24 comments

[ 2.9 ms ] story [ 73.9 ms ] thread
I set one up and Xfinity Comcast started disabling my cable. Suddenly no dns, I'd log into my cable modem and the signal strength would be zero.

At first it was a for a few minutes at a time, then a few hours at a time, then overnight.

I quit trying to use it and the problems went away.

This seems highly unlikely. How would Comcast be aware you were using such a device? No idea where you're located but the simplest answer is usually that cable modem service sucks.
How would Comcast be aware you were using such a device?

My theory is that I tripped some fraud detection software run by the advertisers, who would know their traffic was disappearing, who in turn notified comcast that my IP address was violating terms of service. All done by software, I doubt any human intervention took place. Not that they care that little old me doesn't see their ads, it's more bad actors trying to steal clicks or impressions or identifying information etc. Very hard to know the details unless you are a network engineer, it's not the kind of thing they want the public or the black hats to know.

But I'm sure it happened because I had the lowest tier comcast and a docsis 3.1 modem on fairly new cable plant. It was very solid. I could repeatably get my cable disabled just by turning on the pi-hole and waiting less than 15 minutes.

But I searched online and everyone else seems to be able to use them, so maybe it is me.

As others have said this being caused by proper functioning Pi Hole functionality (DNS) is impossible. As you’ve said I know many people using it with Comcast.

Networks are very funny things and much more complicated than most appreciate. Almost 10 years ago a blog post[0] I wrote with some crazy network debugging was the top post on HN.

I don’t expect you to read the full post but I was able to root cause analysis an issue with cause and effect that no one with network experience would think possible. Long story short in my case a specific byte value at an exact byte location would crash the ethernet controller and cause it to drop off the PCIe bus. You could forward billions of packets and it would never happen. Or one wrong one and end up having to power cycle to get it back…

I’m guessing you have a similar situation here. Maybe the Raspbery PI is glitching somehow and spamming absolute garbage traffic at the modem, which may or may not be forwarded to the DOCSIS side (which is shared broadcast). I could see Comcast booting the modem from the network in this scenario.

Maybe you have your own “packet of death” type scenario where the DNS requests from the Pi Hole and some other specific aspect of the traffic trigger something in the modem (more likely) or head end and crashing (kind of like my situation).

Or any of the other millions of things with a technical underlying cause that could be presenting here.

Unless you want to spend hundreds of hours debugging this like I did you’ll have to do what we all do everyday which is shrug your shoulders, say “Huh, that was weird”, and accept that you found yet another strange bug out there.

What I can say is what we’ve all said and what you’ve found elsewhere. This is not some Comcast advertising related conspiracy targeting you.

Hanlon’s Razor and all.

[0] - http://blog.krisk.org/2013/02/packets-of-death.html?m=1

You do realize if such a system was in place, people would be running into it literally all the time right? I just about don't use the web without an adblocker.
This is user error. Comcast doesn't care.
And yet it happened.

My theory is that I tripped some fraud detection software run by the advertisers, who would know their traffic was disappearing, who in turn notified comcast that my IP address was violating terms of service. All done by software, I doubt any human intervention took place. Not that they care that little old me doesn't see their ads, it's more bad actors trying to steal clicks or impressions or identifying information etc. Very hard to know the details unless you are a network engineer, it's not the kind of thing they want the public or the black hats to know.

But I'm sure it happened because I had the lowest tier comcast and a docsis 3.1 modem on fairly new cable plant. It was very solid. I could repeatably get my cable disabled just by turning on the pi-hole and waiting less than 15 minutes.

But I searched online and everyone else seems to be able to use them, so maybe it is me.

I believe you when you say your internet ceased working. Everything else seems to be conspiratorial reasoning without any clear evidence. No one likes Comcast, so people aren't covering for them. It's easy to make a configuration mistake - this just doesn't pass the smell test.
I use Xfinity and have had no issues running PI-Hole for over a year. However, I do a few things that could make a difference - I have my own modem, not an Xfinity rental. And I use better (and generally a more privacy focused) DNS (Quad 1, OpenDNS, and also Google DNS, yes aware that last is not very privacy friendly).

Only problem is my Pi died and I haven't set up a new one, been considering setting up a Pi cluster so if one goes down I don't have to scramble to fix it for Internet to work in our house (although I can just update the DNS at my router until it's fixed, so not too bad).

Been using it for a number of years, worth while and have donated on occasion in support of their work.
I recently switched from Pi-Hole to Adguard Home just to try it out. So far the user experience isn't any different but I have to say the Adguard web UI is quite nice.

I have to say installation on Ubuntu Server (which I run on a Pi4 just fine) couldn't be easier as it is as simple as 'sudo snap install adguard-home' and it all just works. Very nice.

I'm also a Pihole -> Adguard convert and it's been quite nice.
AdGuard allows 'approved ads', which for some of us is a dealbreaker.
I believe you are thinking of the Adguard Plus browser extension. We're talking about the Adguard Home DNS blocker which is a totally separate thing.
Does it block YouTube ads?
In my experience none of the DNS blockers such as Pi-Hole or Adguard block YouTube ads.

In the browser uBlock Origin handles this fine. On device you need to use a third party app to view YouTube that has adblocking functionality built in.

Pi hole is pretty cool. Personally I find using NextDNS easier given it’s fully hosted.
I had the same initial schock at how much traffic is ads and how often things call home.

It made me rip out what few smart devices I owned and blocked all social media sites.

pihole is great, it sucks how many hours I have to spend to have both Android Pay and root on my phone in order to never encounter ads, I wish it wasn't some sort of an alien concept in 2022 to control the devices you own
Try using nextdns. I set it up for my wife in her smartphone, as she didn't want to have it rooted. Works like a charm.

My phones are always rooted though, I want all the control I can get for my device.

I run a Pi-Hole on a Raspberry Pi Zero powered by a Chromecast Ethernet Power Adapter. The hardware is more than adequate and it's never been a problem reliability wise.

Used to have it running as a USB Gadget off the router's USB port but that had some weird issues that the Ethernet Power Adapter just bypasses.

> We then found that the Samsung TV (which I really like) is very fond of yapping all about itself to Samsung HQ. All stopped now. No sign of any breakages in its function, so I’m happy enough with that.

Now that I think about it… doesn't this in combination with IoT and planned obsolescence pretty much guarantee that block lists will have to grow in an unbounded fashion over time?

I wonder when the first "Legacy IoT Telemetry 2010-2020" list (or something similar) will pop up :)

That is, if it doesn't exist already.