DNS service not starting

doodlebug · June 25, 2020, 11:41am

I had pihole running with dnscrypt successully. After a power outage caused a reboot, DNS and FTL are no longer running.

It appeared that the solution should be to set DNSStubListener=no in resolved.conf to make sure that there is no DNS server running before pihole starts but this does not work (yes i did reboot after changing the setting)

This is what i am seeing..

root@raspberrypi:~# pihole status
  [✗] DNS service is NOT running
root@raspberrypi:~# pihole restartdns
  [✓] Restarting DNS server
root@raspberrypi:~# pihole status
  [✗] DNS service is NOT running

root@raspberrypi:~# pihole-FTL test
dnsmasq: failed to create listening socket for port 53: Address already in use

root@raspberrypi:~# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      514/vncserver-x11-c 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      552/lighttpd        
tcp        0      0 127.0.0.1:10001         0.0.0.0:*               LISTEN      349/dnscrypt-proxy  
tcp        0      0 127.0.2.1:53            0.0.0.0:*               LISTEN      1/init              
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      538/sshd            
tcp6       0      0 :::5900                 :::*                    LISTEN      514/vncserver-x11-c 
tcp6       0      0 :::80                   :::*                    LISTEN      552/lighttpd        
tcp6       0      0 :::22                   :::*                    LISTEN      538/sshd            
udp        0      0 127.0.2.1:53            0.0.0.0:*                           1/init              
udp        0      0 0.0.0.0:68              0.0.0.0:*                           467/dhcpcd          
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           374/avahi-daemon: r 
udp        0      0 127.0.0.1:10001         0.0.0.0:*                           349/dnscrypt-proxy  
udp        0      0 0.0.0.0:48454           0.0.0.0:*                           374/avahi-daemon: r 
udp6       0      0 :::38927                :::*                                374/avahi-daemon: r 
udp6       0      0 :::5353                 :::*                                374/avahi-daemon: r

root@raspberrypi:~# cat /etc/systemd/resolved.conf 
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=no
#Cache=yes
DNSStubListener=no
#ReadEtcHosts=yes

pihole debug suggests the following....

*** [ DIAGNOSING ]: Ports in use
[53] is in use by systemd (https://discourse.pi-hole.net/t/hardware-software-requirements/273#ports)
*:5900 vncserver- (IPv6)
*:5900 vncserver- (IPv4)
*:22 sshd (IPv4)
*:22 sshd (IPv6)
[80] is in use by lighttpd
[80] is in use by lighttpd
127.0.0.1:10001 dnscrypt-p (IPv4)
[53] is in use by dnscrypt-p (https://discourse.pi-hole.net/t/hardware-software-requirements/273#ports)

I have tried stopping dnscrypt-proxy and restarting dns to no avail

root@raspberrypi:~# dnscrypt-proxy -service stop
[2020-06-25 12:35:42] [NOTICE] dnscrypt-proxy 2.0.19
[2020-06-25 12:35:42] [NOTICE] Service stopped
root@raspberrypi:~# pihole restartdns
  [✓] Restarting DNS server
root@raspberrypi:~# pihole status
  [✗] DNS service is NOT running
root@raspberrypi:~# pihole-FTL test
dnsmasq: failed to create listening socket for port 53: Address already in use

So I am at something of a loss how to get this back working. Any help gratefully received!

Bucking_Horn · June 25, 2020, 12:14pm

doodlebug:

*** [ DIAGNOSING ]: Ports in use
[53] is in use by systemd (https://discourse.pi-hole.net/t/hardware-software-requirements/273#ports)
[53] is in use by dnscrypt-p (https://discourse.pi-hole.net/t/hardware-software-requirements/273#ports)

This is what you need to resolve.

Get rid of systemd hooking port 53 altogether.
Configure dnscrypt-p to listen on another port (e.g. 5335) and have Pi-hole forward queries to it (e.g. to 127.0.0.1#5335).

doodlebug · June 25, 2020, 12:37pm

So i tried to stop systemd grabbing port 53 by setting

DNSStubListener=no

in /etc/systemd/resolved.conf as that was a solution i read, but that doesn't seem to work.

I stopped resolvconf

root@raspberrypi:~# systemctl status resolvconf
● resolvconf.service - Nameserver information manager
   Loaded: loaded (/lib/systemd/system/resolvconf.service; enabled; vendor preset: enabled)
   **Active: inactive (dead) since Thu** 2020-06-25 13:21:46 BST; 13s ago

I also checked systemd-resolved which is also inactive.

root@raspberrypi:~# systemctl status systemd-resolved 
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/systemd-resolved.service.d
           └─resolvconf.conf
   **Active: inactive (dead)**

and it still says 53 is in use...

> [53] is in use by systemd (https://discourse.pi-hole.net/t/hardware-software-requirements/273#ports)

And netstat still shows it listening.

root@raspberrypi:~# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      514/vncserver-x11-c 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      552/lighttpd        
tcp        0      0 127.0.2.1:53            0.0.0.0:*               LISTEN      1/init              
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      538/sshd            
tcp6       0      0 :::5900                 :::*                    LISTEN      514/vncserver-x11-c 
tcp6       0      0 :::80                   :::*                    LISTEN      552/lighttpd        
tcp6       0      0 :::22                   :::*                    LISTEN      538/sshd            
udp        0      0 127.0.2.1:53            0.0.0.0:*                           1/init              
udp        0      0 0.0.0.0:68              0.0.0.0:*                           467/dhcpcd          
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           374/avahi-daemon: r 
udp        0      0 0.0.0.0:48454           0.0.0.0:*                           374/avahi-daemon: r 
udp6       0      0 :::38927                :::*                                374/avahi-daemon: r 
udp6       0      0 :::5353                 :::*                                374/avahi-daemon: r

Any idea where else i can look to try to can the damn systemd service?

Bucking_Horn · June 25, 2020, 1:17pm

I can't know for sure, since available options may depend on your distro as well as on any single involved package version (e.g. the DNSStubListener option you used would only be effective in certain versions).

Did you try (edit:) to disable systemd-resolved completely?

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

doodlebug · June 25, 2020, 1:36pm

I did yes

Distro is root@raspberrypi:~# uname -a
Linux raspberrypi 4.19.118-v7+ #1311 SMP Mon Apr 27 14:21:24 BST 2020 armv7l GNU/Linux

updated all packages before i starting trying to figure this out, and I have done nothing from the vanilla install but add a couple packages along with pihole and dnscrypt but the networking is just a static ip address configured in dchpcd

Bucking_Horn · June 25, 2020, 1:53pm

If systemd-resolved is still hogging port 53, something else must restart it.
Some other networking tools (like Network Manager) may interfere here.

As this is not Pi-hole related, you may improve your chances for finding an answer by additionally consulting your specific distro's support forums.

doodlebug · June 26, 2020, 9:09am

OK I got this sorted,so for anyone else seeing something similar...

It seems that for some reason despite dnscrypt being configured to use port 10001 it was still starting resolv on port 53. I had to disable both dnscrypt AND resolve - stopping them didn't do the job.

systemctl disable dnscrypt-proxy-resolvconf
systemctl disable resolvconf.service