Always have to edit /etc/resolv.conf for DNS resolution

Help
1

Recently I just ran pihole -r and Reconfigure to update to the latest version of Pihole. After rebooting the RPi, the DNS resolution on the RPi fails and I cannot ping websites by their normal web address (pinging by IP address works)

Expected Behaviour:

Upon rebooting the RPi, ping google.com should work as normal and return something like

64 bytes from lga34s13-in-f14.1e100.net (172.217.10.46): icmp_seq=1 ttl=54 time=19.8 ms

Actual Behaviour:

ping: google.com: Temporary failure in name resolution.

Also when I try to run pihole -r and either reconfigure or repair, when it gets to the part where FTL is installed, I get the following:

[✗] Downloading and Installing FTL Error: Unable to get latest release location from GitHub

Result of running dig google.com

pi@raspberrypi:~ $ dig google.com
; <<>> DiG 9.10.3-P4-Raspbian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16096
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 49 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 05 11:20:24 EDT 2019 ;; MSG SIZE rcvd: 39

Temporary fix:

I change the /etc/resolv.conf name server from 127.0.0.1 to a public working DNS server for DNS resolution to work (like 8.8.8.8). However I have to do this every single time after a reboot to get it working properly.

Afterwards i can ping google.com and other websites as normal.

Debug Token:

jmnn1hx3vi

Additional info:

Pihole version: v4.3
Raspbian GNU/Linux 9 (stretch)
PHP 7.0.33-0+deb9u3

1 Like
2

Your debug log shows that there may be a problem with clients reaching the Pi-Hole over it's IP address.

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] homedeco.com.bo is 0.0.0.0 via localhost (127.0.0.1)
[✗] Failed to resolve homedeco.com.bo via Pi-hole (192.168.1.12)
[✓] doubleclick.com is 172.217.11.14 via a remote, public DNS server (8.8.8.8)

You also have DNSSEC enabled, and if the time on the Pi is not correct, this can interfere with DNSSEC authentication and result in SERVFAIL replies.

I would disable DNSSEC for now, and manually map a single client to the Pi-Hole. From the client, see if you can connect to Pi-Hole. If not, then restart both the Pi and router and check that you have a good IP connection between them.

3

That fixed it. Thanks a lot.

For anyone wonder, I disabled dnssec by going to the Pihole Admin Web Console > Settings > DNS tab > Unchecked 'Use DNSSEC'.

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.