Need help / more details on this.
steps I used to configure this, using lighttpd:
Since we need to ensure pihole -up OR pihole -r doesn't undo the configuration, I looked at the lighttpd configuration file, it contains a line
# Add user chosen options held in external file
include_shell "cat external.conf 2>/dev/null"
so I created /etc/lighttpd/external.conf, containing:
$HTTP["host"] == "connectivitycheck.gstatic.com" {
server.document-root = "/var/vhosts/connectivitycheck.gstatic.com"
accesslog.filename = "/var/vhosts/connectivitycheck.gstatic.com.access.log"
}
I created the file index.php:
<?php header("HTTP/1.0 204 No Content"); ?>
in /var/vhosts/connectivitycheck.gstatic.com/generate_204
and also the file /var/vhosts/connectivitycheck.gstatic.com.access.log (chmod 666), this to view the results.
I modified /etc/hosts, entering both the IPv4 and IPv6 address (real IPv6 address masked...):
# Chromecast (Donβt) Phone Home
192.168.2.57 connectivitycheck.gstatic.com
2a02:1810:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx connectivitycheck.gstatic.com
After a lighttpd restart (sudo service lighttpd restart); I was able to browse (from my windows computer) to http://connectivitycheck.gstatic.com/generate_204/, the access log shows the following entry:
1537002921|connectivitycheck.gstatic.com|GET /generate_204/ HTTP/1.1|204|0
so this appears to be working, however:
- In my firewall, I ensured (NAT rule) all DNS requests (port 53) to 8.8.8.8 and 8.8.4.4 are redirected to my pihole, this to stop devices from using hardcoded google DNS. These rules have been there for a long time and appear to be working fine.
- With the new lighttpd response active, as soon as I power up the chromecast, I get a message: connected to wifi, but can't access the internet.
- I ran a capture on the firewall:
chromecast IPv4: 192.168.2.131
pihole IPv4: 192.168.2.57
chromecast tries to get info from 8.8.8.8 (google DNS):
27 10.153746 192.168.2.131 8.8.8.8 DNS 89 Standard query 0xda24 A connectivitycheck.gstatic.com
due to my firewall redirection, the answer comes from my pihole, but the chromecast doesn't know that:
28 10.154675 8.8.8.8 192.168.2.131 DNS 105 Standard query response 0xda24 A connectivitycheck.gstatic.com A 192.168.2.57
the chromecast now sends a request to 192.168.2.57 (the answer provided by pihole)
29 10.157209 192.168.2.131 192.168.2.57 TCP 74 49128 β 443 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=4294938425 TSecr=0 WS=64
but this request appears to go to port 443 (https), of course pihole, pihole can't answer https requests, since it doesn't have the certificate (this is the reason why pihole v4 moved to null blocking - mosts advertisements are served, using https)
The ultimate question(s):
- something wrong with my lighttpd configuration?
- in your environment, are the requests to
connectivitycheck.gstatic.comalso https requests (port 443)? - anything I missed or misconfigured?