The command it just on the Pi-hole server itself, the clients should be redirecting their requests for blocked domains to the Pi-hole server, and seeing the REJECT on port 443, they should be immediately stopping the attempt at rendering the asset and continue on with the rest of the page.
Can you post your iptables configuration?
sudo iptables -nvL and sudo ip6tables -nvL and lets see what is configured.
I tried to install unix OS (no Windows OS) on another virtual machine, set DNS to pihole and go to on problamatic webpage and ? It works... no timeout error, only connection refused. Webpage loaded quickly.
It means, that problem is on windows side, or windows OS dont know REJECT ? Can anyone test it ?
I found it, but i dont know, how to fix it.
Pi-hole REJECT connection only for clients in the same address range as he is. Pi hole answer for all clients on http, but on https no.
There should be no restrictions on the private network.
Websites pihole work well for everyone, DNS too..
I ran into a similar problem. I'm using IPv4 only. Mac and Linux clients would get an immediate "connection refused" for pi-holed https resources, but the same request from a browser on Windows would hang for ~20 seconds before timing out. I was using the iptables REJECT rule given above on the pi-hole server.
However there are several ways to reject a connection. By default iptables will send an ICMP port-unreachable, which Windows seems to ignore. I modified the rule to be iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset which fixed the problem for Windows clients as well as the others.
Possibly Windows Firewall was blocking the incoming ICMP packet and adjusting its inbound rules would have fixed this also.
Yes, I wanted to reject port 443 on ipv6 as well but I'm not familiar with writing rules
I've started receiving ipv6 from my ISP this week. Since then I'm experiencing some loading time issues, which seem to go away when pihole's on v4 only. That's why I'm reading all these "slow sites" "slow loading" threads, which I never cared for when I was on IPv4 only, hehe.
I wanted to chime in on a similar issue I had, and this was one of the top Google hit for my searches.
I had the same behavior with blocked scripts preventing the page from loading, until Chrome timed out the script. Then the page loaded quickly, but only after waiting 20+ seconds. I don't have IPv6 enabled anywhere.
My router detected a IP conflict on my network and changed the internal IP addresses from default 192.168.0.x to 10.0.0.x. Even after a Pi restart, the Pihole web interface reported the old address - but the Pihole still successfully blocked ads, just very slowly.
I ran the configuration script with pihole -r and it picked up the new IP address - and all is well again. Thanks for everyone's work on Pihole.
I also had the same issue. I am running pi.hole within an LXC container on a virtual machine in the cloud. I was forwarding port 53 for DNS lookups so I could use the external IP address of the virtual server as my local DNS server on my home machine.
I hit the timeout problem too because any blocked domains were actually resolving to the pi.hole IP address used when I configured pi.hole. Of course, my home LAN cannot "see" the LAN that pi.hole resides in, hence the long timeout.
To rectify, I reconfigured pi.hole and specified the external/globally reachable address of the virtual server with a /32 mask. This did the trick. Now my home PC addresses the pi.hole on the correct external server IP and my firewall there simply REJECT's the incoming connections immediately.
Is it possible to config the piholed answer IP? To answer with 127.0.0.1 for a piholed domain instead of pi-holes own static IP?
Pi-hole IP: 192.168.0.2
normal dns Resolution für an ad: ad.domain.com 192.168.0.2
solution for all slow loading times: ad.domain.com 127.0.0.1
Or is there any reason that forbid the IP 127.0.01 as answer for piholed Domains?