RA advertised DNS servers.
For that you could down a preliminary v6 pihole-FTL binary with below (it wont get installed):

wget https://ftl.pi-hole.net/new/dhcpv6/pihole-FTL-arm64

Make it executeable:

chmod +x pihole-FTL-arm64

And let it rip:

sudo ./pihole-FTL-arm64 dhcp-discover

The bit you have to look for is "Recursive DNS server"

That nslookup is not using Pi-hole for DNS, but a local stub resolver at 127.0.0.53.

Your different nslookup results would suggest that stub resolver is forwarding DNS requests to at least two upstreams, your Pi-hole returning 0.0.0.0 and a public one returning public IPs.

You should verify that your stub resolver's forward target is your Pi-hole exclusively.

Hi, thanks for taking the time to reply.
I purged everything and went with the previous version of Raspberry Pi OS and managed to disable DHCP on the modem.
Now I'm running PiHole in DHCP mode and everything works just fine.

Just for testing, I tried putting again Raspi static IP as both Primary and Secondary DNS IP and it still didn't work. I'm not an expert but I think the modem may have fallback DNS, I don't know.

Using a previous version of the operating system may be less secure, but PiHole is literally the only application running, so I don't think it will be an issue.

Thanks for your reply, the message I posted before explains how I did it.

DNS queries bypassing IPv4 DNS (Pi-hole) via IPv6 DNS (your router or ISP DNS)?
IPv6 DNS is preferred over IPv4 DNS.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.