DNS problems

Hello,

I run pihole on olimex server with debian bullseye. Pihole is set via DHCP with 192.168.178.56 and the telekom router is on 192.168.178.1. I want to set pihole as the system wide DNS server. So I set it in the router settings (speedport pro plus).

After that, I get no connection from pihole to the internet. If I take the pihole as DNS server on the router away, the connection is back. So the pihole can not have itself as the own dns server. But the thing is, within pihole, I set the DNS to OepnDNS and DNS.WATCH.

So where is the problem?

Best regards
pihitch

Pi-hole can use itself as the system DNS but it's not recommended, because if it encounters a bug which is fixed in an update, or if a rule blocks something it needs for maintenance, it can end up stuck unable to reach what it needs.

The Pi-hole DNS setting is the one you're describing at the end there. The setting of interest is the the OS DNS setting, on which Pi-hole is running, which is set normally during OS install. For Debian 11 this is found in /etc/resolv.conf. I think for Debian 12 it's managed by Network Manager.

So have a look in /etc/resolv.conf, and see what that says. You should see something like the below, and you can manually edit it if needed, changes are instant. If this file is being managed by something you'll normally see a comment in there advising as well, and you should use whatever that is to make the changes instead, for example it might say that it's managed by Network Manager so you would use that instead.

nameserver 1.1.1.1

Ideally you want the Debian 11 setup to have a static IP and manually entered details which are fixed, and that's where the OS nameservers would have been originally populated from during setup.

ah, this was the point, I supposed!
Thanks! I'll try it!

Edit:
eth0 has the following setting:
iface eth9 inet dhcp
dns nameserver xxx (some servers from privacy handbuch)

dhclient.conf has even prepend domain-name-servers xxx (the same servers)

so the resolv.conf has the following after restart:
3 nameservers, which I set + search speedport.ip

So maybe thats the problem??
Because I still get DNS resolve error, when I set the global DNS to PiHole in my Speedport.

no idea for the solution? :slight_smile:

Can you create a debug log please and post the token URL here? You can do this in Tools > Generate debug log > Upload debug log and provide Debug token > Generate debug log .

yess: https://tricorder.pi-hole.net/xoSJVS0H

Thanks. When you wrote "I get no connection from pihole to the internet" can you expand on exactly what that means please? What are you trying and what happens? What are you expecting to see? What happens when you try and access a blocked site from a client computer on the network, when Pi-hole is the DNS server in the router?

Your debug log shows the router is giving itself out as the DNS server to use instead of the Pi-hole. Normally that would be a reason why Pi-hole is not being used by clients. In your case I think you're describing something different, which is why I ask the question above. And since you removed Pi-hole as DNS, that probably explains why this debug log shows the router is once again the DNS server.

If I set PiHole as the DNS server in my speedport router, I can not even ping something within PiHole. So I ping 1.1.1.1 and get no answer. If the speedport itself is DNS, I can ping, can update etc. So surely the DNS server is now just the speedport, because otherwise, I could not upload the log file. I'm not even so far to try smth with clients, because the PiHole itself get no connection to the internet, if I set it as DNS in speedport.

So the question is not, why it's not beeing used by clients, but, why PiHole get no connection if set as DNS in the speedport.

I hope, the problem is a little bit clearer now. Thanks!

Sorry for pushing, but maybe somebody has an idea? :slight_smile:

This guide is from a few years ago. Perhaps someone with a speedport could chime in. I didn't do an exhaustive search but there are comments suggesting that you need to use pihole as the DHCP server for speedports. That might not apply to your model.

Pinging an IP address is not affected by the DNS server used in your router. There is something more going on in what you describe. Ideally you want the following:

  1. Router is working and is the DHCP server and DNS server for the network initially. The router's own upstream DNS is something external, probably your ISP's DNS.
  2. You install Pi-hole and arrange for it to have a static IP (either manually or reserved by the router)
  3. Edit the router's DHCP setting so that it gives out the Pi-hole's IP instead of itself (the router) to clients to use as DNS
  4. Toggle a device off and on your network so it picks up the settings. Test that it's using Pi-hole for DNS.

If the router does not support editing the DHCP settings and changing the DNS, as CallMeCurious suggested, then you can switch to using Pi-hole as the DHCP server. That requires a little bit of planning, but first step is to confirm that you can make the change.

puh.. stupid telekom crap! Sorry... have just problems with this provider, but can not change because of the LTE function which is needed.

@chrislph the points are all set, as you mention. I can set DNS in the speedport pro plus version. In the pihole, I set some tracker free DNS. So for my understanding, it should work this way.

Speedport as DHCP server with Pihole as DNS --> Pihole via LAN with extra DNS upstream ---> Clients use Speedport as DNS and get the PiHole as DNS.

But exactly that way, I just get no connection to the internet within Pihole/Debian, after I set Pihole as DNS server within speedport. I have no explanation for such behavior.

Can you please try the following steps?

  • Set Pi-hole as the DNS in the Speedport router's DHCP section
  • Select a client machine, eg a laptop or a desktop (not Pi-hole) and take it off and back on to the network (to pick up the new Speedport DNS setting)

Then on that client machine run the three commands below. What do you get?

nslookup flurry.com
nslookup flurry.com 192.168.178.56
ping 1.1.1.1   (let it try a few times then use Ctrl-c to quit)

And then ssh in to the Pi-hole terminal and run these three commands. What do you get?

nslookup flurry.com
nslookup flurry.com 127.0.0.1
ping 1.1.1.1   (let it try a few times then use Ctrl-c to quit)

While the Speedport is set up with Pi-hole, can you please do another debug log and post the new token here.

If Pi-hole says it cannot upload the debug log because it cannot connect to the internet, put the Speedport back to the way it was so the internet works again, and then upload that same debug log with the command

sudo cat /var/log/pihole/pihole_debug.log | pihole tricorder

and post the token here, and tell us what happened, did it work or did you have to put it back.

done so: https://tricorder.pi-hole.net/9DcG8nO2

On the client:
flurry. com works
flurry.com 192.168.178.56 (PiHole) shows time out
ping works

On the debian/pihole works nothing, so time out

By the way. Speedport uses ipv6 DNS before it uses ipv4. I set just 192.168.178.56 for pihole. Tried to set the ipv6, but it shows me an error while saving. This should be the ipv6 from pihole: 2003:f2:6720:c3fb:321f:9aff:fed1:4263/64

The debug log shows that the router is the DHCP server but it is still giving out itself (the router) to use as DNS and not Pi-hole. Did you follow these steps? What happened?

The debug log shows that Pi-hole is blocking domains, but it was unable to ping the router via IPv4 and was able to ping it via IPv6. And it was unable to reach Google's DNS via IPv4 but was able to reach it via IPv6.

My suspicion is that some aspect of your Olimex Debian setup is interfering with its operation, maybe a firewall or the way the network was confgured during installation. I'm afraid I'm out of ideas other than to try a clean install and follow the above steps, making sure things are working at each step along the way.

If you are not using IPv6 for anything you might consider disabling it, if that's possible, at least temporarily. This will eliminate that as a variable.

Others may have some further suggestions.

Is this guide specific only to routers distributed by Telkom Speekport, or for any router using a Telekom Speedport service/modem?

Kind Regards,
Lori Jenks
Veri-T CT Parts
veritct@gmail.com



| CallMeCurious
June 5 |

  • | - |

pihitch:

speedport router

This guide is from a few years ago. Perhaps someone with a speedport could chime in. I didn't do an exhaustive search but there are comments suggesting that you need to use pihole as the DHCP server for speedports. That might not apply to your model.

No idea. It was a users post from 2020 that came up in a search for this posters issue.