I have set up pi-hole on a raspberry pi 4 model b. No issues with installation. It has the local IP address 192.168.1.15. I have updated the router to ensure that the pi will always get this IP address. I then update the settings in router to use that IP address as the DNS address. Symptoms I get are as follows:
Pi-Hole will work immediately, but for a very short period of time (maybe 1-2 minutes at best).
Pi-Hole will then stop resolving DNS, and all of my devices on network will stop working as they can't resolve addresses.
Pi-Hole will sometimes show an error that the Maximum number of concurrent dns queries has been reached. Other times it won't show any errors.
I have no way of resolving this without removing the pi-hole IP address from router's DNS settings.
Note 1: for upstream DNS I use a smart DNS provider, but I have tested with Google's and it's the same behaviour regardless.
Note 2: I set up Pi-Hole in an AWS free-tier instance before I got my hands on a pi, and it has worked with no issues. The configuration/setup/options I can see look to be identical between the version running in AWS and the version running on the Pi (apart from the IP address, obviously), but one works perfectly and the other doesn't.
Details about my system:
I have a raspberry pi 4, model b - runs Raspberry Pi OS. Simple install, followed all of the default settings.
I have the pi set up to connect using wifi for now (will move to ethernet once it's fully set up - the router is awkward to get to, so it's easier to use wifi while setting up).
I am with Vodafone Ireland, using a Gigabox router. I have previously had smart DNS (and prior to that Google's DNS or 1.1.1.1) on that router with no issues.
What I have changed since installing Pi-hole:
Nothing, this issue appeared immediately after enabling pi-hole by updating the DNS settings on router.
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
Hey,
If I have the pi-hole IP set up in DNS, then I can't upload the debug log (Error message: curl: (6) Could not resolve host: tricorder.pi-hole.net). I can't manually upload it either.
If I set the IP address to be something other than pi-hole then it will upload fine, but is that correct then (as pi-hole is not being used then).
I have a copy of the debug log from when pi-hole was set in DNS stored locally, what's best next step?
The only problem I see in your debug log that could be related to this problem is:
Aug 29 14:32:46 dnsmasq[716]: query[PTR] 109.117.78.109.in-addr.arpa from 127.0.0.1
Aug 29 14:32:46 dnsmasq[716]: config error is REFUSED (EDE: network error)
Aug 29 14:32:46 dnsmasq[716]: query[PTR] 109.117.78.109.in-addr.arpa from 127.0.0.1
Aug 29 14:32:46 dnsmasq[716]: config error is REFUSED (EDE: network error)
There are no related diagnostic messages.
There is a possibility that the Pi is losing WiFi connection to your network.
I do note that your DHCP server is not passing out the IP of Pi-hole for DNS:
DHCP options:
Message type: DHCPOFFER (2)
server-identifier: 192.168.1.1
lease-time: 86400 ( 1d )
netmask: 255.255.255.0
router: 192.168.1.1
dns-server: 192.168.1.1
dns-server: 5<redacted>4
hostname: "VFIEVOX3.Router"
renewal-time: 43200 ( 12h )
rebinding-time: 75600 ( 21h )
--- end of options ---
DHCP packets received on interface wlan0: 1
DHCP packets received on interface eth0: 0
DHCP packets received on interface lo: 0
Your Pi-hole is open to public DNS requests via your public IP.
(I have redacted that from your above output.)
You are runing an open resolver, which poses a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
Your observation of Pi-hole being unresponsive as well as the REFUSED error codes may be attributable to some misuse already happening (edit: at least one client 109.78.8.9 is not from your internal network, accounting for the second highest number of DNS requests).
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.
Could you post screenshots for all DNS related settings in your router and post make/model pls?
You can paste screenshots here directly.
Most likely you have DNS settings for both LAN and WAN/Internet.
Recommended is below:
If those are the only DNS settings in the router, they appear to be for the WAN side.
Which explains why your router WAN IP (your public Internet IP) appears in the Pi-hole logs.
Plus it explains the warning you received.
What is preferred and described in the docs is to have the DHCP service for your LAN (currently active on your router) to advertise the Pi-hole IP to its clients for DNS resolution.
Advantages are:
one less hop in the DNS path;
you see real stats from your clients on the webGUI instead of only your router;
and particular Pi-hole features become available like for example defining client groups.
Check if you can disable the DHCP service on the router?
As a replacement, you can let Pi-hole take over the DHCP service part for your network:
Best when switching is to enable the DHCP service on Pi-hole first before disabling the one on the router!
This because some routers drop the LAN connection temporarily causing your clients to try and renew their DHCP lease while the DHCP service might not be up and running yet.
Have you made sure that your Pi-hole instance is not an open resolver?
You can check by running below one on the Pi to figure out your public IP:
Finally got this work. The exact steps I took were as follows:
On my pihole, enable DHCP. Leave DHCP enabled on router.
On my router, edit DHCP settings to only offer 1 IP address (192.168.1.2).
On my router, edit DNS settings and disable DNS.
On my pihole, ensure than DNS is set up correctly.
Restart router and restart pihole.
I don't know why I had to follow these specific steps, but anything else I tried would fail. I can now confirm that I have pihole up and running and (because I am using smart DNS) I can 100% confirm that the DNS settings from the pihole are being respected on my devices.