pihole on unraid not blocking ads with pfsense

x2rl

@johnpoz Long time no see John and hopefully im now not as dumb as I was back than. But time will tell.

im just setting all this up again after moving and starting over with new gear and I can't seem to get PiHole to work with the settings I have.
If you have time will you just read over these to see how it looks please.

System>General Setup I have no dns names added and nothing checked
Services>DHCP Server>LAN I have the DNS servers as 10.0.0.222 (which is Pihole)
Services>DNS Resolver>General Setting nothing is checked other than server Enable

On pihole dns page I have the dns server pointing to Pfsense (10.0.0.1) and Never forward non-FQDNs is the only thing Checked.

Many Thanks

johnpoz

What is not working? Your PTR lookups?

If you query pfsense IP directly.. (10.0.0.1) does it resolve what your looking for - ie say google.com?

From any box on your network do a dig or nslookup using pfsense IP 10.0.0.1.. Does this work?

My pfsense IP is 192.168.9.253, so here are examples.

$ dig @192.168.9.253 www.google.com                                     
                                                                        
; <<>> DiG 9.16.1 <<>> @192.168.9.253 www.google.com                    
; (1 server found)                                                      
;; global options: +cmd                                                 
;; Got answer:                                                          
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2153                
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1    
                                                                        
;; OPT PSEUDOSECTION:                                                   
; EDNS: version: 0, flags:; udp: 4096                                   
;; QUESTION SECTION:                                                    
;www.google.com.                        IN      A                       
                                                                        
;; ANSWER SECTION:                                                      
www.google.com.         3238    IN      A       172.217.4.228           
                                                                        
;; Query time: 0 msec                                                   
;; SERVER: 192.168.9.253#53(192.168.9.253)                              
;; WHEN: Tue May 05 08:57:11 Central Daylight Time 2020                 
;; MSG SIZE  rcvd: 59

Here is same command using nslookup

$ nslookup www.google.com 192.168.9.253       
Server:  sg4860.local.lan                     
Address:  192.168.9.253                       
                                              
Non-authoritative answer:                     
Name:    www.google.com                       
Addresses:  2607:f8b0:4009:801::2004          
          172.217.4.228

x2rl

@johnpoz Sorry didn't really say did I :/

Pihole shows nothing zero queries its like nothing is sent there.

nslookup www.google.com 10.0.0.1
Server:  pfSense.localdomain
Address:  10.0.0.1

Non-authoritative answer:
Name:    www.google.com
Addresses:  2a00:1450:4009:81b::2004
          216.58.210.228

Dig command didn't work on windows

johnpoz

dig is something you would have to add ;) Its not part of windows.. But its a great dns troubleshooting tool you can install it with the free bind software from isc, just install the tools if you wan to play with it.

Ok so your pfsense is resolving. So does pihole not resolve?

If you use pihole?

My box is set to use pihole normally, so simple nslookup returns that it used pihole.. 192.168.3.10 in my network

$ nslookup www.google.com
Server:  pi-hole.local.lan
Address:  192.168.3.10

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:4009:801::2004
          172.217.4.228

x2rl

@johnpoz Well i thought setting pihole Ip on the dhcp server it would get rid of ads show on sites and block malware etc...

nslookup www.google.com 10.0.0.222
Server:  14619edbadac
Address:  10.0.0.222

Non-authoritative answer:
Name:    www.google.com
Addresses:  2a00:1450:4009:81b::2004
          216.58.210.228

Hmm after I run that pihole showed queries guess it is working? just thought there would of been lot more queries show from all the site the family use.

I'll check them tools out thanks.

Abit of topic here and pihole related do you know john if there is a way to show hostnames on pihole which is sent via pfsense?
Was reading this post about it

johnpoz

why is your pihole coming back with 14619edbadac as a name??? WTF?

Well try doing a query for something that is blocked? say doubleclick.net should be on pretty much any blocklists your using

$ nslookup doubleclick.net
Server:  pi-hole.local.lan
Address:  192.168.3.10

Name:    doubleclick.net
Addresses:  ::
          0.0.0.0

Are you seeing queries from all your devices - just because you change your dhcp to point to pihole, doesn't mean that the clients got the new info yet. They will only get that once they renew their lease, etc.

Also what block lists are you using? If you validate pihole blocks stuff that should be blocked then its working. Its possible your clients browsers are using their own dns as well, freaking doh nonsense - and not using your local dns.

Also your machines and browsers will cache for the length of the ttl records... So if they looked up something.shouldbeblock.tld and cached it.. before you put in pihole, they would just use their cache vs asking pihole for the ip..

Also possible your clients are using ipv6 for their dns, and not pointing to pihole - and using ipv6 vs ipv4 to look up stuff

x2rl

@johnpoz could be because its in a docker! sorry forgot to say that! im running OMV and pi hole is in the docker

nslookup doubleclick.net
Server:  14619edbadac
Address:  10.0.0.222

Name:    doubleclick.net
Addresses:  ::
          0.0.0.0

Looks good?

johnpoz

See my edit about your clients maybe using ipv6 for dns vs ipv4 that points to pihole.

even if in a docker, your 10.0.0.222 should resolve to something valid, you would set that.

x2rl

This post is deleted!

x2rl

@johnpoz Okay ipv6 is of and my IPS doesn't use it.

I meant the weird name for the server it looks like a docker name lol

Client	Requests	Frequency
10.0.0.16	65	
10.0.0.68	62	
10.0.0.12	54	
10.0.0.15	24	
10.0.0.14	23	
10.0.0.13	9	
10.0.0.11	9

Seems to be working now just wish it would show the hostname not the IPs

x2rl

screencapture-10-0-0-222-admin-index-php-2020-05-05-15_30_42.jpg

Yea shes working John Thanks again. Seems my setting was correct for once.

Do you use the Conditional Forwarding option in Pihole John? if so how do you use it I put the IP and pfsense host name in there but its still not showing the hostnames.

johnpoz

@Mike34 said in pihole on unraid not blocking ads with pfsense:

Conditional Forwarding option in Pihole John? if so how do you use it I put the IP and pfsense host name in there but its still not showing the hostnames.

I don't use it.. pihole sends everything to pfsense. I maintain all hosts in pfsense.

x2rl

@johnpoz okay pal just find pihole easier to read thanks again John.

johnpoz

Yeah I filter all dns through pihole, because yeah its pretty eye candy. But for my local dns I host that in pfsense.. All my host names are handled by pfsense.. Any sort of host overrides I need to do, etc. just easier to do in pfsense.

pihole is just an ad filter.

x2rl

@johnpoz I managed to add all host name by editing the host file on pihole and looking at the DHCP Leases on pfsense and match them up

Question now I have some ips showing on pihole 10.0.0.11 and 14. I have no clue what these are and they do not show in the DHCP Leases on pfsense?? where are these coming from shouldn't pf show all Leases on that page?