Debian: Pihole working on localhost, but not rest of network

Help
1

Please follow the below template, it will help us to help you!

I bave installed PiHole, with very little/or no problems.

I have added port 53 and 801(webinterface) to my ufw firewall (both upd and tcp)

I have changed my routers dhcp to provide users with piholes ip as dns server. But now all users dns lookups fail.

The lookups on localhost (pihole machine) works just fine.

Note I'm running the version with FTLDNS.

I really hope someone can help me :slight_smile:

Debug Token:

www67ntt7e

2

You most likely have the Pi-hole listening to one interface that does not match your current LAN settings.

Under Settings/DNS change the listening behavior and try to set it to either all interfaces (the one hop away) option or the permit all origins one.

image
image462Γ—190 4.11 KB

Make sure you don't expose port 53 to the outside from within your firewall though.

1 Like
3

55
552000Γ—1230 264 KB

Nope, should be fine.

4

Is it working on the clients now ?

5

Nope, no change.

This is my UFW firewall settings.

[18] 192.168.1.6 53/tcp ALLOW IN 192.168.1.0/24
[19] 192.168.1.6 53/udp ALLOW IN 192.168.1.0/24

6

Try the listen to all interfaces, permit all origins.

If not, see if your firewall is actually allowing 53:

7

Done and done - no luck. I have even tried to disable UFW, still no luck.

I have also tried what the slackexchange people are suggesting, but also no luck.

8

Can you bypass the Firewall (for testing purposes)?

Connect the Pi to the router and double check that the clients got the Pi-hole IP as their DNS server.

Also, change the setting on the DNS tab to listen to eth0 (if you are able to bypass the firewall).

9

I have this running on the same machine, that is also running Pi-hole - so kind of hard to sepperate :slight_smile:
However "sudo ufw disable" disables the firewall, and no change.

10

Let me see if I understood correctly:

  1. Pi-hole runs without any issue and local queries work (and they get blocked if a known ad domain is queried ?)
    what's the output of dig flurry.com
  2. your router is assigning the DNS parameter to the clients and it's set to push the pi-hole IP (are the clients getting that DNS setting?)
  3. the pi-hole is set to listen to eth0
11

  1. correct.

  2. correct and yes.

  3. yes

12

can you run:

nslookup flurry.com

on the Pi-hole device and on one of the clients?

14

Pihole machine:
nslookup flurry.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: flurry.com
Address: 192.168.1.6

local machine
dig flurry.com @192.168.1.6

; <<>> DiG 9.10.6 <<>> flurry.com @192.168.1.6
;; global options: +cmd
;; connection timed out; no servers could be reached

15

something is blocking inbound access to port 53

Try it again after adding this as a temporary line (for testing) on the pi-hole:

sudo iptables -A INPUT -p tcp --dport 53 --jump ACCEPT

16

Yeah, I think its a firewall issue as well. Still same result.

dig flurry.com @192.168.1.6

; <<>> DiG 9.10.6 <<>> flurry.com @192.168.1.6
;; global options: +cmd
;; connection timed out; no servers could be reached

17

what is the nslookup on the client look like?>

18

That is the client :slight_smile:

19

That’s a dig command. Wanted to see nslookup

20

oh, sorry!

nslookup flurry.com
;; connection timed out; no servers could be reached

21

55
551276Γ—532 52.4 KB

A port-scanning from my client ( OSX) shows that port 53 is open.

I really dont understand this.