Computers are bypassing my Pihole, even with static DNS entry

pnye · January 12, 2024, 4:11am

Pihole on RPi5 192.168.1.2. Setup went well, and added default block lists.
Then on 1st windows pc I set static IP, and the DNS was set to 192.168.1.2 in order to force DNS lookups to go thru the pihole.
It blocks ads and adult domains properly, and I see confirmation of the blocked entries inside the pihole web GUI. (Good)
However, now when I do windows PC2 and PC3 etc I did the same IP setup with static IP and the DNS was set to 192.168.1.2 but now the ads and adult sites and NOT blocked. Neither is there any trace of the IP or PC2 and PC3 in Pihole lookups or blocks.
Its as if the static DNS IP entries of these other 2 PCs is being ignored, or the DNS is cached or they are going around the pihole somehow.
These are things I tried:

I ran ipconfig/flushdns a couple of times but no change.
I also did nslookup just to see what default server IP is reported as DNS and it was 192.168.1.2 which is correct.
I also ran NETSH winsock reset catalog, and NETSH int ipv4 reset reset.log and then a reboot.
Also installed DNSQuerySniffer and noticed a bunch of lookups but i didnt find any clues there, or I dont really know what to look for that would suggest a problem.
I did a dnsleaktest.com and it reports the DNS IP of my ISP or Cloudeflare, which I believe it is supposed to. I do have the pihole upstream dns server set to 1.1.1.3 and 1.0.0.3

What other ways are there to identify what is happening and why PC2 and PC3 are going around the pihole for DNS?

Spectre · January 12, 2024, 9:51am

Set 8.8.8.8 on PC2 and PC3 and run a dnsleaktest. You shall get only Google dns in the results.
Also, do you have IPv6 enabled?

LTS_Tom · January 12, 2024, 12:00pm

Check the browser settings as it is probable using DOH.

pnye · January 13, 2024, 3:43pm

I am learning that dnsleaktest is mostly used if you are testing while connected via VPN and want to know if your DNS is going around the VPN (I guess)

pnye · January 13, 2024, 3:49pm

Solved: I have discovered why some computers were bypassing the PiHole. It was the corperate Avast agent running locally when the ‘Real Site’ protection was enabled. As soon as I disabled Real Site (Real Site - FAQs | Avast) then the computer DNS requests went though Pihole.

pjdouillard · January 15, 2024, 5:07pm

OP, you need to forward any port 53 request to PI-Hole with a NAT rule.
That will you will steer all interesting traffic properly, but you will also reply to the sourve as it was the dns they used (with another NAT rule for traffic from PI-Hole).

Also block the QUIC protocol and you will be all set.

NoahD · January 20, 2024, 1:08am

Yep. That’s exactly what I did with my pfsense to restrict DNS to only be queried by PiHole.

Hammer · January 20, 2024, 2:31pm

Would you be able to provide examples of these two rules to redirect all DNS requests to my pihole located at 192.168.1.6? Thank you!