Dhcpcd.conf domain_name_servers

bkbartje · June 25, 2019, 6:56pm

Hello,
I have a question,
after installing pi-hole in my dhcpcd.conf I see the following line

static domain_name_servers=127.0.0.1

which means the servers own dhcp server is localhost.
The issue here is that when pi-hole doens't work and dns won't start pi-hole isn't able to update so it is unable to repear itself using

pihole -r

why not add fallback dns here like

static domain_name_servers=127.0.0.1 1.1.1.1 1.0.0.1

where the fallbacks are the selected nameservers for pi-hole.

I just had this issue after some stupid mistake I made and I changed the setting here to 1.1.1.1 so I was able to fix pihole.
I can imagine others have the same issue,
Also you might can send those alternative dns server to the client using dhcp, so if only dns fails and dhcp works, users can still use the internet.

If this last think is a security concern, it would be a solution to make this configurable

With kind regards.

Bart

deHakkelaar · June 25, 2019, 10:05pm

It configures the global DNS settings, not DHCP, on the local Pi-hole device:

pi@noads:~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

IP 127.0.0.1 on the local loopback network interface "lo" is where pihole-FTL is listening on DNS ports 53 TCP & UDP:

pi@noads:~ $ ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
[..]
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      654/pihole-FTL
tcp6       0      0 :::53                   :::*                    LISTEN      654/pihole-FTL
udp        0      0 0.0.0.0:53              0.0.0.0:*                           654/pihole-FTL
udp6       0      0 :::53                   :::*                                654/pihole-FTL

All processes depending on DNS resolution running on the Pi-hole device will use this IP address for resolution if not configured otherwise:

pi@noads:~ $ host -v pi-hole.net
[..]
Received 86 bytes from 127.0.0.1#53 in 25 ms

The pihole-FTL process itself doesnt use this IP for DNS resolution.
Instead it uses the upstream DNS servers you've configured here:

http://pi.hole/admin/settings.php?tab=dns

I believe if you configure other DNS servers here, it might break the displaying of the client hostnames on the web GUI.
I believe the web GUI also uses 127.0.0.1 for DNS resolution to display the client hostnames.
Maybe a mod or dev can confirm ?

EDIT:

pi@noads:~ $ echo 'nameserver 1.1.1.1' | sudo tee /etc/resolv.conf
nameserver 1.1.1.1

pi@noads:~ $ sudo service pihole-FTL restart
pi@noads:~ $

deHakkelaar · June 26, 2019, 12:29am

I tried cheating in above posting replacing the initially posted 8.8.8.8 for 1.1.1.1
But noticed just now its not working:

pi@noads:~$ host pi-hole.net 1.1.1.1
;; connection timed out; no servers could be reached

Second one does:

pi@noads:~$ host pi-hole.net 1.0.0.1
Using domain server:
Name: 1.0.0.1
Address: 1.0.0.1#53
Aliases:

pi-hole.net has address 206.189.252.21
[..]

Must be troubles again

evnglst · October 22, 2019, 6:02pm

Related question. Please let me know if this deserves/requires a new thread.

If I'm going to use 127.0.0.1 as the static ipv4 DNS setting in /etc/dhcpcd.conf, like this:

interface eth0
[....]
static domain_name_servers=127.0.0.1

.... shouldn't I be also covering ipv6 with ::1/128 ? like this:

interface eth0
[....]
static domain_name_servers=127.0.0.1 ::1/128

Thanks for any pointers.

Also, I guess, the ipv4 loopback should have a range: 127.0.0.1/24 ?

George

deHakkelaar · October 22, 2019, 10:52pm

Dont need to.
You can query for IPv6 addresses using only IPv4:

pi@noads:~ $ host -t aaaa pi-hole.net 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

pi-hole.net has IPv6 address 2604:a880:400:d0::1071:1

But if want to go IPv6 all out, yes I would replace 127.0.0.1 with ::1 and leave out the subnet mask /128.
Pi-hole is listening to both (see previous posted netstat output).

If you mean the subnet mask for the lo interface, thats set by the distro and not the Pi-hole install.
The lo interface is not there for Pi-hole alone, other software make use if this loopback interface as well.

evnglst · October 23, 2019, 6:03pm

@deHakkelaar Thank you.