PiHole sporadically blocking ads (if at all), DNS requests seem to bypass the PiHole

I was previously using pihole on synology through docker, but have been unable to get it working since the last update. I went out and got a Pi Zero W and have set up pihole to run off that, but have been running into a few issues, primarily that it seems no queries are going through the pihole at all.

PiHole was set up (both IPv4 and IPv6, but IPv6 seems to be grayed out in the upstream DNS servers and I do have IPv6 disabled on my router). I have not modified any configurations yet, so it's still fairly vanilla settings.

I've attempted to get my computer and phone pointed at the PiHole as the dns server. For my computer (Windows 10), I have the DNS address set to the Pi only (192.168.1.18, no secondary server) and IPv6 disabled. When I test the ad blocking behavior, no queries are registered in the pihole log except for some reason a single query from microsoft (out of what should be a few hundred). Unable to repeat the query going through pihole, and all ads are going unblocked. I've attempted restarting and flushing the DNS cache with no luck.

For the iPhone, I've similarly pointed the DNS server at the Pi (IPv4 only, single server). At first I had a similar issue of no queries being registered, but for a while after I had restarted the device it seemed to be working correctly (all ads being blocked). Went to bed, and when I woke up I saw that zero ads were being blocked again and no queries registered. Restarting this time briefly showed up on the query log, but did not block any ads. Restarting a second time did nothing and no queries are showing up. I've attempted to renew the lease, but that has done nothing.

I've seen these commands as useful, so I'm pasting them here:

cat /etc/resolv.conf

nameserver 127.0.0.1

nslookup pi.hole

Server: 127.0.0.1
Address: 127.0.0.1#53

Name: pi.hole
Address: 192.168.1.18

nslookup pi.hole 192.168.1.18

Server: 192.168.1.18
Address: 192.168.1.18#53

Name: pi.hole
Address: 192.168.1.18

Expected Behaviour:

PiHole regularly blocks ads

Actual Behaviour:

PiHole sporaticly blocks ads, if at all. Most of the time, zero queries are going through the pihole.

Debug Token:

https://tricorder.pi-hole.net/n130modxgp

Your debug log shows that Pi-Hole is working properly and processing DNS queries as they are received. In the past 24 hours prior to the debug log being run:

   [2019-08-25 06:45:43.788 16187] Imported 468 queries from the long-term database
   [2019-08-25 06:45:43.789 16187]  -> Total DNS queries: 468
   [2019-08-25 06:45:43.789 16187]  -> Cached DNS queries: 51
   [2019-08-25 06:45:43.789 16187]  -> Forwarded DNS queries: 361
   [2019-08-25 06:45:43.790 16187]  -> Exactly blocked DNS queries: 56
   [2019-08-25 06:45:43.790 16187]  -> Unknown DNS queries: 0
   [2019-08-25 06:45:43.790 16187]  -> Unique domains: 201
   [2019-08-25 06:45:43.790 16187]  -> Unique clients: 3
   [2019-08-25 06:45:43.790 16187]  -> Known forward destinations: 2

The problem appears to lie in the clients or router (router is the most likely culprit).

Have you cleared the DNS cache on all the clients and renewed the leases? What are the outputs of the following commands (it is not clear on which device your posted commands were run):

From the Windows 10 PC

nslookup pi.hole

nslookup flurry.com

ipconfig /all

What ISP provides your internet service, and what make/model of router are you using?

Previous queries were run from the Raspberry Pi. Running from the windows 10 computer:

C:\WINDOWS\system32>nslookup pi.hole
Server: UnKnown
Address: 192.168.1.18

*** UnKnown can't find pi.hole: Server failed

C:\WINDOWS\system32>nslookup flurry.com
Server: UnKnown
Address: 192.168.1.18

Non-authoritative answer:
Name: flurry.com
Addresses: 212.82.100.153
74.6.136.153
98.136.103.26

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-MATT
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 40-8D-5C-44-F3-D5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 25, 2019 7:42:14
Lease Expires . . . . . . . . . . : Monday, August 26, 2019 7:44:01
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.18
NetBIOS over Tcpip. . . . . . . . : Enabled

DNS cache was cleared and lease renewed on the Windows 10 computer and that didn't seem to do anything, queries are still not registering within pihole.

ISP provider is spectrum internet. Router is my own Nighthawk(R) X4S R7800 running router firmware V1.0.2.62.

Was your Windows PC getting some DNS previously from Google DNS? If so, you may have old information in the browser caches on that device.

Run ipconfig /flushdns , then ipconfig /release and ipconfig /renew and clear all browser caches and restart the browser.

I apologize if you saw my post before the edits. I had set the google DNS just to verify there was no DNS leak going on, and forgot to reset it back to the pihole before pasting here.

DNS flush, lease renew has all been performed. DNS Server is set to 192.168.1.18 (pi address) yet no queries are going through the pihole.

I would disable IPv6 on the router. That's a common source of DNS bypasses. Also look for any family protection options, etc. You will need to look at every menu on the router - they are all different.

IPv6 has been disabled on the router.

ipv61917×904 82.6 KB

Have you tried manually assigning DNS on the Windows PC, and not getting the assignment via DHCP?

Windows PC and iPhone both have their DNS server manually set to 192.168.1.18 (pi address) as their only server (no secondary, no IPv6 server)

I would dig into all the router settings. I think the problem lies there. Any recent firmware updates, etc.? You also might want to check forums for that router.

No recent updates on the router at all for about a year now, which is actually an issue because there is a problem with the current firmware version and setting the DNS to an internal address.

I've had PiHole working through docker as late as v4.3.0 (on the current router settings), but something in the more recent updates has been giving me issues. I thought running it through a Pi would help, but it seems sporadic at best.

I have Pi-Hole running on 4 different Pi's, none in docker, and have not had similar problems. I don't think the problem is in the Pi-Hole software - something is funky in your network.

That said, you can run a pihole repair (pihole -r), but based on your debug I don't expect this to improve things. But, it's a quick thing to do and costs nothing.

I've run pihole -r, but I agree that on a clean install there shouldn't be anything wrong.

Do you have an idea on where to begin diagnosing in the network? What would cause DNS queries to complete without ever being logged within pihole?

I understand you can't really help with the router itself, but the netgear software is a fairly common system..do you have any thoughts around that? Would I be better off flashing ddwrt?

On the Windows client, I would install Wireshark or other similar packet sniffer and see where the DNS queries are going.

So I'm not really familiar with wireshark, so forgive me if I'm using it wrong. I captured the http traffic versus what's being logged in pihole. 192.168.1.8 is my windows PC, and 192.168.1.18 is my raspberry pi. Everything I can see shows that it's going between the computer and the pi, but nothing is being logged. Any idea why? Or how to further diagnose the problem?

pihole%20output1920×1036 295 KB

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.