Common issue

General
1

Hi all,
I have been struggling to do things with pihole and have tried many setups and keep hitting brick walls.
Not only with pihole but with many other linux setups.

Every time I find a "what sounds like a" good tutorial for doing anything it fails to work for me despite following step-by-step instructions.
It's so frustrating that its no wander that no one wants to use linux instead of the dreaded windows.
"Follow these instructions and everything will work perfectly!"
but never "If it fails follow these steps to diagnose and fix the issue."

I followed several different tutorials for Docker pihole setup.
I can log into the web page for pihole with no problems.
However despite having over 5M on my blocklist (now 800k for who knows what reason 5M disappeared). barely anything is being blocked.
I get a repeated alert message "Ignoring query from non-local network" and when I look on https://docs.pi-hole.net/ftldns/dnsmasq_warn/ there is no information on how to fix it :sob:
A work colleague advised me to run:

nslookup google.com 192.168.1.6

to see if the pihole is resolving things but all I receive is:

nslookup google.com 192.168.1.6
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.6

DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

I checked my router and it is directing DNS lookup to my pihole ip address.
I used the startup script from the github pihole site

#!/bin/bash

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

docker run -d \
        --name pihole \
        -e TZ=Australia/Darwin \
        -e WEBPASSWORD=*IPutMyPasswordHere* \
        -e SERVERIP=192.168.1.6 \
        -v pihole:/etc/pihole \
        -v dnsmasq:/etc/dnsmasq.d \
        -p 80:80 \
        -p 443:443 \
        -p 8080:8080 \
        -p 53:53/tcp \
        -p 53:53/udp \
        --restart=unless-stopped \
        pihole/pihole

printf 'Starting up pihole container '
for i in $(seq 1 20); do
    if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
        printf ' OK'
        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/"
        exit 0
    else
        sleep 3
        printf '.'
    fi

    if [ $i -eq 20 ] ; then
        echo -e "\nTimed out waiting for Pi-hole start, consult check your container logs for more info (\`docker lo>        exit 1
    fi
done;

Originally I just had pihole installed directly on my RPi2B but it required an update and I had a lot of other bloat and decided to do a clean install of Raspian lite 32bit. Afterwards I was no longer able to add blocklists and broke the install by adding them incorrectly.
So I reformatted the SD again and started again because there is no way to easily remove 1.5M broken blocklists.

This time I thought "Ok lets give Docker a go, that way if I break it instead of reformatting the SD card I can delete the Docker container and start again. Now Docker version is just as bad and more complicated and still doesn't work.

Can someone please help me to get this working?

2

And why, when I add a domain to the blacklist as a Domain does it convert it to a Regex entry and change the address to

|`(\.|^)https://adclick\.g\.doubleclick\.net$`||EnabledDisabled||
3

https://adclick.g.doubleclick.net is not a domain - that's a URL, and Pi-hole will refuse to add this to its blacklist due to illegal characters, unless you explicitly instruct it to add it as a regex.

As you don't seem familiar with Docker, you probably should consider to go back to a bare metal installation. Using Docker adds another layer of abstraction and additional configuration options, and thus more ways to get it wrong.

From what machine did you issue that lookup?

Also, I don't know what machine is sitting at 192.168.1.6 in your network.

If there would be no DNS server running at that IP address, then the output would be expected.

If 192.168.1.6 is your machine hosting your Docker Pi-hole, then DNS requests do not even make it to Pi-hole.

There could be several reasons for that, e.g. a firewall on your Docker Pi-hole machine or on the client that ran the lookup, or a router isolating a client on its guest network or VLAN from the network that your Docker Pi-hole machine runs on, or you may have configured a DNS loop of sorts, or...

Also, providing a debug token as asked for by the topic template may help us to help you.

To do so, please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

4

Thank you for the prompt reply.

I wanted to learn Docker and thought this would be a great way to learn and hopefully fix my pihole issues.

If pihole is meant to be what it is then how come no one mentions in any tutorial about this DNS issue that you mention. Seems like a very important bit of information to mention.

I issued that from my windoz computer directly connected to the same network and my RPi2B's ip address is the 192.168.1.6

My debug token is: https://tricorder.pi-hole.net/X8EhjY11/
My apologies for not providing that before.

7

There is no such DNS issue. You probably misread my explanations.

I absolutely have zero knowledge about your network details, apart from what you are sharing (which was a bit sparse at that time, missing a debug token in particular).

I just pointed out that I cannot know whether the machine at 192.168.1.6 in your network (which got asked to resolve google.com) would actually be running a DNS server or not. Hence, my assessment of your nslookup output tried to cover both possibilities.

Your debug log shows that Pi-hole's IPv4 is fully operational:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] www.wwwustraveldocs.com is 0.0.0.0 on lo (127.0.0.1)
[✓] www.wwwustraveldocs.com is 0.0.0.0 on eth0 (172.17.0.2)
[✓] doubleclick.com is 142.250.70.142 via a remote, public DNS server (8.8.8.8)

But as you are running in Docker, that statement may be limited to Docker's internal network only (as Docker may isolate containers into separate subnets).

For the same reason, the debug log fails to produce direct insights into your DHCP server:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   DHCP packets received on interface eth0: 0
   DHCP packets received on interface lo: 0

However, your resolv.conf suggests that your DHCP server would distribute its own IP as DNS server in addition to Pi-hole:

*** [ DIAGNOSING ]: contents of /etc

-rw-rw-r-- 1 root 1000 84 May 31 18:42 /etc/resolv.conf
   nameserver 192.168.1.6
   nameserver 192.168.1.1

Your DHCP clients will thus be able to by-pass Pi-hole via your router's 192.168.1.1, which explains both your nslookup results as well as your observation:

To address this, you have to fix your router configuration:
Pi-hole has to be the sole DNS server for your clients.

You'd have to consult your router's documentation and support for details on how to achieve this.

If you'd stick with Docker (and with your current Docker network mode), you should consider to supply FTLCONF_REPLY_ADDR4, with the actual IP address of your Pi-hole host system (and you may also want to switch Pi-hole's Interface settings to Permit all origins).

8

Router --> Rpi2B with reserved ip address.
Router already configured with 192.168.1.6 as the strict DNS server.
I used the Run Script from the Docker-Pi-Hole page. I edited my location to Australia/Darwin and the server ip to the 192.168.1.6

Initially I followed this tutorial
Then I watched NetworkChuck's but I didn't use his
thenetworkchuck/networkchuck_pihole
I used pihole/pihole:latest I obviously couldn't follow NC's exactly because he was remotely hosting it.

9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.