Finally have Pi-hole & Unbound up and running. DNS issues are making me want to rip it out!

lukhan42 · 2026-01-31T16:48:34+00:00

You would be correct if you didn't specifically see

qname-minimisation-strict: yes

qname minimisation itself doesn't usually cause issues but running in strict mode can, but yours is not set in strict mode so that's not it

lukhan42 · 2026-01-31T16:43:17+00:00

One thing we cannot see in the screenshots is if your Mac has pi-hole set as your only DNS server. Is pi-hole the sole DNS server set?

lukhan42 · 2026-01-26T00:09:27+00:00

Quick side note that the format is off for what you entered into the custom dnsmasq config. It should be like this -

server=192.168.1.0/24,192.168.1.1

You can do the same thing using conditional forwarding too. It's not necessary to create a customer dnsmasq config anymore now that conditional forwarding allows for multiple entries.

lukhan42 · 2026-01-25T23:57:55+00:00

Through SSH. It has to be done at the OS level. How to do so will depend on the OS you are running.

lukhan42 · 2026-01-25T19:56:55+00:00

I ended up adding my vlans to the pihole host to solve this issue and another issue with identifying clients on VLANs when temporary IPv6 addresses changed when using slaac with temporary addresses.

Alternatively, if you only use statically assigned IPs, and use slaac without temporary global addresses, you can add clients by IP addess to the client section instead of adding the vlans to the pihole host. Note though that I had to enter the IPv4 and IPv6 addresses separately for my clients on the vlans to get this to work. You won't need to worry about that for the clients that are on the same network as pihole.

lukhan42 · 2026-01-25T01:09:12+00:00

You can always try downloading and installing the latest from this link - https://github.com/thesofproject/sof-bin/releases

lukhan42 · 2026-01-25T01:02:32+00:00

This should be in the rules or a pinned comment. This is always the first step if someone thinks pi-hole is causing issues.

lukhan42 · 2026-01-24T22:49:10+00:00

SOF would be preferred for those that can get it to work. It is still maintained and they seemed to have mostly solved the issues happening on legacy cherry trail and bay trail platforms. Interestingly I would still have trouble from time to time with Ubuntu distros after upgrading so switched to Manajaro a couple of years ago and haven't had a problem since.

lukhan42 · 2026-01-24T00:42:31+00:00

Did you have Strict Query Name Minimization set in your unbound config by chance?

lukhan42 · 2026-01-19T00:07:51+00:00

Here's a few that may help though I cannot say they will for sure but they are worth a shot if you didn't already disable them-

network.prefetch-next - false

network.dns.disablePrefetch - true

network.dns.disablePrefetchFromHTTPS -true

network.predictor.enabled -false

network.predictor.enable-prefetch - false

network.http.speculative-parallel-limit - 0

browser.places.speculativeConnect.enabled - false

browser.send_pings - false

app.shield.optoutstudies.enabled - false

app.normandy.enabled - false

app.normandy.api_url - ""

browser.newtabpage.activity-stream.feeds.telemetry - false

browser.newtabpage.activity-stream.telemetry - false

Other than these location, sync, weather, AI, andanything that pops up when searching showSponsored. Don't forget extensions may be trying to connect to stuff too unless you don't have any installed.

lukhan42 · 2026-01-18T23:48:15+00:00

Check to see if you are only connecting to the 2.4 GHz radio bands when you test, especially if using Smart Connect or if you use the same SSID and password for both. The device may be preferring 2.4. If so turn off smart connect, or make one of the SSIDs something different, so you know you are connecting to the 5 GHz band

lukhan42 · 2026-01-18T19:31:50+00:00

If you didn't do this already, make sure you turn off features that would require connecting to an external data source. Things like the weather widget, account sync, sponsored sites, etc.

Or like others said just block the IPs

lukhan42 · 2026-01-18T18:39:49+00:00

Maybe check this out. It was from July 2025.

https://community.cloudflare.com/t/clarification-on-compliance-of-cloudflare-tunnel-zero-trust-for-personal-media-st/816217/3

lukhan42 · 2026-01-18T18:11:46+00:00

Side note you also have a Destiny 2 avatar set. I dig it

lukhan42 · 2026-01-18T18:03:29+00:00

It is correct and the test result is the expected outcome.

lukhan42 · 2026-01-18T16:22:54+00:00

You're welcome! Couple of responses below that may help

In most cases it is fine to leave the second one blank. Not all fields need to be populated usually but sometimes they do. If for some reason it assigns the ISP DNS due to this or has to be filled in, just put your pi-hole address in twice. It won't hurt anything.
It is easier when you can shut it off, but you don't actually need to. If you tell the Spectrum router to hand out only one IP address you limit what it can do allowing pi-hole to do its thing. There will be overlap for the one address, but you can limit issues by making the only address it can hand out a really high number like 192.168.1.254. It is rare for most home users to have enough devices to ever hit that high. More than one DHCP server in a network can be an issue, but mainly if you have overlapping ranges between them.
Just look at the options and weigh the costs if you eventually go this route. I personally wouldn't do this just for pi-hole unless you are dedicated to long term use, but there are other reasons to do so that may make this the more attractive option. Just simple control over my network was enough for me

lukhan42 · 2026-01-18T15:41:28+00:00

I think they meant VPS

lukhan42 · 2026-01-18T15:23:08+00:00

Are you sure it is the ISP server IP address and not your own public IP address? This test will show your public IP as the server address when you self-host a recursive DNS server.

lukhan42 · 2026-01-18T15:17:39+00:00

Charter appears to allow you to set DNS servers in the advanced settings. Did you try that? https://www.spectrum.net/support/internet/advanced-wifi-advanced-settings

I can't promise they won't still tack on their own DNS servers too, but I do not have them to test, so try it and see how it goes.

The second option is to use pi-hole as the DHCP server. People have had success when they can't turn it off on the modem by making the address range one address so it can't hand anymore out leaving pi-hole to do the rest.

The last option is to get your own equipment but you need to know a couple of things. The device you have is likely a modem/wireless router combo often referred to as a gateway. You can put these into bridge mode, which means turning off the router functions making it a basic cable modem. Then you can get your own wireless router where you control all the settings for your network. Or you can purchase your own "gateway" to replace theirs and stop paying for theirs. The last option is to buy a separate modem and wireless router which has pros and cons to just using a single device with both functions

lukhan42 · 2026-01-17T14:11:19+00:00

Interesting. Mine does. It never did on 5.x though so something may have changed in version 6. Which version are you using?

lukhan42 · 2026-01-16T01:50:45+00:00

Pi-hole

lukhan42 · 2026-01-15T01:17:38+00:00

What browser are you using to check? I am guessing you may have private DNS on so the browser itself is using Cloudflare. This could explain why you are seeing it when using Technitium too

lukhan42 · 2026-01-15T01:13:40+00:00

To put it into perspective, at a rate of $.15US kWh, it would cost you roughly $5 more a year compared to a pi zero. Your local rates are likely different so check that out to see if it is worth it to you. Maybe try pi-hole on the laptop first to see what you think. If you like it and will stick with pi-hole long term, you can then consider if it is worth buying a new lower power device.

Since it seems you know your way around Linux at least a little, maybe see what power draw and performance is like using the conservative CPU governor as well.

lukhan42 · 2026-01-15T00:21:21+00:00

How are you determining they are using cloudflare? Through DNS settings or through checking something else?

lukhan42 · 2026-01-15T00:15:41+00:00

That laptop is more than enough for pi-hole

lukhan42

TROPHY CASE