Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block IPv6 ads #140

Closed
jacobsalmela opened this issue Dec 31, 2015 · 8 comments
Closed

Block IPv6 ads #140

jacobsalmela opened this issue Dec 31, 2015 · 8 comments
Labels
Enhancement Help Wanted
Milestone
IPv6 ads blocked

Comments

@jacobsalmela
Copy link
Contributor

The Pi-hole blocks IPv4 (A) just fine, but IPv6 (AAAA) ads still get through. We thought it might be https causing the issue, but now we think it is the AAAA records.

@dschaper has had some success blocking over IPv6.
@jacobsalmela jacobsalmela added this to the IPv6 ads blocked milestone Dec 31, 2015
@jacobsalmela
Copy link
Contributor Author

On a new branch, I made some changes to gravity.sh and the installer. I think this works for blocking ads now. Maybe someone else wants to give it a try.

Before the IPv6 address is added to /etc/pihole/gravity.list, I get this.

Jan  1 00:46:21 dnsmasq[591]: /etc/pihole/gravity.list pubads.g.doubleclick.net is 192.168.1.100
Jan  1 00:46:21 dnsmasq[591]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.137
Jan  1 00:46:21 dnsmasq[591]: forwarded pubads.g.doubleclick.net to 8.8.4.4
Jan  1 00:46:21 dnsmasq[591]: reply pubads.g.doubleclick.net is <CNAME>
Jan  1 00:46:21 dnsmasq[591]: reply partnerad.l.doubleclick.net is NODATA-IPv6

So the A record is sent to the Pi-hole but the AAAA record is forwarded on.

After:

Jan  1 02:15:17 dnsmasq[5607]: query[A] pubads.g.doubleclick.net from 192.168.1.137
Jan  1 02:15:17 dnsmasq[5607]: /etc/pihole/gravity.list pubads.g.doubleclick.net is 192.168.1.100
Jan  1 02:15:17 dnsmasq[5607]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.137
Jan  1 02:15:17 dnsmasq[5607]: /etc/pihole/gravity.list pubads.g.doubleclick.net is 2601:123:1234:abcd:3d6f:2613:89af:6a06

The AAAA record is sent the to Pi's IPv6 address. No other configuration is required.

@clinton3141
Copy link
Contributor

Works for me.

Before:

Jan  1 13:28:49 dnsmasq[27839]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.6
Jan  1 13:28:49 dnsmasq[27839]: forwarded pubads.g.doubleclick.net to 8.8.4.4
Jan  1 13:28:49 dnsmasq[27839]: forwarded pubads.g.doubleclick.net to 8.8.8.8
Jan  1 13:28:49 dnsmasq[27839]: reply pubads.g.doubleclick.net is <CNAME>
Jan  1 13:28:49 dnsmasq[27839]: reply partnerad.l.doubleclick.net is NODATA-IPv6

After:

Jan  1 13:54:38 dnsmasq[389]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.6
Jan  1 13:54:38 dnsmasq[389]: /etc/pihole/gravity.list pubads.g.doubleclick.net is fd0c:d6bd:9997:1f00:2c23:c033:3f2d:5e4c

However there's a bug in gravity.sh where IPv6 entries are not added to gravity.list if /tmp/piholeIP does not exist. I'll submit a PR :) PR here: #141

@dschaper
Copy link
Member

dschaper commented Jan 1, 2016

I think this ties up IPv6. The v6 address that @iblamefish posted looks to be a ULA, so private and public addresses look like they are working.

@jacobsalmela
Copy link
Contributor Author

Fixed by #144

@angristan
Copy link

Hello, is it normal that the AAAA query isn't blocked ?
screenshot_04-11-2016_b 0_-sdfr2

@AzureMarker
Copy link
Contributor

Did you install Pi-hole with IPv6 support? Open a new issue if you did install with IPv6 and are still having this issue.

@angristan
Copy link

No because my server has no IPv6, but the clients can still make AAAA queries

@AzureMarker
Copy link
Contributor

Try reconfiguring with IPv6 support via pihole -r

@wilbert-vb wilbert-vb mentioned this issue Apr 15, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Help Wanted
Projects
None yet
Milestone
IPv6 ads blocked
Development

No branches or pull requests
5 participants
@clinton3141 @dschaper @jacobsalmela @AzureMarker @angristan