Windows 10 shows Limited internet access but it's connected

Expected Behaviour:

Windows NCSI correctly working, showing "Internet access"

Actual Behaviour:

While having PiHole as DNS resolver Windows thinks that doesn't have internet access, but it works just fine. I've tried to see if the PiHole has in the blacklist some Microsoft server related to the connectivity check, but that's not the case as I can correctly reach all the sites that do the checks.
Opening regedit at
shows all the different settings related to NCSI.
The problem is that all the Metro apps (and also Spotify) won't work as they think that they're not connected to the Internet. As I run my PiHole on EC2 I solved moving the test on my server, so that Windows can correctly pass the test. What I did was modifying different keys:
ActiveWebProbeHost to my actual domain
ActiveDnsProbeHost to my actual domain
ActiveDnsProbeContent to my EC2 IP
On your machine you have to create a file named "connecttest.txt" which contains the following: Microsoft Connect Test inside /var/www/html
Et voilà Windows no longer thinks to be disconnected

This is a known issue with Windows 10, and is not a Pi-hole issue.

Oops, I'm sorry to have created a duplicate topic. Thanks for your answer, I just wanted to help someone giving some advices on how to solve the problem

Hi Guys,

I also had this issue after updating Windows (2004)
I use default blocklist, so nothing crazy...

First I disabled PIHole and did this recommended steps from Microsoft:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log

But after a while the issue returned.

I also use a tool called ShutUp10 from O&O to control data privacy on W10 a bit more and I remembered that there is one setting according to NCSI. So I went in that tool and at the very bottom there is a setting for NCSI and it was disabled.
Make sure that the button is not (green). It has to be red for NCSI to work properly

After that this issue was solved.

After a couple of days my solution stopped working, so I had to reset all the previous settings, and now it works. Thanks for your help, when I'll have some time I'll try ShutUp10 and see if it works

How I am solving this (works on both win7 and win10) :

All I change on the windows machine are the settings:

  • ActiveDnsProbeContent -> IPv4 address of pihole
  • ActiveDnsProbeContentV6 -> IPv6 address of pihole

Than, on pihole, create a dnsmasq file (I use /etc/dnsmasq.d/09-msftncsi.conf), content:


modified the dnsmasq file to overcome an earlier mentioned problem (unknown status in the query log)

Create the web server files:
file /var/www/html/connecttest.txt, content:

Microsoft Connect Test

file /var/www/html/ncsi.txt, content:

Microsoft NCSI

now restart pihole-FTL to activate the new dnsmasq config file.

verify everything checks out, by entering

the content of the web server file should be displayed.

The connection test icon in windows is now OK

don't do this if the machine leaves your (home) environment, the IP address changes on the windows machine will cause a problem.
I had to do this on my old windows 7 desktop, since I disconnected it from the internet, but allow access to the (home) environment)

In my opinion it is not neccessary to hack the registry for the ActiveDnsProbeContent
With your redirect of f.i.,pi.hole to the PiHole, it's obsolete.

What is forgotten in the discription is to add etc. to the whitelist. In some blocklists these msft-URL's are mentioned. doesn't expect the text 'Microsoft NCSI' but the IP address

An informative article: Disable or customize Windows' Internet Connection test to improve privacy - gHacks Tech News

I have done the same as written above but instead of creating a dnsmasq config file, I create in /etc/dnsmasq the file 04-customRedirect.conf with the content:

And a customRedirect.list file in /etc with the contents:

A entry in customRedirect.list like
doesn't work in my case. There is no redirection to PiHole.

And create the 2 web server files you have mentioned.

In this situation I don't have the 'Unknown (0)' message in the PiHole webinterface but an 'OK (cached)'.
If I configure my PiHole like you, I also have the unknown message.
Maybe a reason is that PiHole doesn't support dnsmask files with CNAME like you use since V5.

What I read in the article you mentioned, it says:

The test tries to connect to a Microsoft website -- -- to download the ncsi.txt text file from the server the website is hosted on.
and a little bit further:
The text file itself does not contain lots of information, just the text Microsoft NCSI to be precise

It also says:
It will also make a request for the DNS name resolution of and expects the result to be

I assume the expected response for the DNS query is the value in the two keys I changed on windows. So if the value is unchanged, a DNS query will need the answer, however, if you change the value, the reply must be equal to that value. Changing the values to the pihole adresses (IPv4 and IPv6) combined with the CNAME entries I proposed will eliminate external lookups.

I was lookin into the unknown query result and found a solution for that, I changed my proposed dnsmasq configuration file, see here, to overcome that problem (you need to change the domain name localdomain into your domain name)

Everything appears to be working with this configuration, the unknown entry in the query log is gone.

That's ok for strictly home based computers.

Be careful with roaming devices,though:
If you want to keep in good spririts with your company's network admins, don't do that on your company laptop (even if you would be able to). Nor any other device with nomadic usage outside of your home network: Other networks do not know the IP address of your Pi-hole.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.