*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] videosalesfactory.com is 0.0.0.0 via localhost (127.0.0.1)
[✓] videosalesfactory.com is 0.0.0.0 via Pi-hole (192.168.29.70)
[✓] doubleclick.com is 216.58.203.14 via a remote, public DNS server (8.8.8.8)
*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] tomasz-madej.pl is :: via localhost (::1)
[✗] Failed to resolve tomasz-madej.pl via Pi-hole (2405:201:2:104d:86e3:3113:cbca:62c6)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)
I assume that the dns query was resolved via google dns here.
Not sure why dns server list has 8.8.8.8 since pi hole is the dhcp server. Not sure who is responsible for declaring dns servers to be used, but I assumed that dhcp as pi hole would force all requests to go via pi hole.
I have tried all other help requests for this subject and couldnot find a right solution.
I went to advanced section of wifi menu on my android phone. There it states all details such as IP address, DNS and MAC address. Got the dns from there.
Wifi is configured to use dhcp and not static. Is it possible that my phone (Oneplus 7t) uses hard coded dns servers?
Is there a configuration where I can check if pi hole is using a secondary dns?
My phone should not be on previous dhcp lease as I have disconnected and reconnected to wifi multiple times after making my pi hole as dhcp server.
Also, dig pi-hole.net was done on the raspberry pi itself where pi hole is installed. So 8.8.8.8 as dns server is seen on my phone and also on the rpi.
Indeed, a precursory search for OnePlus on the net seems to confirm some OnePlus models add 8.8.8.8 (or others) as DNS servers, with a tendency to prefer those over local ones.
You could either try to redirect outbound DNS traffic to Pi-hole on your router, or have your router block outbound DNS traffic for any device in your network (apart from your Pi-hole machine, of course), or block access to 8.8.8.8 in your router's firewall.
If your router supports none of the above, your OnePlus will always be able to by-pass Pi-hole.
Yes, I did a Google search to find that this is indeed possible, not sure why tho.
I am now forcing my phone (via static settings and not dhcp) to use my pi hole both as primary and secondary dns server. It then does not use 8.8.8.8.
Can pi hole declare itself both as primary and secondary dns server somehow?
I tried above suggestions but I dont think my router is able to do any of these. It does have a firewall rule but could not get it working.
Using static settings on my phone seems to work. Will reserve the IP for it on pi hole.
Because the phone's OS sets this by default.
You'd have to reason with OnePlus why their phones do that.
This is good as long as your phone is connected to your home wifi network.
It may not work when you connect your phone to a different wifi network or to mobile data, as your Pi-hole is available on your home network only.
That's an interesting thought.
Off the top of my head, I wouldn't know how pihole-FTL (Pi-hole's embedded dnsmasq) would react to stating multiple identical IPv4 addresses as DNS DHCP option, but you can certainly give this a try.
You'd need to create a custom configuration for dnsmasq, e.g.
sudo nano /etc/dnsmasq.d/42-multi-dhcp-dns.conf
and add the following line:
dhcp-option=option:dns-server,0.0.0.0,0.0.0.0
Note that Pi-hole's DHCP server will translate 0.0.0.0 to its host machine's current IPv4 address for clients requesting that option via DHCP.
Verify your configuration is still valid:
pihole-FTL dnsmasq-test
If it doesn't come back OK, check the file content for typos.
Then apply the settings to your Pi-hole by running:
However, we do not know for sure what your smartphone is doing exactly.
If it would just fill in 8.8.8.8 as secondary if none is provided, all would be fine.
If your smartphone would always add 8.8.8.8 to the list of DNS servers (in this case, as a third), it may still use that from time to time, and maybe even without showing that third DNS in its settings.
So for the next few days, keep watching if your smartphone would still by-pass Pi-hole occasionally.
In general, all of dnsmasq's options are applicable to Pi-hole, as long as they do not conflict with any of Pi-hole's own options.
It might be a good idea to add some comments (starting with #) to your custom configuration file, so you still know why it's there if you look at it again in a year's time.
Just confirming, after 4 days of making the changes mentioned by Bucking_Horn, that adding the second DNS does eliminate ads on my OnePlus device. I can be certain when I say that no tertiary DNS is set by the device. No ad leaks found yet.
