DNS resolution is currenty unavailable

Help
1

Hey team,

I am trying to update Gravity from the web interface.
This installation is 5 days old. The first (and last) successful gravity update was after the initial setup. I was able to add several adlists and run a Gravity update, everything went smoothly.

Fast forward to now, this is the error message I get:
Error message when updating Gravity:

  [✗] DNS resolution is currently unavailable

Some system info taken from the debut log:

*** [ DIAGNOSING ]: Core version
[✓] Version: v5.17.3
[i] Remotes: origin	https://github.com/pi-hole/pi-hole.git (fetch)
             origin	https://github.com/pi-hole/pi-hole.git (push)
[i] Branch: master
[i] Commit: v5.17.3-0-g19bfa08

*** [ DIAGNOSING ]: Web version
[✓] Version: v5.21
[i] Remotes: origin	https://github.com/pi-hole/web.git (fetch)
             origin	https://github.com/pi-hole/web.git (push)
[i] Branch: master
[i] Commit: v5.21-0-gbe05b0f

*** [ DIAGNOSING ]: FTL version
[✓] Version: v5.25.1
[i] Branch: master
[i] Commit: 1c2257be

*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.69

*** [ DIAGNOSING ]: php version
[i] 8.2.7

*** [ DIAGNOSING ]: Operating system
[✓] Distro:  Debian
[✓] Version: 12
[✓] dig return code: 0
[i] dig response: "Raspbian=10,11,12 Ubuntu=20,22,23 Debian=10,11,12 Fedora=36,37,38 CentOS=8,9"
[✓] Distro and version supported

*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected

*** [ DIAGNOSING ]: FirewallD
[i] Firewalld service inactive

*** [ DIAGNOSING ]: Processor
[✓] aarch64

Modem address: 192.168.2.1
Pi address: 192.168.2.201
In the modem, the DNS is set manually to 192.168.2.201. That address is outside the pool of addresses the modem can assign to other devices.

My resolv.conf file looks like this:

# Generated by NetworkManager
search home
nameserver 192.168.2.1
nameserver 192.168.2.201
nameserver 2001:4958:732::1
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2001:4958:733::1

I tried to edit it a few times:

  • remove all nameserver rows and but one, set it to 127.0.0.1
  • move 192.168.2.201 to the first position
    The file saves properly (after closing it, I reopen it and my changes are there).
    But after rebooting, the content of the file is back to what you see above.

Quite possibly related: I can't send my debug log to you guys, so I can't share a token with you. Taken from the debug logs:

[i] Debug script running in automated mode
    * Using curl for transmission.
    * curl failed, contact Pi-hole support for assistance.
    * Error message: curl: (28) Failed to connect to tricorder.pi-hole.net port 443 after 138253 ms: Couldn't connect to server

[✗] There was an error uploading your debug log.
   * Please try again or contact the Pi-hole team for assistance.
   * A local copy of the debug log can be found at: /var/log/pihole/pihole_debug.log

Quite possibly related: pihole -up fails to update. Taken from the terminal:

[✓] Update local cache of available packages
  [i] Existing PHP installation detected : PHP version 8.2.7
  [✓] Checking for git
  [✓] Checking for iproute2
  [✓] Checking for dialog
  [✓] Checking for ca-certificates

  [i] Checking for updates...
fatal: unable to access 'https://github.com/pi-hole/pi-hole.git/': Failed to connect to github.com port 443 after 137675 ms: Couldn't connect to server
  [i] Pi-hole Core:	up to date

A few things still work:

  • the pi-hole interface is accessible via http://192.168.2.201/admin/index.php
  • pi-hole is getting some traffic from my local network, and appears to be able to block some content
  • sudo apt update works on my raspberry
2

Sorry for the poor formatting, it looked a lot better before I I hit Send. I hope that's still readable.

3

Remove all nameserver and add only:

nameserver 8.8.8.8

# or any other public DNS server, like 1.1.1.1, 9.9.9.9, 208.67.222.222, etc.

Then try to update gravity again.

4

I just tried that, thanks for the fast response.

I updated and saved the file, attempted a Gravity update via the web interface.
Same error message : DNS resolution is currently unavailable.

Rebooted, opened resolv.conf again, it reverted to the old settings:

search home
nameserver 192.168.2.1
nameserver 192.168.2.201
nameserver 2001:4958:732::1

Would it help if I upload my debug log file here, or is it a bad idea?

6

Update - In order to prevent resolv.conf from being rewritten when rebooting, I did this:

sudo chattr -V +i /etc/resolv.conf

Now after rebooting, my resolv.conf still looks like this;

# Generated by NetworkManager
search home
nameserver 8.8.8.8
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.

While that's progress, I'm still unable to run Update Gravity:

[✗] DNS resolution is currently unavailable

I still can't upload my debug log, same error message.
pihole-up doesn't work either, same error message.

I also tried using 1.1.1.1 instead of 8.8.8.8. That didn't change anything.

Pi-hole is still getting traffic, still blocking sites.

Pasting some of the debut log, this could be relevant to you (essentially the red parts):

*** [ DIAGNOSING ]: Operating system
[i] Distro: Debian
[i] Version: 12
[✗] dig return code: 10
[✗] dig response: dig: couldn't get address for 'ns1.pi-hole.net': failure
[✗] Error: dig command failed - Unable to check OS

[i] Default IPv4 gateway(s):
     192.168.2.1
   * Pinging first gateway 192.168.2.1...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] sp.newarkadvocate.com is 0.0.0.0 on lo (127.0.0.1)
[✓] sp.newarkadvocate.com is 0.0.0.0 on eth0 (192.168.2.175)
[✓] sp.newarkadvocate.com is 0.0.0.0 on eth0 (192.168.2.201)
[✓] No IPv4 address available on wlan0
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] 25252flivecareer.7eer.net is :: on lo (::1)
[✓] 25252flivecareer.7eer.net is :: on eth0 (2001:4958:1e65:8e01:d83f:5ff7:5316:c412)
[✓] 25252flivecareer.7eer.net is :: on eth0 (2001:4958:1e65:8e01:ef55:12c4:39dd:1718)
[✗] Failed to resolve 25252flivecareer.7eer.net on eth0 (fe80::8489:4a81:953b:d1af)
[✓] No IPv6 address available on wlan0
[✓] doubleclick.com is 2607:f8b0:4020:806::200e via a remote, public DNS server (2001:4860:4860::8888)

[✓] ** FINISHED DEBUGGING! **

   * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
[i] Debug script running in automated mode
    * Using curl for transmission.
    * curl failed, contact Pi-hole support for assistance.
    * Error message: curl: (6) Could not resolve host: tricorder.pi-hole.net

[✗] There was an error uploading your debug log.
   * Please try again or contact the Pi-hole team for assistance.
   * A local copy of the debug log can be found at: /var/log/pihole/pihole_debug.log
7

I decided to start from scratch by reinstalling the OS. That went worse than expected.

Reinstall was made via Rasperry Pi Imager v1.7.2.
Chose Rasperry Pi OS 64-bit (recommended), release date 2023-12-05
Powered up the Pi, which has a static IP (192.168.2.201) assigned by my router
Then, since i'm using a headless setup:

sudo ssh pi@192.168.2.201
sudo ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.2.201"

Then, once I'm in:

sudo apt update && sudo apt upgrade -y

The updates downloaded and installed with no error message.

Then after reboot:

curl -sSL https://install.pi-hole.net | bash
curl: (7) Failed to connect to install.pi-hole.net port 443 after 6146 ms: Couldn't connect to server

And that's where I'm stuck.

8

That's not really progress.
Instead, you should find a way to configure nameservers via your OS's network management tool. Your resolv.conf suggests that to be NetworkManager.

But let's look at your current situation first:

What's the current contents of /etc/resolv.conf?

9

Hey there!

Right now I have this:

# Generated by NetworkManager
search home
nameserver 1.1.1.1
#nameserver 207.164.234.129
#nameserver 2001:4958:732::1
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
#nameserver 2001:4958:733::1
10

Run from your RPi, please share the result of:

dig install.pi-hole.net @1.1.1.1
11 
$ dig install.pi-hole.net @1.1.1.1
;; communications error to 1.1.1.1#53: timed out
;; communications error to 1.1.1.1#53: timed out
;; communications error to 1.1.1.1#53: timed out

; <<>> DiG 9.18.24-1-Debian <<>> install.pi-hole.net @1.1.1.1
;; global options: +cmd
;; no servers could be reached
12

Can you ping that Cloudflare DNS server IP from your RPi?

ping -c 3 1.1.1.1
13 
ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.2.201 icmp_seq=1 Destination Host Unreachable
From 192.168.2.201 icmp_seq=2 Destination Host Unreachable
From 192.168.2.201 icmp_seq=3 Destination Host Unreachable

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2045ms
pipe 3

In case that is helpful: another computer on the same local network can ping it just fine.

14

Your RPi isn't aware of a way to contact destination 1.1.1.1.

Let's see your RPi's routing table:

ip route
15 
ip route
default via 192.168.2.1 dev eth0 src 192.168.2.201 metric 1002 
192.168.2.0/24 dev eth0 proto dhcp scope link src 192.168.2.201 metric 1002
16

What's the result of:

ip -4 address show eth0
17 
ip -4 address show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.2.201/24 brd 192.168.2.255 scope global dynamic noprefixroute eth0
       valid_lft 256450sec preferred_lft 256450sec
18

This is a networking/OS level issue.

Your RPi seems unable to connect to public addresses, presumably due to lack of proper routing.

Your dig via 1.1.1.1 as well as the ping results for 1.1.1.1 demonstrate that this is not to due to Pi-hole's DNS resolution or DNS in general.
Rather, access to 1.1.1.1 itself seems to be blocked somehow.

Your routing table looks normal, apart from the default route not being tagged as dhcp. Did you manually set the RPi's gateway, perhaps?
What's your router's IP?
Does your router's firewall or a firewall on your RPi block your Pi-hole from connecting to the Internet, perhaps?

19

Your routing table looks normal, apart from the default route not being tagged as dhcp. Did you manually set the RPi's gateway, perhaps?

I can take a look. Where in the Pi files would that be?
On the modem itself, the Pi's address is static but I can always change it.

What's your router's IP?

192.168.2.1

Does your router's firewall or a firewall on your RPi block your Pi-hole from connecting to the Internet, perhaps?

I don't see any on the router itself.
There's an option to open certain ports, but right now the list is empty.
I can see any indication that my router is blocking traffic from the Pi specifically, but letting traffic from every other device through.
Out of curiosity I ran curl -sSL https://install.pi-hole.net | bash on another computer on the same network (it eventually failed because the OS isn't supported, but at least I was able to reach the page).

20

firewall on your RPi

Sorry, missed that part.
I haven't installed any. Unless there's one that comes preinstalled?

21

I just reinstalled everything out of curiosity. Everything's brand new, not even a sudo apt update yet.

Everything's pretty much the same except resolv.conf (which has several nameserver lines not commented out), and a ping to google.com that (unexpectedly for me) works.

sudo nano /etc/resolv.conf
# Generated by NetworkManager
search home
nameserver 192.168.2.1
nameserver 207.164.234.129
nameserver 2001:4958:732::1
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2001:4958:733::1

dig install.pi-hole.net @1.1.1.1
;; communications error to 1.1.1.1#53: timed out
;; communications error to 1.1.1.1#53: timed out
;; communications error to 1.1.1.1#53: timed out

; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> install.pi-hole.net @1.1.1.1
;; global options: +cmd
;; no servers could be reached

ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.2.201 icmp_seq=1 Destination Host Unreachable
From 192.168.2.201 icmp_seq=2 Destination Host Unreachable
From 192.168.2.201 icmp_seq=3 Destination Host Unreachable

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2048ms
pipe 3

ip route
default via 192.168.2.1 dev eth0 proto dhcp src 192.168.2.201 metric 100 
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.201 metric 100

ip -4 address show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.2.201/24 brd 192.168.2.255 scope global dynamic noprefixroute eth0
       valid_lft 258768sec preferred_lft 258768sec

Interestingly this works now:

ping google.com
PING google.com(yyz12s08-in-x0e.1e100.net (2607:f8b0:400b:803::200e)) 56 data bytes
64 bytes from yyz12s08-in-x0e.1e100.net (2607:f8b0:400b:803::200e): icmp_seq=1 ttl=115 time=13.4 ms
64 bytes from yyz12s08-in-x0e.1e100.net (2607:f8b0:400b:803::200e): icmp_seq=2 ttl=115 time=11.3 ms
64 bytes from yyz12s08-in-x0e.1e100.net (2607:f8b0:400b:803::200e): icmp_seq=3 ttl=115 time=11.1 ms
64 bytes from yyz12s08-in-x0e.1e100.net (2607:f8b0:400b:803::200e): icmp_seq=4 ttl=115 time=11.0 ms
64 bytes from yyz12s08-in-x0e.1e100.net (2607:f8b0:400b:803::200e): icmp_seq=5 ttl=115 time=11.1 ms
64 bytes from yyz12s08-in-x0e.1e100.net (2607:f8b0:400b:803::200e): icmp_seq=6 ttl=115 time=11.0 ms
^C64 bytes from 2607:f8b0:400b:803::200e: icmp_seq=7 ttl=115 time=11.2 ms

--- google.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 18432ms