First, your blocking rate is expected to fluctuate, as it entirely depends upon the traffic that your clients generate, like your browsing habits on a PC, or an IoT device peaking on running its weekly updates or a "smart" TV showing a massive increase in DNS requests when streaming media while keeping a somewhat lower profile otherwise, etc.
By no means is a blocking rate an indication of Pi-hole's level of operation.
A blocking rate of 100% doesn't mean Pi-hole is 100% effective, but would rather give you the same browsing experience as pulling the plug on your router.
And then again, if none of your clients were using Pi-hole for DNS, your blocking rate would be zero, no matter the size of your blocklists.
A drop in blocking rates may indicate your clients may bypass Pi-hole sometimes, or some of your clients have stopped using it at all.
But just as well you may simply observe your network during a quiet period.
It's impossible to reliably assess this without having carefully scrutinised your past and present DNS traffic.
(I'm mentioning this more for the benefit of the casual reader observing fluctuations of blocking rate. That observation by itself is perfectly normal.)
Now that that's out of the way, you should focus your efforts on ensuring hat Pi-hole is the only DNS server for your clients.
Once that is working as expected, you may then consider adding additional blocklists or upstream servers like cloudflared for DoH.
Your desciption of your IPv6 address configuration might allow us to guess that your devices may bypass Pi-hole using IPv6, but your nslookup
shows that the machine you have run that command from is not even using Pi-hole's IPv4 address as DNS server, but rather 1.1.1.1
.
That's unexpected, as your DHCP server is correctly distributing Pi-hole's IPv4 as local DNS server:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
* Received 300 bytes from wlan0:192.168.0.1
Server IP address: 192.168.0.1
DHCP options:
Message type: DHCPOFFER (2)
lease-time: Infinite
dns-server: 192.168.0.169
dns-server: 192.168.0.169
router: 192.168.0.1
--- end of options ---
But note that your router is handing out a DHCP lease of Infinite
validity.
If that has been the case before your changed DNS servers in your router, your clients would never request a new DHCP lease and update their information, unless you force them to do so (e.g. by power-cycling them).
If that nslookup
was run from your Pi-hole machine instead, that would be ok then:
The Pi-hole host machine may use any DNS you prefer without interfering with Pi-hole's correct operation.
To verify your clients are using Pi-hole, please post the output of the following commands as run from a client machine:
nslookup pi.hole
nslookup flurry.com