Comp missing from top client list (total)


#1

Expected Behaviour:

PiHole should log all comps on network

Actual Behaviour:

Doesn’t log for one of computers witch is mine “Linux Mint 18.3”
It logs my wife comp :smile:, orangepizero and localhost. There is no my comp
link in client list

Debug Token:

e2qqvusmw6


#2

On the client that isn’t showing in the Pi-Hole logs, please run the following command (substitute nslookup for dig if your client doesn’t support dig):

dig pi.hole

Then on the Pi-Hole host terminal, run the following command substituting the IP address of the missing client where the “zzz” appears:

sudo grep zzz /var/log/pihole.log


#3

Thanks for helping so fast

dig pi hole

; <<>> DiG 9.10.3-P4-Ubuntu <<>> pi.hole
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60356
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi.hole.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2018120301 1800 900 604800 86400

;; Query time: 34 msec
;; SERVER: 127.0.2.1#53(127.0.2.1)
;; WHEN: Mon Dec 03 17:16:55 CET 2018
;; MSG SIZE  rcvd: 111

Second command doesn’t show, but I open nano an here is content

Dec  3 15:17:10 dnsmasq[1161]: started, version pi-hole-2.79 cachesize 10000
Dec  3 15:17:10 dnsmasq[1161]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ip$
Dec  3 15:17:10 dnsmasq[1161]: warning: failed to change owner of /var/log/pihole.log: Operation not permitted
Dec  3 15:17:10 dnsmasq[1161]: using nameserver 1.0.0.1#53
Dec  3 15:17:10 dnsmasq[1161]: using nameserver 1.1.1.1#53
Dec  3 15:17:10 dnsmasq[1161]: read /etc/hosts - 6 addresses
Dec  3 15:17:10 dnsmasq[1161]: read /etc/pihole/local.list - 2 addresses
Dec  3 15:17:10 dnsmasq[1161]: failed to load names from /etc/pihole/black.list: No such file or directory
Dec  3 15:17:12 dnsmasq[1161]: read /etc/pihole/gravity.list - 275338 addresses
Dec  3 16:14:57 dnsmasq[1161]: 1 127.0.0.1/47822 query[A] view.atdmt.com.35626.9169.302br.net from 127.0.0.1
Dec  3 16:14:57 dnsmasq[1161]: 1 127.0.0.1/47822 /etc/pihole/gravity.list view.atdmt.com.35626.9169.302br.net is 0.0.0.0
Dec  3 16:14:57 dnsmasq[1161]: 2 192.168.5.113/37014 query[A] view.atdmt.com.35626.9169.302br.net from 192.168.5.113
Dec  3 16:14:57 dnsmasq[1161]: 2 192.168.5.113/37014 /etc/pihole/gravity.list view.atdmt.com.35626.9169.302br.net is 0.0.0.0

#4

Since the client can’t lookup the pi.hole name, the client is apparently not using Pi-Hole as its DNS. Carefully check the DNS settings on that client.


#5

I found that lighttpd stops working. After restarting as in this tread


content of pi hole log is different.

Dec  3 15:17:10 dnsmasq[1161]: started, version pi-hole-2.79 cachesize 10000
Dec  3 15:17:10 dnsmasq[1161]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ip$
Dec  3 15:17:10 dnsmasq[1161]: warning: failed to change owner of /var/log/pihole.log: Operation not permitted
Dec  3 15:17:10 dnsmasq[1161]: using nameserver 1.0.0.1#53
Dec  3 15:17:10 dnsmasq[1161]: using nameserver 1.1.1.1#53
Dec  3 15:17:10 dnsmasq[1161]: read /etc/hosts - 6 addresses
Dec  3 15:17:10 dnsmasq[1161]: read /etc/pihole/local.list - 2 addresses
Dec  3 15:17:10 dnsmasq[1161]: failed to load names from /etc/pihole/black.list: No such file or directory
Dec  3 15:17:12 dnsmasq[1161]: read /etc/pihole/gravity.list - 275338 addresses
Dec  3 16:14:57 dnsmasq[1161]: 1 127.0.0.1/47822 query[A] view.atdmt.com.35626.9169.302br.net from 127.0.0.1
Dec  3 16:14:57 dnsmasq[1161]: 1 127.0.0.1/47822 /etc/pihole/gravity.list view.atdmt.com.35626.9169.302br.net is 0.0.0.0
Dec  3 16:14:57 dnsmasq[1161]: 2 192.168.5.113/37014 query[A] view.atdmt.com.35626.9169.302br.net from 192.168.5.113
Dec  3 16:14:57 dnsmasq[1161]: 2 192.168.5.113/37014 /etc/pihole/gravity.list view.atdmt.com.35626.9169.302br.net is 0.0.0.0
Dec  3 16:26:51 dnsmasq[1161]: 3 192.168.5.50/51153 query[A] client.dropbox.com from 192.168.5.50
Dec  3 16:26:51 dnsmasq[1161]: 3 192.168.5.50/51153 forwarded client.dropbox.com to 1.0.0.1
Dec  3 16:26:51 dnsmasq[1161]: 3 192.168.5.50/51153 forwarded client.dropbox.com to 1.1.1.1
Dec  3 16:26:51 dnsmasq[1161]: 3 192.168.5.50/51153 reply client.dropbox.com is <CNAME>
Dec  3 16:26:51 dnsmasq[1161]: 3 192.168.5.50/51153 reply client.dropbox-dns.com is 162.125.69.3
Dec  3 16:26:53 dnsmasq[1161]: 4 192.168.5.50/52332 query[A] api.dropboxapi.com from 192.168.5.50
Dec  3 16:26:53 dnsmasq[1161]: 4 192.168.5.50/52332 forwarded api.dropboxapi.com to 1.0.0.1
Dec  3 16:26:53 dnsmasq[1161]: 4 192.168.5.50/52332 reply api.dropboxapi.com is <CNAME>
Dec  3 16:26:53 dnsmasq[1161]: 4 192.168.5.50/52332 reply api.dropbox-dns.com is 162.125.69.7
Dec  3 16:27:57 dnsmasq[1161]: 5 192.168.5.50/54713 query[A] d.dropbox.com from 192.168.5.50
Dec  3 16:27:57 dnsmasq[1161]: 5 192.168.5.50/54713 forwarded d.dropbox.com to 1.0.0.1
Dec  3 16:27:57 dnsmasq[1161]: 5 192.168.5.50/54713 reply d.dropbox.com is <CNAME>
Dec  3 16:27:57 dnsmasq[1161]: 5 192.168.5.50/54713 reply d.v.dropbox.com is <CNAME>
Dec  3 16:27:57 dnsmasq[1161]: 5 192.168.5.50/54713 reply d-sjc.v.dropbox.com is 162.125.32.135
Dec  3 16:38:45 dnsmasq[1161]: 6 192.168.5.50/51794 query[A] client.dropbox.com from 192.168.5.50
Dec  3 16:38:45 dnsmasq[1161]: 6 192.168.5.50/51794 forwarded client.dropbox.com to 1.0.0.1
Dec  3 16:38:45 dnsmasq[1161]: 6 192.168.5.50/51794 forwarded client.dropbox.com to 1.1.1.1
Dec  3 16:38:45 dnsmasq[1161]: 6 192.168.5.50/51794 reply client.dropbox.com is <CNAME>
Dec  3 16:38:45 dnsmasq[1161]: 6 192.168.5.50/51794 reply client.dropbox-dns.com is 162.125.69.3
Dec  3 16:38:45 dnsmasq[1161]: 7 192.168.5.50/55901 query[A] block-edge-anycast.dropbox.com from 192.168.5.50
Dec  3 16:38:45 dnsmasq[1161]: 7 192.168.5.50/55901 forwarded block-edge-anycast.dropbox.com to 1.0.0.1
Dec  3 16:38:45 dnsmasq[1161]: 8 192.168.5.50/51519 query[A] dl-debug.dropbox.com from 192.168.5.50

#6

Please can an you point where you see that I don’t us Pihole for DNS?
Thanks


#7

The client can’t resolve “pi.hole” and this address is mapped by the Pi-Hole working as DNS server. If you test this from another connected client, do you get the IP address of the Pi-Hole?

What is the IP address of the missing client?


#8

192.168.5.10 is my comp (client) which is missing.
192.168.5.113 is Orange PI zero address
192.168.5.50 is my wife comp
192.168.5.55 should be pi.hole


#9

The Pi-Hole appears to be using the 113 address as well. From your debug log:

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
   192.168.5.113/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
   192.168.5.55/24 matches the IP found in /etc/pihole/setupVars.con

What physical or virtual platform is hosting the Pi-Hole software?


#10

Orange Pi zero
Armbian_5.65_Orangepizero_Ubuntu_bionic_next_4.14.78

I changed IP address from original Armbian to different, to not be confused which is which. I have a crash of pi.hole and still don’t know the reason.


#11

The Pi-Hole should be listening on the assigned IP address of the ethernet port (which appears to be the active connection).

Ensure that the IP address assigned to the Zero is static or reserved at the router. Then run pihole -r and select reconfigure; then select the assigned IP address when asked.


#12

I know that, now pi.hole have static address and in router is reserved for pi.hole.
It was always the case, static and reserved.
Now is this

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
192.169.5.55/24 does not match the IP found in /etc/pihole/setupVars.conf (Use IPv6 ULA addresses for Pi-hole)
192.168.5.55/24 matches the IP found in /etc/pihole/setupVars.conf


#13

There may be an error in the first IP address. The rest of your network is on 192.168.xxx and that address is 192.169.xxx.


#14

Do you know how to change that typo?


#15

Confirm the IP configuration on the Pi with ip addr

You can look in /etc/pihole/setupVars.conf and see if that line appears. If so, delete it.


#16

No its not there only this
IPV4_ADDRESS=192.168.5.55/24
Thanks man for your patience with newbie like me,


#17

Let’s look for the missing client.

On the terminal on the Pi, run this command to live tail the pihole.log, and leave the window open:

tail -f /var/log/pihole.log

Then, on the missing client, open a browser and open www.cnn.com. This should result in a burst of activity in the pihole log from that client, starting with some cnn domains.


#18

No there is no activity. just 15 lines of text

Dec 3 20:53:49 dnsmasq[1216]: 2341 192.168.5.50/53658 reply block-debug.x.dropbox.com is 52.6.78.241
Dec 3 20:53:49 dnsmasq[1216]: 2341 192.168.5.50/53658 reply block-debug.x.dropbox.com is 52.7.182.237
Dec 3 20:53:49 dnsmasq[1216]: 2341 192.168.5.50/53658 reply block-debug.x.dropbox.com is 52.21.155.87
Dec 3 20:53:49 dnsmasq[1216]: 2341 192.168.5.50/53658 reply block-debug.x.dropbox.com is 52.73.220.123
Dec 3 21:09:10 dnsmasq[1216]: 2342 192.168.5.50/53300 query[A] d.dropbox.com from 192.168.5.50
Dec 3 21:09:10 dnsmasq[1216]: 2342 192.168.5.50/53300 forwarded d.dropbox.com to 1.0.0.1
Dec 3 21:09:10 dnsmasq[1216]: 2342 192.168.5.50/53300 forwarded d.dropbox.com to 1.1.1.1
Dec 3 21:09:10 dnsmasq[1216]: 2342 192.168.5.50/53300 reply d.dropbox.com is
Dec 3 21:09:10 dnsmasq[1216]: 2342 192.168.5.50/53300 reply d.v.dropbox.com is
Dec 3 21:09:10 dnsmasq[1216]: 2342 192.168.5.50/53300 reply d-sjc.v.dropbox.com is 162.125.34.137
Dec 3 21:21:43 dnsmasq[1216]: 2343 192.168.5.50/55052 query[A] bolt.dropbox.com from 192.168.5.50
Dec 3 21:21:43 dnsmasq[1216]: 2343 192.168.5.50/55052 forwarded bolt.dropbox.com to 1.0.0.1
Dec 3 21:21:43 dnsmasq[1216]: 2343 192.168.5.50/55052 forwarded bolt.dropbox.com to 1.1.1.1
Dec 3 21:21:43 dnsmasq[1216]: 2343 192.168.5.50/55052 reply bolt.dropbox.com is
Dec 3 21:21:43 dnsmasq[1216]: 2343 192.168.5.50/55052 reply bolt.v.dropbox.com is 162.125.18.133


#19

On the missing client (Linux based) open up a terminal window and see what nameserver it is using:

cat /etc/resolv.conf


#20

nameserver 127.0.2.1