1. OCAU Merchandise now available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion here.
    Dismiss Notice

Asus AC68U + PiHole -> Blocklist

Discussion in 'Networking, Telephony & Internet' started by rockuman_ex, Jul 5, 2020.

  1. rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    So, I have been playing with PiHole recently, and not really sure if this is for me or I configured it wrong.

    This is basically what I'm trying to set up/achieve:
    • block malicious contents/sites (porn/malware/ads/etc) globally
    • block certain domains (eg, cnn.com, facebook.com, etc) on certain devices (IP based)

    At the moment, every devices I have on the network are IP static assigned, so each device will not have different IPs when they are connected to my network.

    I have set up PiHole and added those recommended lists i found on the net, eg:

    Now I need to block certain devices to access certain websites that I have added manually in the Blacklist in PiHole.

    In my router's DHCP Server section, I have pointed the devices' DNS Server to the PiHole, it seems to work, cause I don't see any ads.

    But I still can visit the sites that have been added to the Blacklist.

    What am I doing wrong?

    Halp?

    Update: It was AVAST
     
    Last edited: Sep 19, 2020
  2. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,258
    Location:
    Melbourne
    I am far from a networking expert, but I set up a pi-hole myself recently so I know a little.

    assume that when you statically addressed the client devices, DNS is pointed to your gateway, which then routes DNS requests to the pi-hole (or you would not be getting ad blocking).

    the first thing you need to do is get the additional blocklists working, have a read of this: https://discourse.pi-hole.net/t/how-do-i-add-additional-block-lists-to-pi-hole/259

    and then you need to implement per-client blocking, see https://docs.pi-hole.net/database/gravity/example/
     
  3. OP
    OP
    rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    I think i have resolved the site blocking problem, now i have another issue.

    Ads are all blocked on ALL non-windows devices (android, ipad, etc), but I can still see ads on my Windows devices, desktop and laptops.

    All devices are pointing to my pihole DNS.

    I have flushed my dns etc, but still seeing ads on my windows devices/machines.


    Any idea?
     
  4. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    64,244
    Location:
    brisbane
    slightly unrelated but you would be better off using DHCP reservation over static IP's. In the reservation you can force DNS address if you wish.

    Look under LAN>DHCP Server then enable manual assignment and add clients in the bottom list.

    Did you set global DNS in the WAN>Internet Connection tab?
     
    Last edited: Jul 13, 2020
    Evilhomer likes this.
  5. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,258
    Location:
    Melbourne
    what happens if you point one of the Windows clients back to the gateway for DNS? or put it on dynamic temporarily? also try disabling IPv6 on the client's network adapter.
     
  6. OP
    OP
    rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    Yes, i have done that, and all pointing to my pihole.

    My router is asus AC68U with merlin firmware.
    Points DNS to pi hole.
    In DHCP, points my windows to my pihole


    I have disabled ipv6 on the windows, still have ads. (TPG doen't support ipv6 yet from what i can see)

    And pointing back the dns to my router address, also have ads.

    I'm lost.
     
  7. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    64,244
    Location:
    brisbane
    i wonder if you'd be better off using the global setting over individual ones?
     
  8. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,258
    Location:
    Melbourne
    I know my DD-WRT router supports three DNS server addresses and I have to spoof the unwanted ones to unroutable addresses - not sure how that works in Merlin. if I don't do that the WAN DNS still leaks through to the clients.
     
    Last edited: Jul 13, 2020
  9. OP
    OP
    rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    Under my WAN settings, i set my dns server 1 to my pihole
    i left dns server 2 blank

    Under DHCP Server, I set the default gateway to be the router's IP
    and set DNS server 1 to the pihole
    DNS server 2 is left blank

    And no manual assignment of ip to any device.

    So from the above settings, when my windows desktop and laptop are connected to the wifi, i can see the DNS is set to my pi, and dns server 2 is blank

    I can browse etc no problem, but I still see ads!!

    Other non windows devices, like ipads, android phones etc, not a single ad was being served.


    Any idea?
     
  10. Jazper

    Jazper Member

    Joined:
    Jul 28, 2001
    Messages:
    2,667
    Location:
    Melbourne Australia
    clear your cache in windows- often dns and ads stick in cache.
     
  11. OP
    OP
    rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    yep, done that like a billion times
     
  12. stormridah

    stormridah Member

    Joined:
    Feb 21, 2011
    Messages:
    3
    Last edited: Jul 13, 2020
  13. OP
    OP
    rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    ok, something isn't right here.

    So i just opened spotify on web, all the ads in spotify are ALL blocked, but i can see ads that are displayed here on OCAU or other sites.

    WTH?
     
  14. digamma

    digamma Member

    Joined:
    Mar 12, 2002
    Messages:
    2,740
    Location:
    Brisbane, Southside.
    Some ads are served from the same address as the main website and so cannot be blocked. PITA, but smart for the people who are earning revenue.
     
    power likes this.
  15. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    64,244
    Location:
    brisbane
    sounds like it's working, just not how you expect?
     
  16. stormridah

    stormridah Member

    Joined:
    Feb 21, 2011
    Messages:
    3
    Maybe try adguard home and see if you get better results
     
  17. OP
    OP
    rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    Yeah i guess so.

    But strangely enough, i don't see OCAU ads on my mobile, but do on windows devices...

    Yeah, but I'm trying to block ads network wide, not on each individual devices
     
  18. stormridah

    stormridah Member

    Joined:
    Feb 21, 2011
    Messages:
    3
    As guard home is the same as Pi hole

    you run it on a server or Pi and point your router to it
     
  19. OP
    OP
    rockuman_ex

    rockuman_ex Member

    Joined:
    Apr 3, 2002
    Messages:
    3,856
    Location:
    Brisbane
    mmmm.. i see... a bit hesitant to re do everything again as I've setup everything on my pi already :(

    But thanks, i'll look at it
     
  20. Symon

    Symon Castigat ridendo mores

    Joined:
    Apr 17, 2002
    Messages:
    4,764
    Location:
    Brisbane QLD
    Sounds like you've gone the complicated way about it, might be easier to do the following -

    Turn off DHCP in your router.
    Turn on the DHCP server in the pihole, this way all the clients will get an IP from it and automatically point their DNS to it.
    Point the pihole upstream DNS to your router.

    Profit!

    As an aside, if you really want to lock stuff down consider pfsense with pfblocker and snort or suricata - hours of configuration fun to be had there.
     

Share This Page

Advertisement: