Changing upstream server without GUI

ph0tonblast · April 7, 2021, 12:32pm

The issue I am facing:
I've installed Pi-Hole without GUI, however now I want to use unbound, hence change the upstream server of the Pi-Hole server. I've found articles about changing pihole.conf and dnsmasq.conf, however, after restarting the service (and even the server) I keep getting the originally-configured upstream server as lookup (when using dig)

Details about my system:
Latest pihole + FTL, no web, running Buster @ rpi4b

What I have changed since installing Pi-hole:
Nothing yet, that's the point

Thanks in advance!

yubiuser · April 7, 2021, 1:03pm

Use

pihole -a setdns IP

github.com

pi-hole/pi-hole/blob/cbfb58f7a283c2a3e7aad95a834a0287175ccb24/advanced/Scripts/webpage.sh#L744


}

main() {
    args=("$@")

    case "${args[1]}" in
        "-p" | "password"     ) SetWebPassword;;
        "-c" | "celsius"      ) unit="C"; SetTemperatureUnit;;
        "-f" | "fahrenheit"   ) unit="F"; SetTemperatureUnit;;
        "-k" | "kelvin"       ) unit="K"; SetTemperatureUnit;;
        "setdns"              ) SetDNSServers;;
        "setexcludedomains"   ) SetExcludeDomains;;
        "setexcludeclients"   ) SetExcludeClients;;
        "poweroff"            ) Poweroff;;
        "reboot"              ) Reboot;;
        "restartdns"          ) RestartDNS;;
        "setquerylog"         ) SetQueryLogOptions;;
        "enabledhcp"          ) EnableDHCP;;
        "disabledhcp"         ) DisableDHCP;;
        "layout"              ) SetWebUILayout;;
        "theme"               ) SetWebUITheme;;

ph0tonblast · April 7, 2021, 1:09pm

If I do that, I still get dig-lookups from the original DNS. Am I relying too much on dig? Should I restart dnsmaq or something else?

yubiuser · April 7, 2021, 1:14pm

Usually, Pi-hole is restarting the dnsmasq core automatically.

nanopi@nanopi:~$ pihole -a setdns 8.8.8.8
  [✓] Restarting DNS server
nanopi@nanopi:~$ pihole -a setdns 127.0.0.1#5335
  [✓] Restarting DNS server

You should not have dnsmasq installed alongside with Pi-hole.

To verify your setting see the output of

cat /var/log/pihole.log |grep nameserver

Probably. From what machine are you running the dig? Can you give an example?

ph0tonblast · April 7, 2021, 1:19pm

This gives...
Apr 7 15:07:57 dnsmasq[2658]: using nameserver 1.1.1.1#53
... which is good, since i used cloudflare as an alternative upstream DNS. So that seems to work.

As a matter of fact, dnsmasq isnt installed on my machine! Sorry bout that!
If I run dig from any of the LAN-machines, I get the pihole's IP as lookup server. If I use dig on the pihole itself, it gives the old (non-cloudflare) upstream dns:

Dig on google results in:

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Raspbian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60280
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4ee7eee6fa8218a2875ca42d606db13409f86a2bbb47191c (good)
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 161 IN A 142.250.179.206

;; AUTHORITY SECTION:
google.com. 164707 IN NS ns3.google.com.
google.com. 164707 IN NS ns2.google.com.
google.com. 164707 IN NS ns4.google.com.
google.com. 164707 IN NS ns1.google.com.

;; Query time: 12 msec
;; SERVER: 80.80.80.80#53(80.80.80.80)
;; WHEN: Wed Apr 07 15:18:44 CEST 2021
;; MSG SIZE rcvd: 155

80.80.80.80 is the old upstream DNS, even after using your setdns command. Am I being plain dumb right now?

yubiuser · April 7, 2021, 1:27pm

No, you just forgot that your rpi4b isn't using Pi-hole as DNS server. Your device hosting the Pi-hole software is using 80.80.80.80. Configuring an other DNS server than Pi-hole for the Pi-hole device is not a bad idea at all. In case it would send all DNS requests to Pi-hole and there would be a problem with the Pi-hole software you might not be able to reinstall Pi-hole as you would need a working internet connection (and DNS resolution) to do so.

In case you run Raspbian:
https://www.raspberrypi.org/forums/viewtopic.php?f=29&t=261266

ph0tonblast · April 7, 2021, 1:50pm

Makes sense! I've changed the nameserver in dhcpd.conf and after restarting the corresponding service, it works like a charm. For anyone wondering (for me it was nice to see) that this doesn't affect LAN-clients. So thanks for the great help!

jfb · April 7, 2021, 3:06pm

If you want to use unbound, why are you still providing an alternative upstream DNS resolver? Your upstream DNS traffic can go to either of these resolvers, which essentially defeats the purpose of installing unbound in the first place.

ph0tonblast · April 8, 2021, 6:09am

Heya,
You're absolutely right. It was merely a test to see if I was able to change my upstream DNS in the first place. I was feeling a bit unsure about it and turns out: I needed this topic to get some answers I will obviously change it to the unbound entry now.