Pi hole (PH) running in macvlan, as primary DNS server for LAN environments (def in Unifi for each network when needed), local domain recognised in PH, DHCP by Unifi, dnscryp-proxy running directly in USG to Cloudflare, Cloudflare proxied, … and I can see every single LAN client records (query) in the PH.
No need to be worried about just 92% from the test. Because sometimes we need some services related to the blacklist records, e.g. CDN route to gstatic.com from few useful Google services.
Then I found yesterday that the priority order defined by PH architecture:
1. Exact whitelist
2. Regex whitelist
3. Exact blacklist
4. Blocklist domains (aka Gravity and custom add lists)
5. Regex blacklist
doesn’t work 100% reliable.
Single domain from the exact whitelist was blocked by another in exact blacklist. Due the “hidden” CDN stream.
but still it is really simple, easy and useful solution, means the PH
Now working at SQLLite ODBC connector into PowerBI to get more analytics than from Influx/Telegraf/Grafana. No need web UI for the visualisations. And also it is more secure.