Can't use internet with pihole as only DNS

Soumitsu · October 11, 2021, 1:10pm

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using `nginx` instead of `lighttpd`, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

To surf the internet with pihole set as one and only DNS

inxi -Fazy

System:
  Kernel: 5.14.10-1-MANJARO x86_64 bits: 64 compiler: gcc v: 11.1.0 
  parameters: BOOT_IMAGE=/boot/vmlinuz-5.14-x86_64 
  root=UUID=3e711149-8ebe-45af-8e9a-78a1cdacff3f rw quiet apparmor=1 
  security=apparmor resume=UUID=d27dc7f4-ce4f-48b8-ba69-9971d9cc4ca0 
  udev.log_priority=3 
  Desktop: KDE Plasma 5.22.5 tk: Qt 5.15.2 info: docker wm: kwin_x11 vt: 1 
  dm: SDDM Distro: Manjaro Linux base: Arch Linux 
Machine:
  Type: Laptop System: Acer product: Aspire A514-53 v: V1.16 serial: <filter> 
  Chassis: type: 10 serial: <filter> 
  Mobo: IL model: Sneezy_IL v: V1.16 serial: <filter> UEFI: Insyde v: 1.16 
  date: 01/18/2021 
Battery:
  ID-1: BAT0 charge: 32.8 Wh (100.0%) condition: 32.8/53.0 Wh (61.9%) 
  volts: 16.6 min: 15.4 model: PANASONIC KT004 AP19B5L type: Li-ion 
  serial: <filter> status: Full cycles: 386 
CPU:
  Info: Dual Core model: Intel Core i3-1005G1 bits: 64 type: MT MCP 
  arch: Ice Lake family: 6 model-id: 7E (126) stepping: 5 microcode: A6 cache: 
  L2: 4 MiB 
  flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx 
  bogomips: 9524 
  Speed: 3396 MHz min/max: 400/3400 MHz Core speeds (MHz): 1: 3396 2: 3395 
  3: 3390 4: 3333 
  Vulnerabilities: Type: itlb_multihit status: KVM: VMX disabled 
  Type: l1tf status: Not affected 
  Type: mds status: Not affected 
  Type: meltdown status: Not affected 
  Type: spec_store_bypass 
  mitigation: Speculative Store Bypass disabled via prctl and seccomp 
  Type: spectre_v1 
  mitigation: usercopy/swapgs barriers and __user pointer sanitization 
  Type: spectre_v2 mitigation: Enhanced IBRS, IBPB: conditional, RSB filling 
  Type: srbds status: Not affected 
  Type: tsx_async_abort status: Not affected 
Graphics:
  Device-1: Intel Iris Plus Graphics G1 vendor: Acer Incorporated ALI 
  driver: i915 v: kernel bus-ID: 00:02.0 chip-ID: 8086:8a56 class-ID: 0300 
  Device-2: Chicony HD User Facing type: USB driver: uvcvideo bus-ID: 1-6:3 
  chip-ID: 04f2:b64f class-ID: 0e02 serial: <filter> 
  Display: x11 server: X.Org 1.20.13 compositor: kwin_x11 driver: 
  loaded: modesetting alternate: fbdev,vesa display-ID: :0 screens: 1 
  Screen-1: 0 s-res: 1366x768 s-dpi: 96 s-size: 361x203mm (14.2x8.0") 
  s-diag: 414mm (16.3") 
  Monitor-1: eDP-1 res: 1366x768 hz: 60 dpi: 112 size: 309x173mm (12.2x6.8") 
  diag: 354mm (13.9") 
  OpenGL: renderer: Mesa Intel UHD Graphics (ICL GT1) v: 4.6 Mesa 21.2.3 
  direct render: Yes 
Audio:
  Device-1: Intel Ice Lake-LP Smart Sound Audio vendor: Acer Incorporated ALI 
  driver: snd_hda_intel v: kernel alternate: snd_sof_pci_intel_icl 
  bus-ID: 00:1f.3 chip-ID: 8086:34c8 class-ID: 0401 
  Device-2: C-Media USB PnP Sound Device type: USB 
  driver: hid-generic,snd-usb-audio,usbhid bus-ID: 1-4:5 chip-ID: 0d8c:013a 
  class-ID: 0300 
  Sound Server-1: ALSA v: k5.14.10-1-MANJARO running: yes 
  Sound Server-2: sndio v: N/A running: no 
  Sound Server-3: JACK v: 1.9.19 running: no 
  Sound Server-4: PulseAudio v: 15.0 running: yes 
  Sound Server-5: PipeWire v: 0.3.38 running: yes 
Network:
  Device-1: Intel Ice Lake-LP PCH CNVi WiFi driver: iwlwifi v: kernel 
  port: 4000 bus-ID: 00:14.3 chip-ID: 8086:34f0 class-ID: 0280 
  IF: wlp0s20f3 state: up mac: <filter> 
  Device-2: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet 
  vendor: Acer Incorporated ALI driver: r8169 v: kernel port: 3000 
  bus-ID: 01:00.0 chip-ID: 10ec:8168 class-ID: 0200 
  IF: enp1s0 state: down mac: <filter> 
  IF-ID-1: br-51f3ddb93098 state: up speed: 10000 Mbps duplex: unknown 
  mac: <filter> 
  IF-ID-2: docker0 state: up speed: 10000 Mbps duplex: unknown mac: <filter> 
  IF-ID-3: ipv6leakintrf0 state: unknown speed: N/A duplex: N/A mac: <filter> 
  IF-ID-4: proton0 state: unknown speed: 10 Mbps duplex: full mac: N/A 
  IF-ID-5: veth53c2f52 state: up speed: 10000 Mbps duplex: full mac: <filter> 
  IF-ID-6: vethaafb2fb state: up speed: 10000 Mbps duplex: full mac: <filter> 
Bluetooth:
  Device-1: Intel AX201 Bluetooth type: USB driver: btusb v: 0.8 
  bus-ID: 1-10:4 chip-ID: 8087:0026 class-ID: e001 
  Report: rfkill ID: hci0 rfk-id: 1 state: down bt-service: N/A rfk-block: 
  hardware: no software: yes address: see --recommends 
RAID:
  Hardware-1: Intel 82801 Mobile SATA Controller [RAID mode] driver: ahci 
  v: 3.0 port: 4060 bus-ID: 00:17.0 chip-ID: 8086.282a rev: 30 class-ID: 0104 
  Device-1: md126 maj-min: 9:126 type: mdraid level: N/A status: inactive 
  size: N/A 
  Info: report: N/A blocks: 2136 chunk-size: N/A 
  Components: Online: N/A Spare: 
  0: nvme0n1 maj-min: 259:0 size: 476.94 GiB state: S 
  Device-2: md127 maj-min: 9:127 type: mdraid level: N/A status: inactive 
  size: N/A 
  Info: report: N/A blocks: 2944 chunk-size: N/A 
  Components: Online: N/A Spare: 
  0: nvme1n1 maj-min: 259:5 size: 27.25 GiB state: S 
Drives:
  Local Storage: total: 1.4 TiB used: 236.11 GiB (16.4%) 
  SMART Message: Unable to run smartctl. Root privileges required. 
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Intel model: HBRPEKNX0202A 
  size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 15.8 Gb/s 
  lanes: 2 type: SSD serial: <filter> rev: G002 temp: 27.9 C 
  ID-2: /dev/nvme1n1 maj-min: 259:5 vendor: Intel model: HBRPEKNX0202AO 
  size: 27.25 GiB block-size: physical: 512 B logical: 512 B speed: 15.8 Gb/s 
  lanes: 2 type: SSD serial: <filter> rev: K5110440 temp: 33.9 C 
  ID-3: /dev/sda maj-min: 8:0 vendor: Seagate model: ST1000LM048-2E7172 
  size: 931.51 GiB block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s 
  type: HDD rpm: 5400 serial: <filter> rev: 0001 scheme: MBR 
Partition:
  ID-1: / raw-size: 200 GiB size: 195.86 GiB (97.93%) used: 144.21 GiB (73.6%) 
  fs: ext4 dev: /dev/sda2 maj-min: 8:2 
  ID-2: /boot/efi raw-size: 512 MiB size: 511 MiB (99.80%) 
  used: 308 KiB (0.1%) fs: vfat dev: /dev/sda4 maj-min: 8:4 
Swap:
  Kernel: swappiness: 60 (default) cache-pressure: 100 (default) 
  ID-1: swap-1 type: partition size: 8 GiB used: 600.9 MiB (7.3%) priority: -2 
  dev: /dev/sda3 maj-min: 8:3 
Sensors:
  System Temperatures: cpu: 67.0 C mobo: N/A 
  Fan Speeds (RPM): N/A 
Info:
  Processes: 290 Uptime: 3h 53m wakeups: 1 Memory: 7.45 GiB 
  used: 6.46 GiB (86.7%) Init: systemd v: 249 tool: systemctl Compilers: 
  gcc: 11.1.0 clang: 12.0.1 Packages: apt: 0 pacman: 1592 lib: 435 flatpak: 0 
  Shell: Zsh v: 5.8 running-in: konsole inxi: 3.3.06

Actual Behaviour:

Can't ping google.com, youtube.com no nothing

Debug Token:

https://tricorder.pi-hole.net/IlAsxWJ2/

Additional Info:

nano /etc/resolv.conf

# Generated by NetworkManager
nameserver 127.0.2.15
nameserver 10.37.0.1

with this, I can surf the internet, but I want to remove 10.37.0.1 because it's tampering with piholes' adblock and blacklist (for example, pornhub is in the blacklist and when I try to open it, the logs show 08:06:31: gravity blocked www.pornhub.com is 0.0.0.0 08:06:31: query[AAAA] www.pornhub.com from 172.18.0.1 08:06:31: gravity blocked www.pornhub.com is :: but it still loads probably because of 10.37.0.1). However, when I remove 10.37.0.1

nano /etc/resolv.conf

# Generated by NetworkManager
nameserver 127.0.2.15
# nameserver 10.37.0.1

it shows me this

ping google.com
ping: google.com: Name or service not known

I have to use a DNS other than Pihole's to work

Bucking_Horn · October 11, 2021, 3:28pm

Is that a resolv.conf from one of your clients?
If so, that client would not be using Pi-hole at all, unless whatever resolver resides at 127.0.2.15 would have been configured to use Pi-hole as its only upstream DNS server.

If that resolv.conf is from the server hosting your Pi-hole instead, it wouldn't be relevant for client DNS operation. It will only configure what that server is using for its DNS requests. If you would want that server to use Pi-hole for DNS, you'd have to configure it accordingly.
Also note that NetworkManager would potentially interfere with Pi-hole's operation, as it may claim port 53/DNS for its own resolver(s).
You'd have to deal with any such port conflicts in order for Pi-hole to be operational.

Soumitsu · October 11, 2021, 5:17pm

127.0.2.15 is the DNS that I gave to pihole for me to connect to

What should I do?

Bucking_Horn · October 11, 2021, 5:20pm

That is a screenshot of the upstream DNS servers you've configured your Pi-hole to use.

It doesn't answer my question:

Soumitsu · October 11, 2021, 5:23pm

Yes it is.

Bucking_Horn · October 11, 2021, 5:26pm

Then by that resolv.conf, that client is not using Pi-hole for DNS.

Soumitsu · October 11, 2021, 5:28pm

What should I do so that this client will use Pi-Hole as DNS?

Bucking_Horn · October 11, 2021, 5:31pm

Check the configuration of whatever DNS server is sitting on 127.0.2.15 on that client machine, and verify whether that would include Pi-hole somewhere in its upstream DNS resolution.

Regarding your Pi-hole's upstream DNS servers:
What DNS servers are running at 10.35.0.1 and 127.0.2.15?

Note that localhost (i.e. same machine) DNS servers are often proxies (like cloudflared) or recursive resolvers (like unbound), which commonly would require to be Pi-hole's sole upstream DNS server.

Soumitsu · October 11, 2021, 5:47pm

127.0.2.15 -> Pi-Hole's Custom 2 (IPv4)
10.35.0.1 -> ProtonVPN's DNS I guess? (I found it on nano /etc/resolv.conf so i just assumed it's the DNS server ProtonVPN was using)
`

Bucking_Horn · October 11, 2021, 5:49pm

The answer to that would depend on the DNS server listening on that machine's localhost address, and any tools that can be used to configure it.

Since you are new to Linux, it may be worth pointing out that any address from the special 127.0.0.0/8 range points to a machine itself, i.e. 127.0.0.1 on a WIndows PC is that Windows PC, and 127.0.0.1 on your Linux laptop is that laptop.

So if there is no other DNS server listening on your Pi-hole host machine's 127.0.2.15, then you may have pointed Pi-hole to itself (creating a DNS loop) or to nowhere, both of which would result in time-outs.

Soumitsu · October 12, 2021, 12:36pm

So how can I not make Pi-Hole point to itself? Should I create another name server? or is nameserver wrong?

Bucking_Horn · October 12, 2021, 3:16pm

As explained, configuring 127.0.2.15 or 10.35.0.1 as custom upstream DNS servers in Pi-hole would only make sense if there would be another DNS resolver (other than Pi-hole) listening on those private addresses.

For a start, you could remove both 127.0.2.15 and 10.35.0.1 as Pi-hole's custom upstream DNS servers and tick one of the regular Upstream DNS Servers.

system · November 2, 2021, 3:16pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.