Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Block IPv6 ads #140

Closed
jacobsalmela opened this issue Dec 31, 2015 · 8 comments
Closed

Block IPv6 ads #140

jacobsalmela opened this issue Dec 31, 2015 · 8 comments

Comments

@jacobsalmela
Copy link
Contributor

@jacobsalmela jacobsalmela commented Dec 31, 2015

The Pi-hole blocks IPv4 (A) just fine, but IPv6 (AAAA) ads still get through. We thought it might be https causing the issue, but now we think it is the AAAA records.

@dschaper has had some success blocking over IPv6.

@jacobsalmela

This comment has been minimized.

Copy link
Contributor Author

@jacobsalmela jacobsalmela commented Jan 1, 2016

On a new branch, I made some changes to gravity.sh and the installer. I think this works for blocking ads now. Maybe someone else wants to give it a try.

Before the IPv6 address is added to /etc/pihole/gravity.list, I get this.

Jan  1 00:46:21 dnsmasq[591]: /etc/pihole/gravity.list pubads.g.doubleclick.net is 192.168.1.100
Jan  1 00:46:21 dnsmasq[591]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.137
Jan  1 00:46:21 dnsmasq[591]: forwarded pubads.g.doubleclick.net to 8.8.4.4
Jan  1 00:46:21 dnsmasq[591]: reply pubads.g.doubleclick.net is <CNAME>
Jan  1 00:46:21 dnsmasq[591]: reply partnerad.l.doubleclick.net is NODATA-IPv6

So the A record is sent to the Pi-hole but the AAAA record is forwarded on.

After:

Jan  1 02:15:17 dnsmasq[5607]: query[A] pubads.g.doubleclick.net from 192.168.1.137
Jan  1 02:15:17 dnsmasq[5607]: /etc/pihole/gravity.list pubads.g.doubleclick.net is 192.168.1.100
Jan  1 02:15:17 dnsmasq[5607]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.137
Jan  1 02:15:17 dnsmasq[5607]: /etc/pihole/gravity.list pubads.g.doubleclick.net is 2601:123:1234:abcd:3d6f:2613:89af:6a06

The AAAA record is sent the to Pi's IPv6 address. No other configuration is required.

@iblamefish

This comment has been minimized.

Copy link
Contributor

@iblamefish iblamefish commented Jan 1, 2016

Works for me.

Before:

Jan  1 13:28:49 dnsmasq[27839]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.6
Jan  1 13:28:49 dnsmasq[27839]: forwarded pubads.g.doubleclick.net to 8.8.4.4
Jan  1 13:28:49 dnsmasq[27839]: forwarded pubads.g.doubleclick.net to 8.8.8.8
Jan  1 13:28:49 dnsmasq[27839]: reply pubads.g.doubleclick.net is <CNAME>
Jan  1 13:28:49 dnsmasq[27839]: reply partnerad.l.doubleclick.net is NODATA-IPv6

After:

Jan  1 13:54:38 dnsmasq[389]: query[AAAA] pubads.g.doubleclick.net from 192.168.1.6
Jan  1 13:54:38 dnsmasq[389]: /etc/pihole/gravity.list pubads.g.doubleclick.net is fd0c:d6bd:9997:1f00:2c23:c033:3f2d:5e4c

However there's a bug in gravity.sh where IPv6 entries are not added to gravity.list if /tmp/piholeIP does not exist. I'll submit a PR :) PR here: #141

@dschaper

This comment has been minimized.

Copy link
Member

@dschaper dschaper commented Jan 1, 2016

I think this ties up IPv6. The v6 address that @iblamefish posted looks to be a ULA, so private and public addresses look like they are working.

@jacobsalmela

This comment has been minimized.

Copy link
Contributor Author

@jacobsalmela jacobsalmela commented Jan 2, 2016

Fixed by #144

@angristan

This comment has been minimized.

Copy link

@angristan angristan commented Nov 4, 2016

Hello, is it normal that the AAAA query isn't blocked ?
screenshot_04-11-2016_b 0_-sdfr2

@Mcat12

This comment has been minimized.

Copy link
Member

@Mcat12 Mcat12 commented Nov 5, 2016

Did you install Pi-hole with IPv6 support? Open a new issue if you did install with IPv6 and are still having this issue.

@angristan

This comment has been minimized.

Copy link

@angristan angristan commented Nov 6, 2016

No because my server has no IPv6, but the clients can still make AAAA queries

@Mcat12

This comment has been minimized.

Copy link
Member

@Mcat12 Mcat12 commented Nov 6, 2016

Try reconfiguring with IPv6 support via pihole -r

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.