Websites not loading on mobile device

Expected Behaviour:

Loading webpages fast, for example: wetter.com, heise.de, ... on mobile device (iPhone 6S plus)

Actual Behaviour:

On my desktop PC (windows and linux too) the top named pages are loading fast and very well.
On my iPhone (tested with Safari and Chrome both) this named pages does not load ... still a loading blank page.
Have anyone a workaround or an idea?
Notice: Port 80 and 443 are open, if is 443 rejection the issue still exists. Issue is on mobile device only.

Debug Token:

My debug token is: 1dnnnzefns

Have you tried checking the log (pihole -t or the query log) when you load the page?

I had check it now. I see that some domains (most CDN calls to JS-tools) are blocked just in this moment.
Also I get a white page (blank) on my smartphones screen and its just loading.


But trying it on my desktop computer there is no issue to load the page the resources are just blocked as expected.

Have you tried whitelisting any of the blocked domains?

Of course I have. It have the same result as I use another DNS server: Page is loaded fast and well but also the not wanted content :wink:
I can not be the solution to allow all domain names there are issues with.

Question: Is this on wifi or cellular comms?

Looking at your debug log, I think it appears you're forwarding port 53 so you can access it from outside your network.......?

1 Like

On both. The DNS pihole is used by both. When I use not my pihole or disable it, its working well.

And yes I using pihole also for outside my (local) network ( but there is all fine :wink: ).

I had done some new tests. But it no one of it does fix the named issue. Down below more details about it:

Enviroment

  • I had tested it on some other desktop computers too. With Chrome / Chromium there are no issues detected. With Firefox the named issue is detected. Firefox need some times (approx. 23 seconds) to realize the content or DNS is not reachable and after this continue to the next request. This issue is reproduceable on some other websites. The tested Firefox version is 56.0 (64-Bit).
  • The issue does still exists on Apple devices (the initial request). Here does Safari and Chrome answer the same, the page is (blank) and does not load or is trying to load but does not respond finally.

Tested domains (including blocked content)

Debug token

I have also create a new debug token for you guys: tih5tkttym

Finally

On my desktop PC or notbook the issue is not present with Chrome. I think it't not a Pi-hole produced issue, but we need to figure out whats the issue and fix it or find a workaround for it. Otherwise Pi-hole isn't usable for me and I think also some other users. Thanks for your attention and your help guys.

Additional edit:

Some of my friends have tested the DNS server too. For other Apple devices the issue is reproduceable and still exists.
It also was tested by Android 7.1.1 with Chrome 61 and Firefix (stable) the issue does not appear.

If I might ask, why did you decide to open up your Pi-hole setup to the public ?
Where did you read or who told you this was a smart move ?
Do you have any other experience with running publicly available services ?

It is strongly advised not to port forward your Pi-hole DNS service to the public as without protection, your setup can be abused to mount an attack on some other poor victim:

https://umbrella.cisco.com/blog/2014/03/17/dns-amplification-attacks/

Who knows your troubles might be caused because your setup is compromised.

Yeah. Thank you support.
This was not my question. This thread is to identify, verify and solve the issue I have detected. Even not to start a basic discussion about generally security of use an DNS server public or DDoS-reflection-attacks.

But to answer your question, I use it to public access it from everywhere (But please don't tell me about all the risks).

See above comment ^^^

Ps. I am not support but just a fan of Pi-hole.

You can achieve similar if you setup openVPN on Pi-hole for your devices to dial in (see link below).
A VPN tunnel is way more secure and not susceptible to reflection/amplification attacks.

I think it's a problem with iOS 11. You can try to make a "Fake-VPN" which overrides the default DNS-Server or if you've an old iPhone, which don't installed iOS 11. Under Android, it works fine with Fake-VPN (Cellular and Wi-Fi) and Static-IP (Wi-Fi).

@promarcel Were you able to fix this? As i am having the exact same issue (see also here. I tried opening the sites you mentioned (wetter/heise) but both won't load (or take multiple minutes) on my iPhone with iOS 11.2.6.

I am also beginning to think that it is a iOS 11 problem (like @TomSDEVSN said).

I was able to load wetter.com but heise.de did take significantly longer.

@ThinkPad @jacob.salmela As @TomSDEVSN have described there seems to be an issue in iOS to handling DNS refuses or unreachable DNS requests. Modern browsers on a desktop PC do ignore this and continue to loading the page. iOS seems to do it the old way and is waiting before the connection will be timeout.

I've seem this issue was already reported to Apples bug bounty program so the one way for now is to wait about a change on iOS devices. In this time unfortunately pi-hole isn't usable for iOS devices.

That also what i thought, but i grabbed an Android phone and it also had issues on loading those example site.
So i'm not sure if it is totally iOS related.

I will spin up a new VM and do a clean install of Pi-hole, without any custom blocklists and will also not do the iptables stuff. I will let you know the result of this on iPhone and Android.

Interesting. Does Apple provide public links to their bugs?

Unfortunately no: https://stackoverflow.com/a/145223/5695820

1 Like

I found the issue. I only had allowed port 53 from my LAN to the Pi-hole VM in my firewall. Not 443 and 80.
So Pi-hole received the DNS-request, but was never able to reply on 80/443! It worked on my laptop because it was matched in a different rule (which allowed more ports).

After correcting this it now works very fast, even with a completely default Pi-hole (no iptables or whatsoever, default lists).

Are the iptables rules still needed?