Disable pi-hole only on host (Use different DNS than pi-hole only for host)

MrBak · August 31, 2019, 5:30pm

Hello!
I use pi-hole on all me devices on my network, but I want the ubuntu machine which runs pi-hole to not use pi-hole for it's own DNS queries.

I did searches past three days, this is the only thing that I could find:

Which does not answer my question, it answers for changing DNS for the clients and not the host.

Thanks very much !

pi2048 · August 31, 2019, 5:39pm

You could read into modifying /etc/resolv.conf

As far as I know the straightforward way of "forcing" some specific nameserver(s) (overriding the local one, or DHCP) is to modify how resolv.conf is constructed.
You could edit (as superuser) /etc/resolvconf/resolv.conf.d/base, adding e.g. "nameserver 8.8.8.8" or whatever you fancy.
Issue "resolvconf -u" or reboot and resolv.conf should contain the nameservers you configured in "base".

MrBak · August 31, 2019, 6:10pm

The /etc/resolvconf/resolv.conf.d/base file is empty so I don't think pi-hole is using it.
I'm using DNSCrypt along pi-hole, so the /etc/resolv.conf contains 127.0.0.1. (DNSCrypt is running on port 5300)
And when I do nslookup youtube.com, it actually shows that it's using systemd-resolved (127.0.0.1#53) (not 100% sure, it could be pi-hole itself running on port 53).

s@ubuntu:~$ nslookup youtube.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
Name:	youtube.com
Address: 172.217.20.46
Name:	youtube.com
Address: 2a00:1450:400e:80d::200e

But truth to the matter is, it's actually using pi-hole, because I can see the query of youtube.com from ubuntu machine on pi-hole's web server which means pi-hole is using dnsmasq to forward the dns request to server 192.168.1.40.
Just to make sure of this, I have checked the /etc/dnsmasq.d/01-pihole.conf file and it indeed reports:
server 192.168.1.40

So now that everything's tracked down to dnsmasq, I just have to edit the dnsmasq profile right? But I shouldn't. Because at the beginning of this very file, a hint is written:

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
###############################################################################

And this is what I don't know about.. I'm worried if I edit this file, it will break pi-hole for the clients and my devices would not be able to use pi-hole anymore.
I don't know what to do here.

MrBak · August 31, 2019, 6:21pm

Ok I'm a little confused.
sudo ss -lp "sport = :domain" reports that pihole-FTL is running on port 53.
But also when I do sudo systemctl status systemd-resolved, it reports Active: active (running) so what port is systemd-resolved running on now?!
I think I can edit /etc/resolv.conf and I should be good to go..right? But I don't think so because, systemd-resolved is not actually running right?
Ugh.. someone help me please

Edit: I realized from the pi-hole dnsmasq config that there's no-resolv which means do not use /etc/resolv.conf

pi2048 · August 31, 2019, 8:43pm

/etc/resolvconf/resolv.conf.d/base has nothing to do with Pi-hole and it is normally empty. Because normally you don't want to override what other services are putting into resolv.conf.

As I wrote, you could use it to override resolv.conf with your nameserver of choosing.
Even if you'd be running 1, 2 or 3 nameservers the one specified in "base" would take precedence.

I'm guessing that systemd-resolved is running on 127.0.0.53:53 and not on 127.0.0.1, at least it is on my ubuntu.

MrBak · August 31, 2019, 9:32pm

Ok I was worried that somehow if I use resolvconf, it will break pi-hole lol
But I did as you said anyways:

sx@ubuntu:~$ echo "nameserver 1.1.1.1" | sudo tee /etc/resolvconf/resolv.conf.d/base
sx@ubuntu:~$ cat /etc/resolvconf/resolv.conf.d/base
nameserver 1.1.1.1
sx@ubuntu:~$ sudo resolvconf -u

But nslookup still reports 127.0.0.1 is being used for DNS queries :frowning: 
sx@ubuntu:~$ nslookup whatever
Server:		127.0.0.1
Address:	127.0.0.1#53

Even if I use Ubuntu's GUI to add IPv4 DNS, it still doesn't work.

I've even read through Block Millions Of Ads Network-wide With A Raspberry Pi-hole 2.0 But I'm still clueless on how pi-hole actually works..

pi2048 · September 1, 2019, 10:42am

It's my mistake, I've just checked on my setup and I'm using /etc/resolvconf/resolv.conf.d/head instead of base. Probably I've used base for something in the past and I mixed up the two.

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.178.1
nameserver 127.0.0.1
search fritz.box

The first nameserver above comes from /etc/resolvconf/resolv.conf.d/head, the second one from systemd-resolved.

MrBak · September 1, 2019, 10:48am

Thank you very very much! It's working
And for the record, systemd-resolved runs on 127.0.0.1#53 as I mentioned. Not the one you said

system · September 22, 2019, 10:48am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.