What blocking percentage should I be getting?

  • Dell OptiPlex 7040 Micro - Intel i5 6500T 2.50GHz; 16GB DDR4 RAM; 500GB PCIe 3rd Gen SSD
  • Ubuntu running Pi-hole [v5.15.5] | FTL [v5.21] | Web Interface [v5.18.4]
  • Setup as follows Ethernet Broadband Connection --> TP Link Router Archer VR500v --> Tenda Nova MW3 Mesh
  • Dell Optiplex 7040 running pihole is connected to the TP Link Router
  • Tenda Nova Mesh is broadcasting a separate wifi network to which most devices on the home network are connected.

Expected Behaviour:

Expecting to be getting around 8-25% queries blocked based on what people have on youtube/google images

Actual Behaviour:

Getting 0.1% of queries blocked (was getting around 10% yesterday)

Debug Token:

https://tricorder.pi-hole.net/zeqLQ4lF/

Some Adlists are giving Adlist with ID X was inaccessible during last gravity run. Not sure if this is affecting the percentage - however this has only been in the last 1-2hrs and I am under the impression the stats shown are for the last 24hrs.

edit: I have noticed now that when I go to speedtest.net the ads are not being blocked - these were being blocked before


**EDIT: based on the help received below - the problem was that I had created custom groups but not assigned any of these custom groups to my adlists. Once assigning all my devices back to default group the blocking was working.

The "adlist with ID X was inaccessible during last gravity run" problem was resolved by going to tools > gravity update as per chrislph advice.

Many thanks to jfb, rdwebdesign and chrislph for their quick responses and helping me address the issues!!!**

It can vary a lot depeding on the domains being queried/visited and which ones are blocked and the time of day, usage patterns and so on. Mine is currently at 10.2% and was at 40% yesterday and 4.5% this morning.

A couple of things to try:

  • Click on the adlist URL on that page. That will load it or download it in a new browser tab. Can you access any of them that way? That will at least show if they are indeed reachable or not.
  • Run Tools > Update Gravity again. Does it work this time around? Perhaps your internet connection was having a moment during the last run.
1 Like

This is not a reasonable expectation. Your browsing habits and clients are likely different than everybody else, and this is what drives the block percentage.

But, you are seeing ads where ads should not be seen, so let's see what your debug log shows.

First, Pi-hole is working, listening on the wlx90de8037b88e interface.

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] cabeles.com is 0.0.0.0 on lo (127.0.0.1)
[✓] No IPv4 address available on enp0s31f6
[✓] cabeles.com is 0.0.0.0 on wlx90de8037b88e (192.168.1.200)
[✓] doubleclick.com is 142.250.67.14 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Setup variables
    PIHOLE_INTERFACE=wlx90de8037b88e

Second, our test for DHCP server found nothing, which may indicate either a connectivity issue on the Pi or an inactive DHCP server.

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   DHCP packets received on interface lo: 0
   DHCP packets received on interface wlx90de8037b88e: 0
   DHCP packets received on interface enp0s31f6: 0

At the time of your debug log generation, Pi-hole was receiving queries and they were being resolved by the upstream resolver:

   Mar  6 13:01:46 dnsmasq[175677]: query[A] api.fe.amazonalexa.com from 192.168.1.36
   Mar  6 13:01:46 dnsmasq[175677]: cached api.fe.amazonalexa.com is <CNAME>
   Mar  6 13:01:46 dnsmasq[175677]: forwarded api.fe.amazonalexa.com to 8.20.247.20
   Mar  6 13:01:46 dnsmasq[175677]: reply api.fe.amazonalexa.com is <CNAME>
   Mar  6 13:01:46 dnsmasq[175677]: reply tp.72c8ecfaf-frontier.fe.amazonalexa.com is <CNAME>
   Mar  6 13:01:46 dnsmasq[175677]: reply dyip17mqh55r1.cloudfront.net is 18.67.116.122

It is likely that the client from which you are running Speedtest is not using Pi-hole.

From that client, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of

nslookup pi.hole

nslookup flurry.com

nslookup flurry.com 192.168.1.200

Don't set the upstream resolver for Pi-hole to the Pi-hole IP. This creates an endless loop.

    PIHOLE_DNS_1=8.26.56.26
    PIHOLE_DNS_2=8.20.247.20
    PIHOLE_DNS_3=192.168.1.200
1 Like

Hi Chris,
I tried them and they all direct to a text file that has the list of domains there. I'll try updating gravity again and see if there is any change...

edit: since updating gravity it has removed the red cross marks and the errors I was getting, so thank you for that! but I am still getting ads on speedtest.net

1 Like

Hi JFB,

I have removed the 192.168.1.200 custom dns. this was the response to the following commands:

**nslookup pi.hole**
Server:  UnKnown
Address:  192.168.5.1

DNS request timed out.
    timeout was 2 seconds.
Name:    pi.hole
Addresses:  fe80::62bd:3f6c:59fd:f9ed
          192.168.1.200

**nslookup flurry.com**
Server:  UnKnown
Address:  192.168.5.1

Non-authoritative answer:
Name:    flurry.com
Addresses:  98.136.103.23
          212.82.100.150
          74.6.136.150

**nslookup flurry.com 192.168.1.200**
Server:  pi.hole
Address:  192.168.1.200

Non-authoritative answer:
Name:    flurry.com
Addresses:  98.136.103.23
          212.82.100.150
          74.6.136.150

The first two commands show the client is using a DNS server at IP 192.168.5.1 (not Pi-hole).

The third command correctly got the query to Pi-hole (and Pi-hole answered). But the query is not blocked, so the client is not likely using the default group which is the only group with blocking assigned.

You have 5 client groups:

*** [ DIAGNOSING ]: Groups
   id    enabled  name                                                date_added           date_modified        description                                       
   ----  -------  --------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   0           1  Default                                             2023-03-03 01:03:29  2023-03-03 01:03:29  The default group                                 
   1           1  Computers                                           2023-03-04 13:13:47  2023-03-04 13:13:47                                                    
   2           1  Gaming_Consoles                                     2023-03-04 13:13:57  2023-03-04 13:14:15                                                    
   4           1  Mobile                                              2023-03-04 13:14:05  2023-03-04 13:14:05                                                    
   5           1  Networking                                          2023-03-04 22:25:27  2023-03-04 22:25:27                                                    

Which group is the client from which you made these nslookups assigned to?

*** [ DIAGNOSING ]: Clients
   id    group_ids     ip                                                                                                    date_added           date_modified        comment                                           
   ----  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1     1             D0:xxxxxxxxxxxxx                                                                                     2023-03-04 13:11:00  2023-03-04 22:25:40  TM-i5-11400F                                      
   2     4             24:1xxxxxxxxxxxxx                                                                                    2023-03-04 13:41:17  2023-03-04 22:25:38  TM-Galaxy_S9+                                     
   4     5             58:xxxxxxxxxxxxx                                                                                     2023-03-04 22:26:24  2023-03-04 22:27:26  Main TN MW3 Ethernet Receiver                     
   5     5             58:xxxxxxxxxxxxx                                                                                     2023-03-04 22:27:03  2023-03-05 11:14:45  Main TN MW3 Wireless Broadcast                    
   6     1             E8:xxxxxxxxxxxxx                                                                                     2023-03-04 22:36:23  2023-03-04 22:36:30  TM-Optiplex 7040-i5 6500          
1 Like

Hi JFB,
It will be from networking.
My router (domain 192.168.1.xx) has a few devices connected to it directly, my ubuntu pc with pihole running as well as a tenda nova MW3 mesh.
The Mesh is then broadcasting a separate wifi network on the domain 192.168.5.xx and most of my home devices are connected to the mesh network. Ie the pc where the ads are getting through is accessing the internet via the mesh.

I did try going to speedtest.net via devices connected directly to the router (rather than via the mesh) and the ads are not coming up. So just not sure what I need to tweak to get the blocking happening on the devices connected to the mesh

What is the mesh network using for DNS resolution? If it in turn is using Pi-hole, then what management group is the mesh device assigned to? From your debug log, it appears the mesh wlan is in Group 5? If so, there is not blocking assigned to that group, and all queries from that device are passed unfiltered.

Edit - why do you have management groups defined in Pi-hole if none other than the default group have any adlists or domains assigned?

1 Like

Hi,
The mesh does not have any web based access to settings - it can only be accessed from their android app and is very limited in terms of configuration settings - there is no capacity to set static ip which is why I setup the pihole device on the router. I dont know what it is using for DNS resolution and I am not sure how to check - I thought it would direct queries to the router as that is where it is getting it's data from and then the router would push the queries to pihole but i'm obviously wrong.

From the web interface it shows all groups are enabled - would you be able to guide me on how to turn on blocking for the group?

As a side note the computers which are directly accessing the router do seem to have adblocking but you indicated there are no adlists/domains assigned.

From my end I will try putting everything into the default group and see if that fixes it. Will update shortly.

Many thanks for the quick and comprehensive responses!!!!

edit: putting everything back into the default group has fixed it - will do some research on how to apply filters to custom groups as that seems to be the problem. thank you again so much for the help!!!

You need to assign adlists or domains to various groups. This is done in the adlist and domains tabs in the Pi-hole web admin GUI.

1 Like

Your screenshot and your debug log shows only the Default group is using adlist.
image

You need to change the "Group Assignment" for each adlist.

The field is currently set as "Default".
You need to change this (click on the button and select the groups you want to apply to each list).
The button will show something like "3 selected":

1 Like

this probably explains also why when i was trying to manually blacklist baidu.com it wasn't stopping it face palm

champion!!! thank you :smiley: :smiley: :smiley:

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.