Domains not being resolved using public DNS servers after usage of pihole/adguard

Question

I am having issues on a client machine (Mac) accessing different sites, for instance reddit.com, after having used adguard/pihole in my local network on a raspberry pi.

To resolve the issue I thought it would be enough to set the DNS Server to something like 8.8.8.8 (google) on the wifi interface.

But when doing an nslookup -debug reddit.com I still get the following answer:

Server:     8.8.8.8
Address:    8.8.8.8#53

------------
    QUESTIONS:
    reddit.com, type = A, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  reddit.com
    origin = cleanbrowsing.rpz.noc.org
    mail addr = accesspolicy.rpz.noc.org
    serial = 1
    refresh = 7200
    retry = 900
    expire = 1209600
    minimum = 86400
    ttl = 3600
    ADDITIONAL RECORDS:
------------
** server can't find reddit.com: NXDOMAIN

I have used my pi as pihole server or adguard home server previously on all my client machines in the network due to DHCP DNS configuration.

But now that I hardcode google DNS shouldn't I get the correct authoritative answer from Google DNS? For sure Google DNS knows reddit.com.

Edit:

What did I try already?

• I flushed my Mac's DNS caches and just about every DNS cache on my networks machines
• I connected to another network (personal hotspot) - I could resolve reddit.com using 8.8.8.8!

So it seems to have something to do with my network:

Here is my network:

• Unifi Dream Machine SE as router with different networks
• Each network on the UDM has 2 DNS servers set for DHCP: One pointing to a pihole, one to itself

When I connect to a network I automatically get the 2 DNS servers via DHCP config. The intention was to block malicious sites.

While working on that I deactivated the blocking but still couldn't access sites and had adblocking active :/ .

Then I hardcoded the upstream DNS of my machines to Google DNS and still wasn't able to resolve reddit.com.

Now I was puzzled and still am.

Answer 1

I can't comment, but have you flushed your DNS cache?

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

Answer 2

I would suggest to use dig or host, since OSX is Unix so it comes with bind utils, and nslookup is old and harder to customize. That said, directly querying DNS servers with dig reddit.com or host reddit.com is not using the OS cache: you pass through the cache if you use ping reddit.com or curl https://reddit.com. Could it be the Ubuqity device is performing some firewalling to forbid clients setting their own DNS? To confirm this, you can set the google DNS on the Unify itself. I would look at pihole logs/configuration, to understand if it is able to resolve itself: if the router is a new addition to the network, and it is filtering DNS queries, it may be also filtering pihole.

Probably this could help

Answer 3

Thanks to the answer of @Nicola and also with the help of comments of my question here I found the solution to the problem in my networks Unifi UDM SE router: Under "Settings > Networks > [YourNetworkHere] > Advanced: Content Filtering" set the filtering mode to "None", otherwise cleanbrowsing.org will be used for DNS ‍♂️.

Wasn't aware of the real consequences of this setting.

This would explain all the problems. Thanks for all your help and pointing me in the right direction!