Expected Behaviour:
Set the DNS Servers to the Pi-Hole's IP under DHCP server and ads are blocked and the Internet works.
Actual Behaviour:
When the DNS Servers are set to the Pi-Hole's IP under DHCP server, the Internet drops almost instantly. Switching back to default DNS Servers restores the Internet. I do not have an option to turn off DHCP on my router.
Running a Raspberry Pi Zero W which connects to my Wifi network (no problem). Set both primary and secondary DNS under DHCP, plus just primary and the same result. I am using an TP-Link M5 Deco Mesh Router which is connected directly to a cable modem. The router is connected to a TP-Link TL-SF1005D switch so I have enough ethernet ports for various devices.
The debug log is showing a failure to resolve when using that address.
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] ads.araba.com is 192.124.249.18 via localhost (127.0.0.1)
[✗] Failed to resolve ads.araba.com via Pi-hole (192.168.68.112)
[✓] doubleclick.com is 172.217.164.238 via a remote, public DNS server (8.8.8.8)
It does appear that some clients have used this Pi-hole in the past:
[2020-02-16 01:25:18.490 1921] Imported 2137 queries from the long-term database
[2020-02-16 01:25:18.491 1921] -> Total DNS queries: 2137
[2020-02-16 01:25:18.491 1921] -> Cached DNS queries: 277
[2020-02-16 01:25:18.492 1921] -> Forwarded DNS queries: 1405
[2020-02-16 01:25:18.492 1921] -> Exactly blocked DNS queries: 455
[2020-02-16 01:25:18.492 1921] -> Unknown DNS queries: 0
[2020-02-16 01:25:18.492 1921] -> Unique domains: 588
[2020-02-16 01:25:18.492 1921] -> Unique clients: 9
[2020-02-16 01:25:18.493 1921] -> Known forward destinations: 4
[2020-02-16 01:25:18.493 1921] Successfully accessed setupVars.conf
I should add that 192.168.68.112 is the IP address of the Pi Hole which has been reserved on the router. Running the dig pi hole command yields the following result.
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> pi.hole @192.168.68.112
;; global options: +cmd
;; connection timed out; no servers could be reached
Are you running any kind of firewall that would prevent DNS queries on the Pi-hole to itself to fail? What is the output from ip -4 address show on the Pi-hole device?
/etc/unbound/unbound.conf.d/pi-hole.conf is a file you have to edit. The guide shows the content of the file as it needs to be when edited. Try editing that file sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf or using your favorite editor.
Ok I ran the sudo command and now when I run the ping tests that the Unbound guide says to run, I get the expected results.
Now Sudo systemctl status --full --no-pager unbound shows:
unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-16 17:37:20 GMT; 7min ago
Docs: man:unbound(8)
Process: 5180 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 5183 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Main PID: 5187 (unbound)
Memory: 4.8M
CGroup: /system.slice/unbound.service
└─5187 /usr/sbin/unbound -d
Feb 16 17:37:19 raspberrypi systemd[1]: Starting Unbound DNS server...
Feb 16 17:37:20 raspberrypi package-helper[5183]: /var/lib/unbound/root.key has content
Feb 16 17:37:20 raspberrypi package-helper[5183]: success: the anchor is ok
Feb 16 17:37:20 raspberrypi systemd[1]: Started Unbound DNS server.
Feb 16 17:37:21 raspberrypi unbound[5187]: [5187:0] info: start of service (unbound 1.9.0).
And dig pi.hole gives me:
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> pi.hole @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55917
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi.hole. IN A
;; ANSWER SECTION:
pi.hole. 2 IN A 192.168.68.112
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 16 17:45:42 GMT 2020
;; MSG SIZE rcvd: 52
Ok I loaded cnn.com on a browser with no ad-blocker installed. I see "paid partner content" both on the right and near the bottom. See example attached.
One thought: do I need to restart (either the PC or my connection to the network) in order to get the benefits of Pi-Hole after setting the DNS?
From the client on which you loaded this web page, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of