I forgot about that, but I would start with not using Google Chrome. I don’t think that is even possible
Personally, I don’t use Chrome, I have Chromium in one place, Brave and firefox elsewhere. But Chrome is definitely not for me. 
Are you sure this is just the situation in Chrome?
DoH is a GUI option in FF, not sure if you can turn it off in Chrome or not but that definitely poses an issue.
DNS filtering is pretty widespread in enterprise networks obviously
You can block 53 and 853 traffic on W10 except for your pihole. Then nothing will slip at 53 without your pihole. Just a problem when DOH enters the game.
Theoretically, you can try to block 443 for NS IPs but … Rather poor effect will be if the pool is very wide and different than typical public. An open question is whether you can force 53 traffic if the program only desperately wants to doh.
It’s getting so weird right now. I set it up on a totally different machine on which it has never been set PiHole as a DNS and it works on Chrome and Edge, while on my machine that I use all the time it’s like PiHole gets bypassed all the time now.
You need to conduct a step-by-step investigation.
Are you sure this particular computer has DNS correctly entered?
Are you sure there is no vpn, socks tunnel on this machine … which bypasses local dns?
What does https://www.dnsleaktest.com say?
Do other web browsers on this computer send dns queries to pihole?
What happens when you block all 53 traffic on this computer?
What do you have in the HOST file?
1 Like
- Yes, the DNS is indeed correct
- Yes, there’s no VPN or socks tunnel on the machine
- DNS leak test says that addresses on my machine can be resolved by my provider DNS and OpenDNS as specified by PiHole
- Host file is empty
- Can’t block the traffic on port 53 because there are other machines running I can’t stop.
Also ther’s something extremely weird that happened: I tried setting in Windows 1.0.0.0 as DNS thinking that it might be an invalid setting that would break my connection. To my surprise it didn’t and my machine still connected like nothing has been changed.
All the changes were made in Control Panel > Networking and Internet (translating on the fly into english, bare with me) > Connections and Sharing > Modify network card properties > Properties > Internet Protocol v4 > Properties and then I’ve set up only the first DNS entry so there’s no secondary DNS it can access.
The 1.0.0.0 ip address is owned my Cloudflare so its probably the same as their 1.1.1.1 DNS service.
As far as I know they only exposed as public DNSs 1.1.1.1 and 1.0.0.1. I just wanted to input an invalid IP address to test. Maybe I need to try another one to see what happens.
Update: tried 223.223.223.223 as a DNS and my PC ignores it like nothing. Edge and Chrome still connect to the internet. The taskbar doesen’t even show a yellow triangle.
1 Like
well namp shows port 53 as open so its a DNS server whatever it is
michael@fedora ~ » sudo nmap -sU 1.0.0.0 -p 53
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 20:48 BST
Nmap scan report for 1.0.0.0
Host is up (0.023s latency).
PORT STATE SERVICE
53/udp open|filtered domain
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds
1 Like
Do you have other systems on your W10? I meant blocking per specific machine locally on a firewall (for example comodo) but if you have vm then it’s hard.
So it looks slowly that it’s not so much a problem with Chrome but with your W10 which for some reason has dns nested settings or some application is up to something.
Remove the network card from the system and let the system detect it again and set the network data manually.
Turn off ipv6.
Set NS to 127.0.0.1
It’s best to check if other applications are able to query dns and not just web browsers.
What does ipconfig say? Correctly showing dns for the correct card?
Do flushdns and nslookup forum.level1techs.com and see what dns returns and whether pihole will actually get an inquiry.
Some security programs / packages also like to modify dns to their own.
Do you use active directory?
Yes, but they’re not running at the moment. W10 is host
Nome: forum.level1techs.com
Addresses: 2606:4700:20::6819:686f
2606:4700:20::6819:676f
104.25.103.111
104.25.104.111
Ipconfig doesen’t say anything meaningful.
I’d like not to do that. I really need this machine to be functional and I don’t want to tinker too much on it beyond what is needed.
I FOUND THE PROBLEM!
I don’t know, I don’t know what it is but disabling the VMware virtual LANs, the IPv6 and forcing a static IP address with the DNS server of my PiHole now eveyrthing is working as it should. If I don’t keep any one of those three things set up that way everything breaks and nothing goes through PiHole. What is happening!?
P.S. not only I have to set a static IP address through Windows and specify the DNS address, but I also have to specify it in the other more generic option which uses DHCP.
You have a mess with routes, interfaces, routing and ipv6 … Something in this area, it’s hard to say because I’m moving in the dark.
Since it helped to turn off VMware virtual LAN and ipv6, the traffic probably went on v6 and some left interface.
The key word is probably “Virtual Network’s DNS Server” …
I’ve never messed with networking on my machine so I think VMware did something fishy in the background that really messed up everything.
Ah yes. I’ve had problems on some systems where VMware was installed with an Android emulator (by kiddies or people that are desperate for WeChat on PC) and it messes up Networking.
The Android VM is the last thing I need. Do you think that removing it would make any difference?
Wiping VMware entirely could potentially fix your network routes. It will depend on how clean the uninstallation is. If this doesn’t work, you’ll need to wipe and restart.
I deleted the Android VM and now the PC correctly uses PiHole DNSs BUT I have to keep IPv6 disabled else the PiHole DNSs get completly ignored for reasons completly unkown to me.
P.S. mind you I’m talking about a VMware Android VM, not an Android emulator of any kind.