I have set up a pi-hole.
It is running and reachable on my LAN via IP4 at 192.168.178.53.
On my router I made its address static, it always gets the same address. My router also announces this DNS server to every client. On basically all my devices this works fine, as I see its being used and I see that is blocking sites for many of my clients:
Yet I noticed no difference on my Windows 11 machine.
So for for debugging purposes I have added a blacklist for stackoverflow.com:
If I try to access an website blacklisted on my Android phone I get the expected ERR_CONNECTION_REFUSED error and no page is loaded.
Yet on my Windows 11 client, the website is still still reachable working perfectly fine.
Even though the correct DNS is shown when I run ipconfig /all for my used ethernet connection:
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . : fritz.box
Description . . . . . . . . . . . : Intel(R) I211 Gigabit Network Connection #2
Physical Address. . . . . . . . . : 00-D8-61-16-00-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.178.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Donnerstag, 23. November 2023 22:26:23
Lease Expires . . . . . . . . . . : Sonntag, 3. Dezember 2023 22:26:21
Default Gateway . . . . . . . . . : 192.168.178.1
DHCP Server . . . . . . . . . . . : 192.168.178.1
DNS Servers . . . . . . . . . . . : 192.168.178.53
192.168.178.53
NetBIOS over Tcpip. . . . . . . . : Enabled
I tried:
- disabling TCP/IPv6 in the network's properties
- disabling IPv6 on the router
- setting the DNS manually on the ethernet for both primary and secondary to the pihole's IP address
- Windows power shell, running:
ipconfig /flushdnsto clear internal windows cache, multiple times whenever I changed anything else - in chrome:
- clearing host cache via
chrome://net-internals/#dns - disabling
Use Secure DNSin chrome's settings
- clearing host cache via
Yet it will always resolve. The website stubbornly just works on my Windows 11 client. I am very confused as to why my Windows client does not seem to use the DNS. (I rather expect for no website to be reachable at all, if there was a problem reaching the pi-hole, yet that it seemingly defaults to some magic internal static DNS server seems strange to me.)
It neither works when my Windows client is connected via ethernet nor via WIFI.
In both cases, I see the correct DNS server configured.
Even weirder, when I run nslookup stackoverflow.com on my powershell I see as expected:
nslookup stackoverflow.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.178.53
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
Yet when I am in chrome, the blacklisted website runs fine.
When I try to query another non-blacklisted domain, I get a response, even though I find it weird it still time out a lot. Not sure if that may be related?
nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.178.53
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4001:81c::200e
216.58.206.46
Also, I just checked on my local Windows 11 machine that other browsers also can access the blacklisted site.
What am I missing?
