I'd like to move away from tailscale (which works fine but drains my iPhone battery) and use a regular Wireguard tunnel to benefit from my home Pihole when "on the go". Raspberry Pi running Pihole LAN IP: 192.168.0.190 iPhone LAN IP (home Wifi): 192.168.0.81 My external IP is dynamic, so I use a Synology QuickConnect DDNS. Pihole wg "server" config:

[Interface]
Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 47111
PrivateKey = yKk0wyqxxxxxxxxxxx #obfuscated
[Peer]
PublicKey = TlZXuFuTJmPGEye0+i3cxvQxrKrNiJxQRqb9T3rwaC8=
PresharedKey = 1wS3KE3xxxxxxxxxxxxx  #obfuscated
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128

And wg config pushed to my iPhone:

[Interface]
Address = 10.100.0.2/32, fd08:4711::2/128
DNS = 10.100.0.1
PrivateKey = uHTYEVLFEQHxxxxxxxxxxx #obfuscated
[Peer]
AllowedIPs = 10.100.0.1/32, fd08:4711::1/128
Endpoint = xxxxxxx.direct.quickconnect.to:47111
PersistentKeepalive = 25
PublicKey = w7wzMDYNDoUPUSptexhIG4a7c9eT9Sqlk4o2mqv9cH8=
PresharedKey = 1wS3KE3QCpOYbQxxxxxxxxxxx #obfuscated

On my home router, I have setup port forwarding as follows:

External port: 47111
Internal port: 47111
Internal IP: 192.168.0.190 (also tried 10.100.0.1)
Protocol: UDP (also tried BOTH)

When at home, DNS goes through my Pihole: blocked sites are indeed blocked, and 10.100.0.2 shows trafic. Can you please help me troubleshoot my Wireguard config? Thank you!

I will be running a Pi-hole server in a docker container, so I have freed up port 53 by settingDNSStubListener=no in /etc/systemd/resolved.conf and restarting systemd-resolved. This has freed up port 53, but now DNS doesn't work. I get ;; connection timed out; no servers could be reached Looking at Network Settings from the desktop, I see 1.1.1.1 and 8.8.8.8 as the DNS servers assigned by DHCP as currently configured, but how do I get my system to use these? **UPDATE1:** /etc/resolv.conf has this: nameserver 127.0.0.53 options edns0 trust-ad search domain.local

I have setup pi-hole and some other things on a debian server, using docker. The pi-hole is acting as a DNS for my entire network (I have added the server's IP in my router dns config) Problem is that I have no internet when pi-hole is down. For example when I do some adjustments to my docker compose I need to shut it down. Is there a way to bypass the pi-hole dns, only on the server that is running on? I know google has some dns servers on 2.2.2.2 and 2.2.4.4. How/where to configure those?

i have a pihole server running in docker compose on my Debian Linux server. i also host a wireguard vpn (also in docker compose) running on the same server. by using the tcpdump command i have confirmed that all traffic that happens on my laptop is routed to the Debian server. my only issue at this stage is pihole ad blocking doesn't seem to work while using it which is really important to me in some circumstances. is there anyway to have my wireguard vpn traffic use my pihole dns server?

My machine is **Debian 12**. Here is the result of nslookup lhtadmin@deb12-docker1:~$ nslookup nc.domain.com Server:172.16.100.4 Address:172.16.100.4#53 nc.domain.com canonical name = lb2.local.domain.com. lb2.local.domain.com canonical name = deb12-docker2.local.domain.com. When I tried to do curl nc.domain.com, I got the message "could not resolve". Here is the log from my DNS server (Pihole). Also, My Pihole is setup to forward zone .local.domain.com to 192.168.1.1 Oct 16 14:08:25: query[A] nc.domain.com from 172.16.100.20 Oct 16 14:08:25: config nc.domain.com is Oct 16 14:08:25: config lb2.local.domain.com is However, if I try the same curl command on a **macOS**, it will do another lookup for deb12-docker2.local.domain.com to resolve to an IP Oct 16 14:03:33: query[A] nc.domain.com from 172.16.110.251 Oct 16 14:03:33: config nc.domain.com is Oct 16 14:03:33: config lb2.local.domain.com is Oct 16 14:03:33: query[A] deb12-docker2.local.domain.com from 172.16.110.251 Oct 16 14:03:33: forwarded deb12-docker2.local.domain.com to 192.168.1.1 Oct 16 14:03:33: reply deb12-docker2.local.domain.com is 172.16.100.128 If I set my Pihole to have A record of deb12-docker2.local.domain.com (not forwarded), it will work. Is there a way to tell Linux to do another lookup for CNAME record that will need to be forwarded?

I would like to install Pi-Hole automatically inside Vagrant (VirtualBox).  Therefore, in an automated script, it has to run to box start.  Unfortunately, normally, you have to answer multiple installation questions to install Pi-Hole, e.g., IPv4 or 6, ..., and you need keyboard interaction with the setup (by the user). Is there any way or solution to install it without any interaction?  How can I write it in a Bash script or Vagrantfile?

I have on my home LAN network my home router set up as gateway and few clients. One client (orangepipc) works also like DNS resolver with installed PiHole. on the gateway(192.168.11.1) is DHCP server, where I have reserved IP address (192.168.11.6) for PiHole. On the gateway is set up this PiHole as Primary DNS resolver and for all the clients in LAN works fine. I am able to ping the PiHole and join there with SSH from the LAN. But If I am join to the Pihole device, from there is not possible join/ping to the gateway or the other device in LAN/WAN. Oh the PiHole device installed only clean actual Armbian, Kodi and PiHole (from the installation script). The first, what I checked up is gateway set up misconfiguration on PiHole, but I cant see anything wrong. Attaching my settings bellow. Any ideas, pls? ip -4 route | grep default | cut -d ' ' -f 3 192.168.11.1 ifconfig eth0 Link encap:Ethernet HWaddr 6e:01:40:a3:84:8e inet addr:192.168.11.6 Bcast:192.168.11.255 Mask:255.255.255.0 inet6 addr: fe80::6c01:40ff:fea3:848e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:324629 errors:0 dropped:0 overruns:0 frame:0 TX packets:1402480 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:65879699 (65.8 MB) TX bytes:118278414 (118.2 MB) Interrupt:114 ip -4 route default via 192.168.11.1 dev eth0 proto static metric 100 169.254.0.0/16 dev eth0 scope link metric 1000 192.168.11.0/24 dev eth0 proto kernel scope link src 192.168.11.6 metric 100 iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

I am building a home server just for fun and for the learning experience. This is my first time, so I am relatively new to all of this. The plan is to run things like pi-hole and Nextcloud and a few other things. For that, I decided to try to run everything inside its own Podman container on my alma linux server. At first, I tried to install everything directly on the server, but then I got into trouble because multiple services wanted to use the same port (after I found out what all these things are ;) ), and then I read about Podman and thought that might solve my problems. I followed a tutorial online and installed pi-hole via

podman run -d --name pihole -e TZ="Europe/Zurich" -e WEBPASSWORD="********"  -p 192.168.0.188:5300:53/tcp -p 192.168.0.188:5300:53/udp -p 192.168.0.188:8000:80 -v "/srv/pi-hole:/root:z" --restart=on-failure pihole/pihole:latest

I can then access pihole via 192.168.0.188:8000/admin from my browser. But now I am stuck, because I don't know how to connect for example my phone to it. My router does not allow using my own dns, so I figured that I had to connect all my devices by myself to the pihole. I can do this if I just install the pi-hole directly on my server (go to settings and put my server ip there), but I don't know how to do this when I install it in the podman container (putting server ip in settings does not work). Does anybody know how I can solve this? Ps: This is my first time using such a forum, so please give me your feedback on whether I use it correctly. Thanks **Solved:** I maped the 53 udp/tcp from the server directly to 53 inside of the container. Now everything works fine.

When I run nmap 192.168.1.*, I get a print out of all devices on my network. The hostnames are not what I expect. For example, the hostname of the Linux desktop (192.168.1.203) I am currently on is home. On nmap, I see:

Nmap scan report for DESKTOP-DDDV4PO.localdomain (192.168.1.203)
Host is up (0.000012s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

My Raspberry Pi hostname is rp4 but for nmap I see:

Nmap scan report for raspberrypi.localdomain (192.168.1.99)
Host is up (0.000063s latency).
Not shown: 994 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
8080/tcp open  http-proxy
8083/tcp open  us-srv
8181/tcp open  intermapper

The strangest one is my Sonos speaker (192.168.1.199) which is listed as being my father's iPhone. I assume he was here at some point and was assigned that IP address by my DHCP server. It was then reassigned to the Sonos speaker but the name persists.

Nmap scan report for Johns-iPhone.localdomain (192.168.1.199)
Host is up (0.056s latency).
Not shown: 999 closed ports
PORT     STATE SERVICE
1443/tcp open  ies-lm

Interestingly, I have also changed the domain name of my local network to home in my DHCP settings. However, nmap is still reporting a .localdomain domain name for all of these hosts. I have a Unifi USG-3P router that is also my DHCP server. My DHCP is configured to hand out my Raspberry Pi as the DNS server (Pi-Hole is set up in a Docker container). Within Pi-Hole, my router is then set up as the upstream DNS server in order to resolve local hostnames. This set up was taken directly from [this guide, method 2](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) . I'm not sure how to force the hostnames my DHCP/local DNS is mapping to IP addresses (and thus being reported by nmap) to come in line with their actual host names and the new domain name, home.

I am running dnsmasq 2.90 inside a Debian 11.0 based docker container as part of Pi-hole 5.18.2. I would like to configure dnsmasq to serve the addresses of my local hostsnames for multiple local domains (both .local and .subdomain.mydomain.com) as a local application has the .local domain hard coded. I can only make it work for one domain at a time. This container is providing DNS and DHCP services for my local networks. As part of the Pi-hole set-up addn-hosts=/etc/pihole/local.list is added to the .conf file mounted at /etc/dnsmasq.d. This list contains a list of ~30 IP addresses from local and locally accessible subnets and and hostnames, such as: 192.168.1.10 server01 192.168.2.20 server02 100.115.x.x server03 dnsmasq is serving the local search domain over DHCP both as specified in domain=subdomain.mydomain.com and dhcp-option=option:domain-search.subdomain.mydomain.com in separate config files mounted at /etc/dnsmasq.d, as well as set as a local domain with local=/subdomain.mydomain.com/. This search domain, as well as the IP of the DNS server, is accepted and implemented as expected by my clients:

❯ cat /etc/resolv.conf
…
search subdomain.mydomain.com
nameserver 192.168.2.2

A nslookup of a hostname in the addn-hosts works as expected, adding the search suffix and returning the correct result:

❯ nslookup
> server01
Server:		192.168.2.2
Address:	192.168.2.2#53

Name:	server01.subdomain.mydomain.com
Address: 192.168.1.10

I would like to return the same IP for server01.local:

> server01.local
Server:		192.168.2.2
Address:	192.168.2.2#53

** server can't find server01.local: NXDOMAIN

I have tried adding local to the .config files as local=/subdomain.mydomain.com/local/ both with and without domain=/subdomain.mydomain.com/local/ and separate domain=subdomain.mydomain.com domain=local entries. This either does not change the behaviour, or (if I add the two domain= entries) the nslookup then works for .local and not for .subdomain.mydomain.com. How can I have dnsmasq respond with the hostname IP for both .local and .subdomain.mydomain.com domains?

I am using pihole forwarding to bind as a local dns service. [root@server ~]# cat /etc/redhat-release CentOS Stream release 8 [root@server ~]# named -v BIND 9.11.36-RedHat-9.11.36-13.el8 (Extended Support Version) In the past everything worked fine. For some weeks (or maybe longer) I am experiencing problems. Today i tried to resolve login.live.com My windows PC via pihole: PS C:\Users\xxx> nslookup.exe login.live.com Server: pi.hole Address: 192.168.120.10 *** Keine internal type for both IPv4 and IPv6 Addresses (A+AAAA)-Einträge für login.live.com verfügbar. My windows PC via bind: > login.live.com Server: server.home.xxxxxx.de Address: 192.168.2.20 *** login.live.com wurde von server.home.xxxxxx.de nicht gefunden: Unspecified error. On the pihole pi@timeserver:~ $ nslookup login.live.com ;; Truncated, retrying in TCP mode. ;; Connection to 192.168.2.20#53(192.168.2.20) for login.live.com failed: host unreachable. On the bind server: [root@server ~]# nslookup login.live.com ;; Truncated, retrying in TCP mode. Server: 192.168.2.20 Address: 192.168.2.20#53 Non-authoritative answer: login.live.com canonical name = login.msa.msidentity.com. login.msa.msidentity.com canonical name = www.tm.lg.prod.aadmsa.akadns.net. www.tm.lg.prod.aadmsa.akadns.net canonical name = prdv4a.aadg.msidentity.com. prdv4a.aadg.msidentity.com canonical name = www.tm.v4.a.prd.aadg.akadns.net. Name: www.tm.v4.a.prd.aadg.akadns.net Address: 20.190.160.14 Name: www.tm.v4.a.prd.aadg.akadns.net Address: 20.190.160.17 Name: www.tm.v4.a.prd.aadg.akadns.net Address: 40.126.32.138 Name: www.tm.v4.a.prd.aadg.akadns.net Address: 40.126.32.72 Name: www.tm.v4.a.prd.aadg.akadns.net Address: 40.126.32.136 Name: www.tm.v4.a.prd.aadg.akadns.net Address: 40.126.32.68 Name: www.tm.v4.a.prd.aadg.akadns.net Address: 20.190.160.20 Name: www.tm.v4.a.prd.aadg.akadns.net Address: 20.190.160.22 I am totally clueless what is wrong? Why can bind resolve login.live.com but does not answer when asked from clients? Any help would be highly appreciated

I'm having issues getting my Pi Hole to respect rate limiting settings. After some investigation I noticed that the values under Settings - DNS were going into the pihole-FTL.conf file as RATE_LIMIT= but looking at the logs on startup the configuration section would always say RATE_LIMIT: Rate-limiting client making more than 1000 queries in 60 seconds no matter what values I put into the settings/configuration.

I'm currently working on a little home project where i host various services on a raspberry pi 4 via docker. While working on this project i now encountered a dns problem which i can't really get my head around. I'm hosting pihole inside a container and configured it to use my router as an upstream dns server. On my router i have configured my raspberry pi as the local dns server and added a fiew other upstream dns servers. From my understanding this would lead to all dns requests getting routed trough my pihole container on my raspberry pi and then back to my router to get it resolved. So far this setup works for all my devices on my local network including the raspberry pi itself. The only problem i now encounter is with other containers on the same raspberry pi that are inside the same and/or different networks than pihole. All of them seem to have problems with resolving dns queries. For example: I have a phpmyadmin countainer connected to the same docker network as the pihole container. If i now ssh into the phpmyadmin container and want to execute 'ping google.com' or 'apt-get update' it won't be able to execute these commands because of failing dns. **What i already checked:** - I looked at /etc/resolv.conf of the phpmyadmin container => *It includes 127.0.0.11 - which is correct by my knowlegde* - I looked at /etc/resolv.conf of the host => *It includes the actual ip of my raspberry pi (NOT 127.0.0.1). I do not understand why it uses the actual ip instead of localhost here but it does work anyway* - I restarted docker daemon - I recreated the networks included in my docker-compose.yml - I recreated the phpmyadmin container So far none of the above steps solved the problem. Out of curiosity i then set the ip of my router in /etc/dhcpcd.conf on my host as a static nameserver and reloaded both the dhcpcd and docker daemon. If i now ssh into my phpmyadmin container dns suddenly works. I excluded my routers ip again to verify my problem and dns stops working immediately. This leads me to the conclusion that all my docker containers (excluding pihole - because i specified dns 127.0.0.1 for this container) seem to have a problem with using my hosts ip address for dns. My current docker-compose.yml: version: '3' services: portainer: image: portainer/portainer-ce:linux-arm container_name: portainer restart: unless-stopped environment: TZ: Europe/Berlin networks: - frontend volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data labels: - traefik.enable=true - traefik.docker.network=compose_frontend - traefik.http.routers.portainer.entrypoints=web_tcp - traefik.http.routers.portainer.rule=Host(portainer.mydomain) - traefik.http.services.portainer.loadbalancer.server.port=9000 traefik: image: traefik:latest container_name: traefik restart: unless-stopped environment: TZ: Europe/Berlin networks: - frontend ports: - 80:80 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - /home/farmadmin/config/traefik:/etc/traefik labels: - traefik.enable=true - traefik.docker.network=compose_frontend - traefik.http.routers.traefik.entrypoints=web_tcp - traefik.http.routers.traefik.rule=Host(traefik.mydomain) - traefik.http.services.traefik.loadbalancer.server.port=8080 pihole: image: pihole/pihole:latest container_name: pihole restart: unless-stopped environment: TZ: Europe/Berlin networks: - frontend dns: - 127.0.0.1 ports: - 53:53/tcp - 53:53/udp volumes: - /etc/localtime:/etc/localtime:ro - etc-pihole:/etc/pihole/ - etc-dnsmasq.d:/etc/dnsmasq.d/ labels: - traefik.enable=true - traefik.docker.network=compose_frontend - traefik.http.routers.pihole.entrypoints=web_tcp - traefik.http.routers.pihole.rule=Host(pihole.mydomain) - traefik.http.routers.pihole.middlewares=dashboard_prefix - traefik.http.middlewares.dashboard_prefix.addprefix.prefix=/admin - traefik.http.services.pihole.loadbalancer.server.port=80 mariadb: image: linuxserver/mariadb:latest container_name: mariadb restart: unless-stopped environment: - TZ=Europe/Berlin - PUID=1000 - PGID=1000 networks: - backend volumes: - mariadb_data:/config phpmyadmin: image: phpmyadmin:latest container_name: phpmyadmin restart: unless-stopped environment: - TZ=Europe/Berlin - PMA_HOST=mariadb - PMA_PORT=3306 networks: - frontend - backend labels: - traefik.enable=true - traefik.docker.network=compose_frontend - traefik.http.routers.phpmyadmin.entrypoints=web_tcp - traefik.http.routers.phpmyadmin.rule=Host(phpmyadmin.mydomain) - traefik.http.services.phpmyadmin.loadbalancer.server.port=80 networks: frontend: backend: internal: true volumes: # Persistent Portainer Data portainer_data: # Persistent Pihole Data etc-pihole: etc-dnsmasq.d: # Persistent MariaDB Data mariadb_data: So my questions would be: Why does the hosts resolv.conf include its full own ip instead of localhost? Why is my host able to resolve dns queries with its own ip but my docker containers aren't? How can i solve this problem without setting the hosts nameserver to my router?

Could anyone elaborate a little on this warning? Reading the unbound comment it references, I guess it's some configuration in place for security reasons (?), but I'm not clear on what the _tradeoffs_ really are if you "get rid of" this warning by adding the config file mentioned below. > reducing DNS packet size for nameserver ADDRESS to SAFE_PKTSZ > > When receiving answers from upstream only with a smaller maximum DNS packet size, dnsmasq warns about this and remembers this decision per server for some time (defaulting to 60 seconds). > > If you see this message continuously, you are affected by some unusual truncation on the path from your Pi-hole to the configured upstream server. You can get rid of the warning by adding a config file like /etc/dnsmasq.d/99-edns.conf and adding > > > edns-packet-max=1232 > After running pihole restartdns your Pi-hole will not even try larger packet sizes (the default is 4096). Check out our [unbound guide](https://docs.pi-hole.net/guides/dns/unbound/) for a comment about the particular value of 1232. >

I have two single board computers in my local network (Pine64 and nanoPI), which I use for various purposes. The latest thing I wanted to do with them is to have failover DHCP and DNS for my local network on both of them. I configured failover DHCP and one of them was not starting until I didn't stop/delete the pihole docker image. It was reporting Can't bind to dhcp address: Address already in use. When docker was stopped ISC-DHCP-SERVER is starting just fine. Now, when DHCP server is running the docker reports bind: address already in use and does not start. The other computer which has ordinary DNS server installed (no docker and pihole) works fine. I configured my own DNS with similar capabilities as pihole (block advertisements) on another server. However, I wanted to try pihole, since it has nice user interface. I think the problem is that pihole includes a DHCP server, too (https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026) . Can I use pihole docker image (without DHCP) and DHCP server on the same computer? How it can be done? I would rather not use pihole's DHCP, because I have some custom configuration in DHCP server with publishing custom routes via DHCP, DHCP static leases, and failover configuration. I am not sure I can configure all that in pihole's DHCP server, and I am not sure I want to.

I'm setting up a DNS filter using Pi-Hole and OpenVPN on a VPS. Pi-hole is running in a Docker container and exposes port 80 for its web interface. How do I expose this port only to traffic originating from the VPN (10.0.8.0/24), and not to the internet?

# Problem I am trying to setup a local DNS server (pihole) inside a docker container on my debian 11 server in my home network with a static IPv6, such that I can point all lookups from my router to it. # What I have so far * As this is a home network, my router reconnects in certain intervals, which does not allow me to use theglobal IPv6 prefix. * `docker` service is running on my server * I'm using docker-compose, the compose file looks like this currently: version: "3" # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ services: pihole: container_name: pihole image: pihole/pihole:latest ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "80:80/tcp" environment: TZ: 'Europe/Berlin' # WEBPASSWORD: 'set a secure password here or it will be random' WEBPASSWORD: 'XXXXXXXXX' # Volumes store your data between container upgrades volumes: - type: bind source: ./etc-pihole/ target: /etc/pihole/ - type: bind source: ./etc-dnsmasq.d target: /etc/dnsmasq.d/ # Recommended but not required (DHCP needs NET_ADMIN) # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities cap_add: - NET_ADMIN #option not needed wen used in combinationwith systemd #restart: unless-stopped networks: macvlan: ipv4_address: 10.10.1.51 ipv6_address: fd00:0:0:1:50::51 networks: macvlan: driver: macvlan enable_ipv6: true driver_opts: parent: enp7s0 ipam: config: - subnet: 10.10.1.50/24 gateway: 10.10.1.1 - subnet: fd00:0:0:1:50::/80 gateway: fd00:0:0:1:2e91:abff:fe91:baa0 * The whole IPv4 setup is working, however I do not fully understand how to setup the macvlan, such that the dockered pihole can work as a DNS server in my home network. * The `fd00:0:0:1:2e91:abff:fe91:baa0` is the local address of my router. * `docker-compose up` yields: failed to create network dc_pihole_macvlan: Error response from daemon: Invalid subnet fd00:0:0:1:50:/80 : invalid CIDR address: fd00:0:0:1:50:/80 # Questions * Is what I am trying to do feasible at all? * Is this the correct setup for what I am trying to do? * How can I get the container to start? # Edits 1 * After the suggested syntax fixes,the docker container starts. From a bash inside the container, I can ping my router at `fd00:0:0:1:2e91:abff:fe91:baa0. I can also ping ipv6.google.com and it gets resolved to the correct IPv6, but strangely, only one of four packets is transmitted. Why? See attached output, where PROVIDER-PREFIX-RM` is my (current) scope global prefix: root@c4ca40297eaa:/# ping ipv6.google.com -c 4 PING ipv6.google.com(fra24s11-in-x0e.1e100.net (2a00:1450:4001:830::200e)) 56 data bytes From PROVIDER-PREFIX-RM:42:aff:fe0a:133 (PROVIDER-PREFIX-RM:42:aff:fe0a:133): icmp_seq=1 Destination unreachable: Address unreachable From PROVIDER-PREFIX-RM:42:aff:fe0a:133 (PROVIDER-PREFIX-RM:42:aff:fe0a:133): icmp_seq=2 Destination unreachable: Address unreachable From PROVIDER-PREFIX-RM:42:aff:fe0a:133 (PROVIDER-PREFIX-RM:42:aff:fe0a:133): icmp_seq=3 Destination unreachable: Address unreachable 64 bytes from fra24s11-in-x0e.1e100.net (2a00:1450:4001:830::200e): icmp_seq=4 ttl=115 time=18.7 ms --- ipv6.google.com ping statistics --- 4 packets transmitted, 1 received, +3 errors, 75% packet loss, time 95ms rtt min/avg/max/mdev = 18.738/18.738/18.738/0.000 ms, pipe 3 * Addendum: Obviously I am new to this, so if you feel like suggesting a betternumbering scheme, by all means, do.

At home I have installed Pi-Hole on a Fedora 28 machine, and it is now working properly serving IPv4 addresses via DHCP, acting as the DNS server, and blocking IPv4 addresses as appropriate. However, it seems to be failing to block IPv6 addresses. In the log I see (for example): 2018-06-12 00:11:15 IPv4 v10.events.data.microsoft.com 192.168.1.79 Pi-holed - Whitelist 2018-06-12 00:11:15 IPv6 v10.events.data.microsoft.com 192.168.1.79 OK (forwarded) - Blacklist ...There are a good many other such combinations: IPv4 Pi-holed, IPv6 forwarded at the same timestamp to the same FQDN. I know very little about IPv6 at this moment. These are a few of the gaps in my knowledge that I think are contributing to my issue: - How do I handle distributing IPv6 addresses in my home LAN? On Pi-Hole's DHCP page, there's a setting to "Enable IPv6 Support", which I've done. Does this mean my Pi-Hole will now serve up IPv6 addresses? - On my router, I have various IPv6 settings: IPv6 (I turned it on), DHCPv6 (also on, but makes no difference if it's off it seems), DHCPv6 Prefix Delegation (on, and unmodifyable when DHCPv6 is off). This may be colliding with PiHole, but, - I don't know if I can shut off IPv6 or even DHCPv6 on my router, because from what I've read, the concept of having NAT'ed IPv6 addresses inside the LAN is passe'. All devices get a routable IPv6 address these days because of the large address space. - I cannot modify the Upstream DNS servers on my PiHole settings page to include, for example, Google's IPv6 servers. I don't know why. IPv6 testing sites show that I can reach them via IPv6. Ultimately, I'm concerned about two things: I can't change the IPv6 DNS settings, and the logs show that IPv6 entries are forwarded.

I have a Pihole with a fixed IP, 192.168.0.3. It works, and I can get to the GUI interface with that IP. Recently I noticed my router displaying alternating IP addresses for the Pi in its UI (the router lists clients by Mac). I tried navigating to the second address on the same subnet and the Pihole GUI is served. ip a shows a bunch of stuff but here is eth0... eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether xx:xx:eb:de:54:87 brd ff:ff:ff:ff:ff:ff inet 192.168.0.64/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0 valid_lft 86015sec preferred_lft 86015sec inet 192.168.0.3/24 brd 192.168.0.255 scope global secondary noprefixroute eth0 valid_lft forever preferred_lft forever cat /etc/dhcpcd.conf shows... interface eth0 static ip_address=192.168.0.3/24 static routers=192.168.0.1 static domain_name_servers=127.0.0.1 Other notes... - WiFi is disabled on the Pi - I only have one DHCP server on the network - The Pi DHCP server is disabled - I have a docker container on the Pi serving HAAS - I have a backup Pihole on the network fixed to 192.168.0.2, which doesn't have this issue

My general set up are several Ubiquiti Switches, APs, a UDMP, etc. I have multiple VLANs which ultimately intertwine with a PiHole and Unbound running on the same VM on a Dell PowerEdge R420. I have three small children all homeschooling due to the pandemic and need desperately to block YouTube from a series of devices, in two specific cases: 1. Specific devices (by MAC address) on one VLAN. 2. All devices on a second VLAN. I know the PiHole can block devices to a site/regex by MAC, but only by one hop. So given the number of switches in my network, this doesn't work. I'm hoping this is something that can be done with either Unbound or another *nix utility that I'm not aware of. Suggestions?