Client can't use Pi-Hole DNS

phucnb · January 9, 2023, 2:22am

Just installed pi-hole on my ubuntu server for the first time, but when I manually change DNS in my computer to pi-hole IP then I couldn't use internet anymore.

Expected Behaviour:

Can ping from Pi-hole to Client using local dns domain.
Can use domain/ip in DNS records which already set up in Pihole.
Can use internet as normal

Actual Behaviour:

No internet access
Can ping to pihole IP
Can't use any domain in local dns

Debug Token:

https://tricorder.pi-hole.net/1DmwKbX6/

Bucking_Horn · January 9, 2023, 8:16am

Your debug log shows your main issue to be failing connectivity for both IPv4 and IPv6:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve  on lo (127.0.0.1)
[✗] Failed to resolve  on enp3s0 (10.0.0.250)
[✓] doubleclick.com is 142.251.32.78 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve  on lo (::1)
[✗] Failed to resolve  on enp3s0 (2607:<redacted>2d)
[✗] Failed to resolve  on enp3s0 (2607:<redacted>ed)
[✗] Failed to resolve  on enp3s0 (fe80::<redacted>)
[✓] doubleclick.com is 2607:f8b0:400b:804::200e via a remote, public DNS server (2001:4860:4860::8888)

This usually hints at port 53 not allowed to handle traffic on your host machine.

You should check your Pi-hole host machine's firewall configuration for Pi-hole's required ports.

I also noted that you seem to be using .local with your domains, e.g.:

-rw-r--r-- 1 root root 75 Jan  8 20:54 /etc/pihole/custom.list
   10.0.0.1 router.local

Note that .local is reserved for mDNS usage and should NOT be used with plain DNS.

Also, your router seems to advertise your ISP's IPv6 DNS servers and its own IPv6 address as DNS servers:

*** [ DIAGNOSING ]: contents of /etc

lrwxrwxrwx 1 root root 39 Aug  9 07:56 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
   nameserver 2607:f798:18:10:0:640:7125:5204
   nameserver 2607:f798:18:10:0:640:7125:5198
   nameserver 2607:<redacted>0b

You should check your router's IPv6 DNS configuration.

As your router is advertising alternative DNS resolvers (including its own IPv6 address) as DNS server, that allows your clients to by-pass Pi-hole.

You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server or to stop advertising its own.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether (unless you depend on it for reasons).

If your router doesn't support that either, your clients will always be able to bypass Pi-hole via IPv6.

phucnb · January 9, 2023, 11:20am

Thank you for your supporting!

After config the firewall ports, it works perfectly now.
Regarding the ipv6 DNS from router, I only need to use pihole's dns for a few devices but not all devices in my network.
Thank you again.

system · January 30, 2023, 11:20am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.