The issue I am facing:

Sorry, but I've been thrown into this a bit feet first, kinda.

I have a Ubuntu machine as my main machine and most of the tests are done from there.
Never really tested until now, but I have blocked that lovely site bookface - as an example.
I can NOT get to it from Firefox. "Unable to connect". Which is good.
But if I open a teminal and type ping facebook.com this happens:

ping facebook.com
PING facebook.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.018 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.027 ms
^C
--- facebook.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
rtt min/avg/max/mdev = 0.018/0.022/0.027/0.004 ms

Ok, good it isn't REALLY getting there. It is getting/going to 127.0.0.1
But how/why?

What I know:
A local file /etc/hosts over-rides the DNS. Got that.
But there is no entry on THIS machine in that file for that site.

Looking on PiHole's machine:
/etc/hosts same.
So I'm stuck only out of curiosity, and just now I have enough problems trying to get my new network working.

Details about my system:
(Which system do you mean?)
RasPi 2B running PiHole. Buster.
PiHole is up to date.

THIS machine is a NUC running Ubuntu 22.04 and up to date maybe give or take a couple of days.

What I have changed since installing Pi-hole:
I've never really needed to do this/that before.
I am running PINGs to test if the sites are being blocked on the new network and am getting wrong results as the site CAN be pinged. But it is being blocked.

That makes it hard(er) to know if thing are or not working as I want.

Side note:
This new network is BELOW the existing one. (Yeah, NAT..... I hope that isn't a problem)
But until I get it working that's where it is staying.
Side note2:
Even if I move THIS machine up 1 level on the network I (Onto the older network) I can still PING blocked sites.
So I don't think it is anything to do with the new network.

Sorry, this may be outside the scope of PiHole, but I am way out of my depth with how to find what is going on and how this is happening.

If I dig to facebook.com it is clearly blocked at PiHole.

dig facebook.com

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15228
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;facebook.com.			IN	A

;; ANSWER SECTION:
facebook.com.		2	IN	A	0.0.0.0   <--  This is pihole blocking it - yes?

;; Query time: 4 msec
;; SERVER: 192.168.0.83#53(192.168.0.83) (UDP)  <-- Well this is PiHole's IP address.
;; WHEN: Tue Nov 22 14:03:27 AEDT 2022
;; MSG SIZE  rcvd: 57

Anyone?

It's actually doing exactly what it's supposed to. You can't ping 0.0.0.0 because 0.0.0.0 doesn't exist, so you get 127.0.0.1 as a substitute.

PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.022 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.023 ms

edit: networking - While pinging 0.0.0.0 , it actually gives pings from 127.0.0.1 ,Why? - Server Fault

Thanks Dan,

So I am confused in how this works.

If I type facebook.com into the browser and it is blocked, the browser gets back ip address 0.0.0.0 and the browser sees that is "Not available" - or something like that.

So when I PING facebook.com form the terminal/CLI: Why aren't those requests just sent to the black hole and it comes back "not available"?

So it is correct that I get back PING replies from blocked sites. Please confirm, just so I am sure I understand.

Is there a way to send pings to blocked sites to the black hole?
It would help me where I am at with my long and painful journey into networks.
Thanks though.

It seems that my explanation was a bit off.

ping handles 0.0.0.0 as 127.0.0.1 because that was how it was written, and there's some technical reasons and RFCs involved that boil down to "because..."

Now, to work on the solution to your situation:

Why not duplicate what your browser is doing to check if the domain is being blocked?

Something along the lines of:

dan@Viking:~$ tail -n 1 /etc/hosts
0.0.0.0 facebook.com
dan@Viking:~$ sudo ping -c 3 facebook.com
PING facebook.com (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.017 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.022 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.023 ms

--- facebook.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2064ms
rtt min/avg/max/mdev = 0.017/0.020/0.023/0.002 ms
dan@Viking:~$ curl facebook.com
curl: (7) Failed to connect to facebook.com port 80: Connection refused
dan@Viking:~$ curl https://facebook.com
curl: (7) Failed to connect to facebook.com port 443: Connection refused

Thanks @DanSchaper for that better explanation.

Not that I don't like the answer, I now understand better the situation.
Adding lines like that to /etc/hosts would be painful if I did it for all hosts I blocked.
Though I could do it for that one if only to help with my network testing.
(Ok, I feel I just shot myself in the foot there.)

And now to show how dumb I am......
I put the line in my /etc/hosts (on the PiHole machine) with:
0.0.0.0 facebook.com
Just under all the other named devices on/in my network.

I tried the PING command it is still giving me 127.0.0.1
I'm guessing I need to restart something?

exert from the file:

192.168.0.254   gateway
0.0.0.0         facebook.com

127.0.0.1	localhost
::1		localhost ip6-localhost ip6-loopback
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters

I only added facebook.com to the hosts file to show what things look like with facebook.com blocked by Pi-hole. You wouldn't add anything to the hosts file, just use Pi-hole as the DNS.

Here's maybe a clearer example.

dan@Viking:~$ dig +short flurry.com
0.0.0.0
dan@Viking:~$ curl flurry.com || echo "Blocked"
curl: (7) Failed to connect to flurry.com port 80: Connection refused
Blocked
dan@Viking:~$ curl github.com || echo "Blocked" && echo "OKAY"
OKAY

Edit: To be clear, ping is written to use 127.0.0.1 as a replacement for 0.0.0.0. Anytime you ping 0.0.0.0 you will see 127.0.0.1 as a response with a successful ping.

From the terminal/CLI, what is the complete output of the following:

dig facebook.com

I posted the reply to that in the first post.

dig facebook.com

; <<>> DiG 9.11.5-P4-5.1+deb10u7-Raspbian <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32620
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;facebook.com.			IN	A

;; ANSWER SECTION:
facebook.com.		2	IN	A	0.0.0.0

;; Query time: 2 msec
;; SERVER: 192.168.0.83#53(192.168.0.83)
;; WHEN: Tue Nov 22 15:57:17 AEDT 2022
;; MSG SIZE  rcvd: 57

Ok, I added a couple of comments only to point out lines of interest.

When you type "facebook.com" on the browser, the browser doesn't know the IP, so it needs the DNS server to translate it.
If the domain is blocked, pi-hole will answer if 0.0.0.0 and the browser is programed to show "Not available" in this case.

With ping is the same.
It asks the DNS server "What is the IP for facebook.com" and receives 0.0.0.0, but ping is programmed to show a different response (It shows 127.0.0.1 in this case).

Edit:
The answer provided by Pi-hole for blocked domains is always 0.0.0.0.

Not always, that's configurable.

Yes, and again: Thanks. I have ever so slightly increased my knowledge.

@DanSchaper sorry, but your better example seems just as confusing.

(All)

I believe Dan says there is a way to block PINGS also to a blocked site.
He tried to explain it but I'm not seeing how to do it. I took the example too literally.
But then realised that for THIS example (bookface) I can make the PINGS go to the black hole.
That would suite my purpose for the program I am using to test my network.
(Pathetic I know, but....)

Sorry, while typing I've seen a few more replies, so if I step on toes, it isn't I meant to.

So with that site a GIVEN blacklisted site how/what do I do to make PiHole send PINGs to 0.0.0.0 also?

I accept this may be a hack but it may help me better establish a base line for future testing on my network if I can get this working as described.

I don't know if I want to open that can of worms.

I was thinking of making a ... site on the PiHole machine if possible to which any blocked addresses are sent.
But I was told that is a can of worms that I don't want to open.
And just now I am in a lot of worms already. I may want to put that off until a future time.

No you can't. In the default configuration Pi-hole returns 0.0.0.0 as the IP of a blocked domain. Because of how ping is written any time you ping 0.0.0.0 you will get a successful ping with the address of 127.0.0.1.

Ah, ok. Sorry. That 's my bad on how I parsed what you said.
Drats.
So I'm kinda stuck that there is no way to block PINGS to blocked sites. That kind of puts a big hole in a sail on the boat. But it is what it is.

You could do that, technically, and that would use a different configuration of Pi-hole. The problem you run in to is that most sites now use https or TLS, and you can't redirect a webbrowser off say https://facebook.com to http://hostedon.pi.hole without a security warning. Is that the direction you were looking at?

Ok, thanks. no.

That sounds too complicated.

I was just wanting a site that kind of would say "Not going to happen!"

Just curious - why do you want to do this? What software are you running that is pinging domains, and particularly blocked domains?

We used to have a blockpage that was meant to do just that. We removed it because it's not something that works on the modern web anymore.

(You asked)

I got curious and so bought a bigger/better router that supports VLANs - or multiple local networks. Not sure they are the same, but .....

I am having a lot of trouble getting the DHCP working. Until now I was a FIXED/STATIC IP person.
But because of (now) having multiple IP ranges, it was suggested I set all networks with DHCP and let the DHCP server do the work for me.
Then I just plug the devices in and can later RESERVE the IP addresses for infrastructure devices.
That is a good idea, but someone isn't playing the game and I have no end of trouble gettig it working.
Because I don't have a spare $600 to buy a network tester that tells you the gateway, DNS, IP and all that fancy stuff, I got a RasPi and tried (note: TRIED) to make my own.

Every 5 seconds it sends out a request and gets:
the local IP address
the gateway
the DNS server
It also sends out PINGs to: (via IP address, NOT name)
the managed switch into which it is plugged.
the new router
a couple of devices on my old network
my network's MAIN gateway
google
google by name
a blocked site (guess which one)

If something isn't ping-able, I get a false reply and I show it is DOWN.
If something IS ping-able, I get the time (who cares) but that shows me an UP.

It is a bit confusing that it is getting PING replies from banned sites.

Why am I doing this?
To be sure I am using PiHole when the DHCP packet is received and the machine starts to test the network.

Complicated I know.
But that's the story.

The debug log in Pi-hole tells you all of this for free.