Pihole works briefly and then allows ads through

The issue I am facing:

After updating gravity (or restarting my machine), ads are blocked. After awhile, the ads appear again.

Details about my system:
I am running pihole and a Motorola MG7700 modem/router. This model does not allow me to set IPv6 DNS Address, so I've set "eRouter Provisioning Mode" to "eRoute_IPv4only". I see that in my debug: https://tricorder.pi-hole.net/lA87ib93/
... that doubleclick ipV6 shows an issue. I'm wondering if perhaps this is the issue? I'm just not sure how to fix it.

What I have changed since installing Pi-hole:
I haven't really changed anything. As I mentioned, it works for awhile and then reverts back to allowing ads.

Though IPv6 may well have an impact on your observation, that message is not an issue: It just indicates that your Pi-hole host machine has no public IPv6 connectivity.

This is further confirmed by your network interfaces only carrying link-local IPv6 addresses, i.e. public GUA IPv6 addresses are absent:

*** [ DIAGNOSING ]: Network interfaces and addresses
   2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
       inet 192.168.0.40/24 brd 192.168.0.255 scope global noprefixroute eth0
          valid_lft forever preferred_lft forever
       inet6 fe80::<redacted>8c/64 scope link 
          valid_lft forever preferred_lft forever

However:

Even with only link-local IPv6, your router may advertise its own link-local IPv6 as DNS server, allowing IPv6-capable clients to by-pass Pi-hole.

You should verify what DNS servers a client is aware of, e.g. by runnning ipconfig /all on a Windows client. Check the DNS server section for IPv6 addresses and verify whether they would match one of your Pi-hole host machine's.

But before you investigate, you want to check your sd card, as your debug log shows signs of file system corruption:

-rw-r--r-- 1 pihole pihole 23M May 25 23:17 /var/log/pihole/FTL.log
   -----head of FTL.log------
   25081] bcm2708_fb soc:fb: FB found 1 display(s)
   Jul 24 19:55:59 raspberrypi kernel: [    1.333684] Console: switching to colour frame buffer device 90x30
   Jul 24 19:55:59 raspberrypi kernel: [    1.339786] bcm2708_fb soc:fb: Registered framebuffer for display 0, size 720x480
   Jul 24 19:55:59 raspberrypi kernel: [    1.344815] bcm2835-rng 3f104000.rng: hwrng registered

The above should contain lines from list /var/log/pihole/FTL.log, but its shows system log messages from your system's boot sequence instead.

Furthermore, some debug log information is just gibberish:

*** [ DIAGNOSING ]: Pi-hole log
-rw-r----- 1 pihole pihole 17M May 25 23:17 /var/log/pihole/pihole.log
   -----head of pihole.log------
   .168.0.202:p  .168.0.202:p�'192.168.0.213;+N'192.168.0.201;+L=fe80::9ffb:98e:c1ab:1f8c;+g'192.168.0.2383 '192.168.0.236;I'192.168.0.246;+
   �
   U
   �	�	�	2

If this is an old sd card, you should probably replace it.

You may also want to to check your system logs for recent occurences of under-voltages:

zgrep -ni “voltage” /var/log/syslog*

If that returns some respective warnings, you may also have to consider swapping your PSU.

Wow, this is fantastic information. Thanks so much Bucking_Horn. I will try these and report back here.

You surely have file system issues here (e.g. corrupted SD card).

   2023-05-25 22:09:26: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:28: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:30: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:31: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:32: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:33: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:33: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:33: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15
   2023-05-25 22:09:34: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  SQLite3::querySingle(): Unable to execute statement: database disk image is malformed in /var/www/html/admin/scripts/pi-hole/php/gravity.php on line 15

Thanks for the help. I tried the following, but the Pihole still only works intermittently:

I got a new SD card and installed a fresh copy of Raspbian with Pihole. I updated the dhcpcd.conf file to use a static IP address 192.168.0.2/24 and updated the router to use that for IPv4 DNS. I disabled IPv6 like before.

I've uploaded the debug log here: https://tricorder.pi-hole.net/NEQxUKC0/

I'm on a Mac and can see in my Network settings in System Prefs for DNS that my DNS server is in fact 192.168.0.2, so that seems correct.

Mac doesn't have ipconfig in terminal but I can run nslookup. Oddly, when I run it against one of the domains in the default Pihole blacklist (wizhumpgyros.com), it hits the correct DNS, but returns the actual IP address, whereas I think it should return a localhost IP instead:

$ nslookup wizhumpgyros.com
Server:		192.168.0.2
Address:	192.168.0.2#53

Non-authoritative answer:
Name:	wizhumpgyros.com
Address: 82.192.82.227

This is also confirmed when I hit that URL in the browser -- I go directly to the page and it is not blocked.

On mac/linux, there is ifconfig. I'm not sure if it helps:

$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
	inet 127.0.0.1 netmask 0xff000000
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether f2:71:89:26:9c:c1
	inet6 fe80::f071:89ff:fe26:9cc1%anpi1 prefixlen 64 scopeid 0x4
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether f2:71:89:26:9c:c0
	inet6 fe80::f071:89ff:fe26:9cc0%anpi0 prefixlen 64 scopeid 0x5
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether f2:71:89:26:9c:a0
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether f2:71:89:26:9c:a1
	nd6 options=201<PERFORMNUD,DAD>
	media: none
	status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 36:2a:4f:77:ed:40
	media: autoselect <full-duplex>
	status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=460<TSO4,TSO6,CHANNEL_IO>
	ether 36:2a:4f:77:ed:44
	media: autoselect <full-duplex>
	status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether 36:2a:4f:77:ed:40
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x0
	member: en1 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 8 priority 0 path cost 0
	member: en2 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 9 priority 0 path cost 0
	nd6 options=201<PERFORMNUD,DAD>
	media: <unknown type>
	status: inactive
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether be:3e:53:96:71:72
	media: autoselect
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
	ether 9c:3e:53:96:71:72
	inet6 fe80::1069:94d7:b861:fdc2%en0 prefixlen 64 secured scopeid 0xc
	inet 192.168.0.248 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
awdl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
	ether 8e:a6:4f:96:f0:f7
	inet6 fe80::8ca6:4fff:fe96:f0f7%awdl0 prefixlen 64 scopeid 0xd
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=400<CHANNEL_IO>
	ether 8e:a6:4f:96:f0:f7
	inet6 fe80::8ca6:4fff:fe96:f0f7%llw0 prefixlen 64 scopeid 0xe
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::e24b:1d0f:91f7:6979%utun0 prefixlen 64 scopeid 0xf
	nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
	inet6 fe80::fa89:b9d4:6d89:743f%utun1 prefixlen 64 scopeid 0x10
	nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
	inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x11
	nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::d14d:f6f5:d59c:9725%utun3 prefixlen 64 scopeid 0x12
	nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::60f1:784c:adc0:10b5%utun4 prefixlen 64 scopeid 0x13
	nd6 options=201<PERFORMNUD,DAD>

The debug log shows Pi-hole is blocking domains from the list, returning 0.0.0.0:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] stationmontaran.netlify.app is 0.0.0.0 on lo (127.0.0.1)
[✓] stationmontaran.netlify.app is 0.0.0.0 on eth0 (192.168.0.2)

Are you sure your browser is using Pi-hole as DNS server?

Maybe not, but I'm trying on both Chrome and Firefox with the same results. Maybe they now have their own DNS? I did turn off "Use Secure DNS" in Chrome as I'd read that Chrome uses 8.8.8.8... but I shouldn't have to modify settings on each individual browser/device, right?

While monitoring Pi-hole's Query Log, please run and share the result for

nslookup flurry.com

Did that DNS request register in Pi-hole's Query Log?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.