Pihole stops blocking ads

Help
#1

Please follow the below template, it will help us to help you!

Expected Behaviour:

Ads should be blocked

Actual Behaviour:

Ads are only blocked for a short while, before they are allowed through

Debug Token:

knexlicbsh

Pihole was working for many months, then late last year I noticed ads started appearing. I would run pihole -g and this would fix it for a few hours, but then ads would start appearing again.

I rebuilt my server, and I’m getting similar behavior. Though ads only seemed to be blocked for a few minutes before they start appearing again. I’ve used several different “Adblock test” sites, and they all confirm that ads are being blocked for a short amount of time before they report ads are going through. I’m clearing my cache, not using any other adblockers, not using any custom DNS files on my clients.

PiHole and OpenVPN
#2

How are the clients getting their DNS server IP addresses? Can you check on a client and make sure that only the Pi-hole IP address is listed as the DNS server for that node?

#3

My router is pointing to my pihole machine for DNS, and yes, it’s the only DNS server listed. Although when it was working previously, it pointed to both pihole and 8.8.4.4

I confirmed clients are only using pihole for dns.

This site shows ads are blocked, then when I refresh it shows them unblocked.

However I still see ads on sites like washingtonpost.com

#4

Some troubleshooting pointers/tools here:

#5

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 663/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 508/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 647/sshd
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 523/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 663/lighttpd
tcp6 0 0 :::53 :::* LISTEN 508/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 647/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 508/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 618/dhclient
udp 0 0 0.0.0.0:1194 0.0.0.0:* 444/openvpn
udp6 0 0 :::53 :::* 508/dnsmasq

#6

I’ll get the client info when I get a chance.

???

#7

These ones that are necessary for proper functioning of Pi-hole look good as they, the daemons, are listening on all IP addresses "0.0.0.0 / ::" :

But OpenVPN is only listening to ipv4 if thats what you intended!

Duuuh ... you need to click on the link to see the whole posting :wink:

#8

My bad. Didn’t realize that you could expand the block.

So if you specify the router to only use PiHole for DNS (and if you’re running OpenVPN, only use PiHole for DNS as well) then there is no way for clients to use anything but PiHole. Correct?

#9

I believe your doing it wrong.
You probably configured the WAN DNS part of the router to point to the Pi-hole IP.
Do you have a screenshot ?

Proper way is to push the Pi-hole IP address as a DNS server to its clients through the DHCP service on the router or use Pi-hole's DHCP service.
Same for OpenVPN, openvpn needs to push the "tun" interface IP address through DHCP to its clients to be used for DNS.
All the Pi-hole daemons will be waiting listening on whatever IP because they listen to all 0.0.0.0.

Have you read that OpenVPN howto ?
Am a bit rusty as been a while for me with openvpn.

EDIT: Ohw and the "nslookup" commands on the clients will tell what DNS server(s) they use.
And linked to the howto :wink:

#10

image
image1668×2224 194 KB

This is the only place to set DNS on my router.

#11

Thats indeed the WAN part of the router.
This is a solution : "When You Cannot Change LAN/DHCP Options In Your Router"

#12

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.