I don't use it, I use the web adverts category in web filter. The latter will out perform your Pi-Hole, the former only sees HTTP requests.

I think dns does not search for https only the domain name.

Web Filter uses SNI to inspect HTTPs sessions. That's basically the same level of detail you get from a DNS filter.

Appreciate the insights. I'll fine tune the web filtering and turn off Ad Blocker.

oj88,
Like you, using pihole as well and have turned off ad blocker a long time ago. I'm looking at turning off the web filter for web advertisements in the coming weeks because:
* pihole has a much better quality blocking adverts, telemetry, malware, etc.
* dns load balancing plus it finds the faster DNS servers configured.
* if a website doesn't work, my kids can unblock pihole for 5minutes and debug to see sites that blocked which should potentially be whitelisted and they checked with me if it's okay or not.

Yeah, being a Pi-hole user for barely a week, I'm sold! Nothing against Untangle but all things considered, Ad Blocker ought to be removed or updated to something more robust. IMO, it catches ads like sipping soup with a fork. I have turned it off as well, as advised above.

In the rolling 24-hour report, Pi-hole blocks north of 50,000 queries to ad domains, which averages to about 30% of all DNS queries.... that's web traffic that's not even going to reach Untangle.


I'm not yet ready to turn off advert blocking in Web Filter. I still see it blocking a few adverts even with Pi-hole running so I'll probably keep it as a 2nd layer protection for now.

I am curious as to how you've setup your DNS load balancing. I maintain a Windows Server DNS for internal name resolutions like such:

Clients from multiple VLANs > Windows Server 2019 DHCP+DNS > Pi-hole > Untangle.

PIhole can do dhcp and dns. It will work for local dns. I don't use that yet but will when support for 2012r2 runs out now that I am retired.

I don't think Pi-hole can do multiple DHCP pools, at least not from the GUI. As for local DNS resolution, do I have to manually enter each client hostname+IP in Pi-hole? I have Windows DHCP+DNS do that for me automatically. This is important because I use the clients' hostname as conditions in Untangle's Policy Manager.

That seems right. mine is blocking at 29% with 1.2million domains being blacklisted. For load balancing, the context here is about load balancing/High availability in upstream DNS providers used by pihole. For me, i use opendns, cloudfare and my ISP DNS. Because pihole uses dnsmasq, The magical sauce is "--all-servers". forwarded DNS queries goes to all upstream nameservers simultaneously and dnsmasq chooses the fastest one.

The effect is that you get the fastest dns response (mine is at least 30% faster average) and HA at the same time since if opendns is down, it will simply ignore it.

Like a bad infomercial at night, but wait there's more! since untangle uses dnsmasq, you can do the same thing above to make dns resolution faster if you don't use pihole.

Now, for the cons. slight privacy since you are advertising your dns request to multiple provider. bad netizen since you unnecessarily query upstream dns? my counter to that is that it's free (opendns and cloudfare) and i paid for my ISP to use their DNS infrastructure.