A week ago I changed my internet packaged and I was sent a new gateway. Since that day my Pihole is not working as before.I do not see all my devices in the console and mostly I see the wired ones. It also appears that not much traffic is passing through the Pihole.
Any help/advice will be mush appreciated
Thank you
Expected Behaviour:
Expected to see devices with pihole DNS in the console but this is not happening anymore. I still see some of them in the console (wired ones mostly).
Actual Behaviour:
All devices with Pihole's DNS to show in the PiHole Console.
This happened after I changed my internet service and I received a new gateway. The Pihole is getting and IP address from the gateway. I ran the diagnostics however nothing seems out of order but at the end of the day my devices that previously connecting just fine stopped connecting.
Your DHCP server is not passing out the DNS of Pi-hole:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
Timeout: 10 seconds
* Received 311 bytes from enp0s3:192.168.0.1
Offered IP address: 192.168.0.191
Server IP address: 192.168.0.1
Relay-agent IP address: N/A
BOOTP server: (empty)
BOOTP file: (empty)
DHCP options:
Message type: DHCPOFFER (2)
server-identifier: 192.168.0.1
lease-time: Infinite
netmask: 255.255.255.0
broadcast: 192.168.0.255
router: 192.168.0.1
domain-name: "phub.net.cable.rogers.com"
dns-server: 64.71.255.204
dns-server: 64.71.255.198
--- end of options ---
DHCP packets received on interface enp0s3: 1
DHCP packets received on interface lo: 0
Your Pi-hole is at IP 192.168.0.162
From one of the clients with manual mapping that does not appear to be using Pi-hole for DNS, and from the terminal or command prompt on that client (not via ssh to the Pi), what are the complete outputs of the following:
These outputs are unusual. The IP is the IP of Pi-hole, but the answers are not what you would expect Pi-hole to provide.
Let's see if the queries are actually making it to Pi-hole. Live tail the pihole log with the following command, then re-run the last two commands from the Mac and see if the queries show up in the log tail:
Aug 17 10:12:47 dnsmasq[1712]: cached t5ak.rbxcdn.com is <CNAME>
Aug 17 10:12:47 dnsmasq[1712]: cached thumbnails.roblox.com.edgesuite.net is <CNAME>
Aug 17 10:12:47 dnsmasq[1712]: cached a1904.dscw27.akamai.net is 72.136.196.25
Aug 17 10:12:47 dnsmasq[1712]: cached a1904.dscw27.akamai.net is 72.136.196.49
Aug 17 10:12:48 dnsmasq[1712]: query[A] inventory.roblox.com from 192.168.0.41
Aug 17 10:12:48 dnsmasq[1712]: forwarded inventory.roblox.com to 1.1.1.1
Aug 17 10:12:48 dnsmasq[1712]: reply inventory.roblox.com is <CNAME>
Aug 17 10:12:48 dnsmasq[1712]: reply gold.roblox.com is <CNAME>
Aug 17 10:12:48 dnsmasq[1712]: reply us-central-bd1.roblox.com is 128.116.101.3
Aug 17 10:12:48 dnsmasq[1712]: query[A] groups.roblox.com from 192.168.0.41
Aug 17 10:12:48 dnsmasq[1712]: forwarded groups.roblox.com to 1.1.1.1
Aug 17 10:12:48 dnsmasq[1712]: reply groups.roblox.com is <CNAME>
Aug 17 10:12:48 dnsmasq[1712]: reply gold.roblox.com is <CNAME>
Aug 17 10:12:48 dnsmasq[1712]: reply us-central-bd1.roblox.com is 128.116.101.3
Aug 17 10:12:51 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:12:51 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:12:51 dnsmasq[1712]: query[A] functional.events.data.microsoft.com from 192.168.0.41
Aug 17 10:12:51 dnsmasq[1712]: gravity blocked functional.events.data.microsoft.com is 0.0.0.0
Aug 17 10:12:52 dnsmasq[1712]: query[A] tr.rbxcdn.com from 192.168.0.41
Aug 17 10:12:52 dnsmasq[1712]: cached tr.rbxcdn.com is <CNAME>
Aug 17 10:12:52 dnsmasq[1712]: cached trak.rbxcdn.com is <CNAME>
Aug 17 10:12:52 dnsmasq[1712]: cached tr.rbxcdn.com.edgesuite.net is <CNAME>
Aug 17 10:12:52 dnsmasq[1712]: cached a1831.dscd.akamai.net is 209.148.171.73
Aug 17 10:12:52 dnsmasq[1712]: cached a1831.dscd.akamai.net is 209.148.171.48
Aug 17 10:12:58 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:12:58 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:13:03 dnsmasq[1712]: query[A] metrics.roblox.com from 192.168.0.41
Aug 17 10:13:03 dnsmasq[1712]: gravity blocked metrics.roblox.com is 0.0.0.0
Aug 17 10:13:03 dnsmasq[1712]: query[A] ecsv2.roblox.com from 192.168.0.41
Aug 17 10:13:03 dnsmasq[1712]: cached ecsv2.roblox.com is <CNAME>
Aug 17 10:13:03 dnsmasq[1712]: cached titanium.roblox.com is <CNAME>
Aug 17 10:13:03 dnsmasq[1712]: cached us-central-bd2.roblox.com is 128.116.114.4
Aug 17 10:13:03 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:13:03 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:13:08 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:13:08 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:13:11 dnsmasq[1712]: query[A] datarouter.ol.epicgames.com from 192.168.0.41
Aug 17 10:13:11 dnsmasq[1712]: forwarded datarouter.ol.epicgames.com to 1.1.1.1
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter.ol.epicgames.com is <CNAME>
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 34.237.15.242
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 54.165.254.65
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 3.219.176.250
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 34.192.239.34
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 44.194.144.204
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 52.73.215.62
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 3.230.133.215
Aug 17 10:13:11 dnsmasq[1712]: reply datarouter-weighted.ol.epicgames.com is 3.219.202.0
Aug 17 10:13:14 dnsmasq[1712]: query[A] metrics.roblox.com from 192.168.0.41
Aug 17 10:13:14 dnsmasq[1712]: gravity blocked metrics.roblox.com is 0.0.0.0
Aug 17 10:13:15 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:13:15 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:13:22 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:13:22 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:13:26 dnsmasq[1712]: query[A] metrics.roblox.com from 192.168.0.41
Aug 17 10:13:26 dnsmasq[1712]: gravity blocked metrics.roblox.com is 0.0.0.0
Aug 17 10:13:30 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:13:30 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:13:32 dnsmasq[1712]: query[A] catalog.gamepass.com from 192.168.0.41
Aug 17 10:13:32 dnsmasq[1712]: cached catalog.gamepass.com is <CNAME>
Aug 17 10:13:32 dnsmasq[1712]: cached catalog.gamepass.com.edgesuite.net is <CNAME>
Aug 17 10:13:32 dnsmasq[1712]: forwarded catalog.gamepass.com to 1.1.1.1
Aug 17 10:13:32 dnsmasq[1712]: reply catalog.gamepass.com is <CNAME>
Aug 17 10:13:32 dnsmasq[1712]: reply catalog.gamepass.com.edgesuite.net is <CNAME>
Aug 17 10:13:32 dnsmasq[1712]: reply a1992.dscd.akamai.net is 209.148.171.35
Aug 17 10:13:32 dnsmasq[1712]: reply a1992.dscd.akamai.net is 209.148.171.33
Aug 17 10:13:36 dnsmasq[1712]: query[A] browser.pipe.aria.microsoft.com from 192.168.0.41
Aug 17 10:13:36 dnsmasq[1712]: gravity blocked browser.pipe.aria.microsoft.com is 0.0.0.0
Aug 17 10:13:36 dnsmasq[1712]: query[A] self.events.data.microsoft.com from 192.168.0.41
Aug 17 10:13:36 dnsmasq[1712]: gravity blocked self.events.data.microsoft.com is 0.0.0.0
Aug 17 10:13:38 dnsmasq[1712]: query[A] crls.pki.goog from 192.168.0.41
Aug 17 10:13:38 dnsmasq[1712]: forwarded crls.pki.goog to 1.1.1.1
Aug 17 10:13:38 dnsmasq[1712]: reply crls.pki.goog is <CNAME>
Aug 17 10:13:38 dnsmasq[1712]: reply www3.l.google.com is 142.251.41.78
The only requests come from 192.168.0.41 however nothing from my other pihole enabled devices
There must be another device on your network with the same IP as your Pi-hole. The queries from the Mac were answered from the IP of Pi-hole, but Pi-hole itself has no record of the queries.
Check if you router has got below or similar feature:
If so, you should exempt the Pi-hole host from this filter.
You can check with below replacing 10.0.0.4 below with your own Pi-hole IP.
EDIT: Ow forgot to mention, run it from a client Windows, MacOS or Linux in a command prompt!
Thats not pihole-FTL but bare dnsmasq instead!
What does below one show?
pi@ph5b:~ $ sudo ss -nltup sport = 53
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=27353,fd=4))
udp UNCONN 0 0 *:53 *:* users:(("pihole-FTL",pid=27353,fd=6))
tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=27353,fd=5))
tcp LISTEN 0 32 [::]:53 [::]:* users:(("pihole-FTL",pid=27353,fd=7))
And below?
systemctl status dnsmasq.service
If dnsmasq is active and running, you can try to disable it with below:
sudo systemctl disable --now dnsmasq.service
And restart the pihole-FTL daemon with below:
sudo systemctl restart pihole-FTL
And check again with the ss command and also nslookup on the client.
Plus below one:
pi@ph5b:~ $ pihole status
[โ] FTL is listening on port 53
[โ] UDP (IPv4)
[โ] TCP (IPv4)
[โ] UDP (IPv6)
[โ] TCP (IPv6)
[โ] Pi-hole blocking is enabled
EDIT: Ow I just realized that your router might also be running a dnsmasq version as do so many!
And it still could be your router thats answering with an older version of dnsmasq.
pihole@pihole-VM:~$ sudo ss -nltup sport = 53
[sudo] password for pihole:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=908,fd=4))
tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=908,fd=5))
pihole@pihole-VM:~$ systemctl status dnsmasq.service
Unit dnsmasq.service could not be found.
Since it errored out I wanted to enable it but....
pihole@pihole-VM:~$ sudo systemctl enable --now dnsmasq.service
Failed to enable unit: Unit file dnsmasq.service does not exist.
pihole@pihole-VM:~$ pihole status
[โ] FTL is listening on port 53
[โ] UDP (IPv4)
[โ] TCP (IPv4)
[โ] UDP (IPv6)
[โ] TCP (IPv6)
Yes I did but I don't see any reference to DNSFilter.
This started when I changed my gateway. I have checked every option on that gateway to no avail. I believe it is hidden on purpose.
I am seriously thinking of putting the gateway on bridge and get a new router.
Something other than pihole-FTL is answering.
Maybe its the stub resolver for your hypervisor/privileged management domain thats answering.
Dont know what type of virtualisation you are using but run below one on it and check if versions match:
dnsmasq --version
Or run below one on that hypervisor management domain/host VM (not on a guest VM):
pihole@pihole-VM:~$ dnsmasq --version
Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC loop-detect inotify dumpfile
This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
For the second one I would need some guidance if you don't mind.
I am using Virtual Box
