|
Greetings Kind Regards I've been watching "Sneaky Pete" of late. Sounds like one of the episodes.
|
|
|
|
|
<fx:four yorkshiremen="">
You were lucky, lad ...
|
|
|
|
|
I changed ISPs back in January, and it just so happens I started running into problems, roughly at the same time, with the Debian VM I had running Pi-Hole. Eventually I just shut it down, and I hadn't tried to recreate it until recently.
I quickly realized that nothing was going through Pi-Hole anymore (reinstalled from scratch, including the OS). Total Queries and Queries Blocked figures remained at 0. As I used to, I provided Pi-Hole's (static) IP as my primary DNS on a few systems (also all using static IPs), followed by my DC's IP, and finally my router's (192.168.1.1) - in that order.
Unlike the router I was previously using, my (new) ISP's router does NOT present any option to specify any DNS server. I've gone through every page, including settings hiding under Advanced buttons. Nothing about DNS.
I know very little about DNS, but searching through articles discussing problems with Pi-Hole, I did find something that also adds domain controllers to the mix.
I do have a domain controller, which is set up with its own DNS service. I launched its DNS Manager, selected my domain, selected Forwarders, right-click, Properties, then added Pi-Hole's static IP as the first entry (the only other one being my router, which - after this change - is now the second in the list).
Bingo - suddenly the Request and Blocked figures immediately shot up, and pages that used to be riddled with ads now show blank spaces where ads used to be. Bonus, since all my systems already have my DC's IP for their primary DNS, I don't have to add Pi-Hole's IP anywhere (but as a forwarder on the DC itself, which is a one-time operation).
But a question remains. If I had a system that had its preferred DNS set up as this (in this order):
a) Pi-Hole
b) The DC
c) The router
...why would the queries not go to Pi-Hole first and foremost? Now my configuration is:
a) The DC (with Pi-Hole's IP under Forwarders)
b) The router
...and it all works.
Why?
Either way, I hope this helps someone.
|
|
|
|
|
In most cases, if you use the cable provider's router, you can't change the DNS settings. You MUST run your cable modem in bridge mode (if your provider will allow that), or even better (and more secure), you have to get a more decent router AND a cable modem that is just a modem. One of the reasons you don't want to use your ISP's equipment is because they can also bypass your admin password and perform unwanted updates that could further restrict your access to certain settings in the router.
This is what I had to do, because I am on Comcast and their modem/router was the same way. I have two Raspberry Pi's running Pi-Hole and serving as primary and secondary DNS servers and I couldn't use them because of the ISP's router. If you're interested, I can provide manufacturer/model names of the modem/router I use when I get home from work today.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
My switchover was rather nightmarish, it was supposed to be quite literally replace the previous ISP's modem with the new router, plug my router into theirs, and call it a day.
But due to complications I won't get into, I had to simplify, simplify, and then simplify again to get things working, to the extent that I just removed my own router from the equation. The intent has always been to reintroduce my router, place theirs in bridge mode, and slowly re-add my own customizations one at a time (Pi-Hole being one of them--which I've now managed to do without reintroducing my router first).
But since the ISP switch, I've always been left with this nasty, dirty feeling, knowing my ISP probably has more control over my setup than I'd like.
I will get back to it, but I'll wait until I'm on vacation to do so - working from home, I can't risk going without internet for any sort of prolonged duration. Originally, I had started my migration on a Friday evening, and by late Sunday afternoon, I just ripped out my old router and reluctantly let "theirs" take over. To make a long story short, I was trying to replace too many moving parts all at once.
And FWIW, it's a 5G router - specifically, Nokia's "FastMile 5G Gateway 3.2". The web admin UI is a lot nicer than most ISP's own routers, but exactly as you said, if you can't change something as basic as a DNS, it needs to be turned into a dumb connection device and hand over the real work to something else * I * can control.
The one thing I miss the most is the page from my older router showing, in real-time, the WAN bandwidth usage. I have an old ancient Android tablet I repurposed just to show that page 24/7. If something unexpectedly started chewing bandwidth, I knew immediately. These days I'm left guessing.
|
|
|
|
|
What I did was to setup yet another RPi in front of ISP router as my own router and of course the other as DNS/PiHole.
So basically I had my other local network that was having my RPi as a gateway to "ISP local network" that had gateway to the internet.
It is complicated setup so only if someone really really wants to shield yourself from ISP and has enough time to set it up, for me it was easy because I am quite into networking, but I can imagine for someone not so much into it, can take quite some time.
|
|
|
|
|
I'm thinking of upgrading from my 1GB up/down pipe to 2GB up/down
My question is, can I even run a pi-hole on a multi-gigabit gateway or will it bottleneck?
That's why I haven't run one.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
Glad you got it going with the domain controller. Just to add some umph to your umphness...
The modem/router may or may not have a DNS server (most don't), but that's not the same thing as its DNS settings, which most likely will point to your ISP's DNS. So, in effect it would just be a pass through and your DNS look ups are still using the ISP's servers directly.
Just guessing in the past, you had that VM set up to talk to your ISP's DNS servers and then your machine's DNS settings pointing to the VM. So, in effect, it was acting kinda like a domain controller.
Pihole is awesome btw. I'll stick it on a cheapo raspberry pi though. Works like a champ. I'll set the pi up to use either my ISP's DNS servers directly or just use Google's. Then I'll configure my machines (or domain controller) to use the raspberry pi as its DNS server. Installing Pihole automatically includes installing DNS software, including caching and everything.
Just FYI, if you ever into DNS issues with your ISP, Google offers free to use ones to bypass any ISP wonkiness. Primary 8.8.8.8 and secondary 8.8.4.4 . Seriously, do an ARIN search on it, those are Google IPs.
Jeremy Falcon
modified 11hrs ago.
|
|
|
|
|
dandy72 wrote: ...why would the queries not go to Pi-Hole first and foremost? Now my configuration is: Oh, to actually answer your question...
It should do that. The only reason it would only default to a secondary is if the primary is down. So maybe the Pi had issues. Can be confirmed with an nslookup. Or maybe (unlikely but just shooting in the dark) windows made the DC settings take priority?
dandy72 wrote: a) The DC (with Pi-Hole's IP under Forwarders) If you're going to use a DC this is the right way to do it anyway. Otherwise you'd be setting up DNS for every machine you logged in to, so may as well just do it on the DC. Unless you want to shut your DC down that is.
You shouldn't need forwarders though (I think, haven't used a DC in over a decade), your Pi has its own IP on the local network. For DNS, make sure they're static IPs though. But, if your DC is setting the configuration for DNS, an IP is an IP is an IP.
Jeremy Falcon
|
|
|
|
|
Marking your own message as [Spam] does not grant you permission to blatantly violate the one rule shown in red at the top of the lounge.
Away with you!
|
|
|
|
|
I've probably watched a French video a few weeks ago on YouTube. Ever since, YouTube has been showing me a mixture of French and English ads (maybe 50-50). At least I'm attributing this fact to the one video I might've watched, I see no other reason it might be showing me French ads.
I do NOT log into YouTube, so there's no language preference for me to set. I have no language set in my browser (Edge) other than the default US-English.
And at some point starting this week, every time I go to www.microsoft.com, it explicitly sends me to www.microsoft.com/fr-ca/. Again, despite the fact that I have no other language set in my browser. Or the OS's Regional Settings page.
I could try to clear cookies, but that's an all-or-nothing type of thing - I'd probably lose a lot of tweaks for various sites I'd rather not go through again. As far as I know, you can't clear cookies specifically for one site only. Or can you?
I've just tried InPrivate mode with Edge and going to www.microsoft.com. It sent me to www.microsoft.com/en-ca, so it knows I'm in Canada, but at least the page is in English. That, to me, tells me it's got to be some data in a cookie.
How might I go about finding, then removing that cookie...? Or does someone have a better suggestion?
(and no, I'm not changing browsers for that, TYVM)
|
|
|
|
|
You're forgetting one teensy thing, geolocation of your IP. If the cookie doesn't exist, your country can be guessed by your IP address.
|
|
|
|
|
Jinx! Didn't see your post before I replied.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
Bah! I would have beat you to it if I wasn't eating breakfast while I type.
|
|
|
|
|
Location doesn't infer language. It's the language I object to.
|
|
|
|
|
It's got you pegged for Quebec and the language is making certain assumptions about your location.
|
|
|
|
|
All geolocators I've seen since I've been on the internet (94? 95?) have shown my city as being my ISP's...which operates near Toronto, Ontario.
|
|
|
|
|
They do change. It used to be my location was pegged at about 50 miles away. Now it's got me down to about 6 miles.
|
|
|
|
|
Ok.
Riddle me this: Browsers on other systems within my LAN keep me on www.microsoft.com. Only one of them forwards me to www.microsoft.com/fr-ca.
Yet all my systems, from MS's perspective, should originate from the same public IP.
I'm not trying to be contradictory, I welcome the thoughts.
|
|
|
|
|
Ya got me there. I have no idea on that one.
|
|
|
|
|
Been a while since I messed with this but I suspect that finding your location from your IP is still a service that one can pay for.
So one place is using a service that pegs it to one location. And the others use something different.
|
|
|
|
|
I'm having a hard time following everything on this thread so forgive me if this is way out in left field, but ip geolocation is available as a free service. ip-api.com is one example.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
It might be using your IP to locate you.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
I'm okay with sites knowing what country I'm in (or province). So far all locators have been able to tell me is what city my ISP operates from (which is hundreds of miles away).
It's the (automatic) choice of language that bothers me.
|
|
|
|
|
I hate when they do that. I use Starlink, and all of their addresses point to Los Angeles. As a result, all the ads I get are Mexican language.
Will Rogers never met me.
|
|
|
|
|