DNS unable to start and FTL offline v 4.0

v4-0

#1

Hello
DNS will start start after repeated restarts and initiating from the Phihole UI.

The Pilhole UI show dns status service not running. I also shows FTL not running.

Debug Token:

zyr6jrxvhu

Actual Behaviour:

● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; bad; vendor preset: enabled)
Active: active (exited) since Sat 2018-08-11 13:42:47 EDT; 33min ago
Docs: man:systemd-sysv-generator(8)
Process: 1764 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SU

Aug 11 13:42:44 amlogic pihole-FTL[1764]: Failed to set capabilities on file `/u
Aug 11 13:42:44 amlogic pihole-FTL[1764]: The value of the capability argument i
Aug 11 13:42:45 amlogic su[1934]: Successful su for pihole by root
Aug 11 13:42:45 amlogic su[1934]: + ??? root:pihole
Aug 11 13:42:45 amlogic su[1934]: pam_unix(su:session): session opened for user
Aug 11 13:42:47 amlogic pihole-FTL[1764]: dnsmasq: failed to create listening so
Aug 11 13:42:47 amlogic systemd[1]: Started LSB: pihole-FTL daemon.
Aug 11 13:49:57 amlogic systemd[1]: Started LSB: pihole-FTL daemon.
Aug 11 13:50:09 amlogic systemd[1]: Started LSB: pihole-FTL daemon.
Aug 11 14:13:52 amlogic systemd[1]: Started LSB: pihole-FTL daemon.

sudo netstat -ntlp | grep 53
and
sudo lsof -i :53 +c 0 | awk 'FNR==2{ print $1 }’

yield nothing


Problem with FTL and dnsmasq after pihole -up
#2

Your kernel/filesystem does not support the capabilities required for letting FTL bind to the right ports when running under a non-root user.


#3

Can i grant the pihole user elevated privs?


#4

You can not grant users specific permissions, besides giving them sudo access. You can however give programs different capabilities, which is what we do with FTL. However, your system does not support that.


#5

hmm problem is i know this kernel will support a amlogic 905x processor on a sdcard. What version of Ubuntu will support the capability you referenced in your previous thread?


#6

What type of filesystem are you using? Ext4/F2FS/NFS?


#7
Filesystem      Size  Used Avail Use% Mounted on
udev            326M     0  326M   0% /dev
tmpfs            85M  8.7M   76M  11% /run
/dev/mmcblk1p2   15G  3.2G   11G  23% /
tmpfs           423M  9.7M  413M   3% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           423M     0  423M   0% /sys/fs/cgroup
tmpfs           423M  3.3M  419M   1% /tmp
/dev/mmcblk1p1  128M   50M   78M  39% /boot
log2ram          50M   11M   40M  21% /var/log
tmpfs            85M   36K   85M   1% /run/user/0

#8

That doesn’t show what type of filesystem. We might be able to see with cat /etc/fstab.


#9

What is the output from sudo systemctl status --full --no-pager pihole-FTL.service? That should show why setcap is not completing.


#10

it is on an 16gb sdcard booted from a nexbox media player,

root@amlogic:~# cat /etc/fstab
LABEL=ROOTFS / ext4 defaults,noatime,nodiratime,commit=600,errors=remount-ro 0 1
LABEL=BOOT /boot vfat defaults 0 2
tmpfs /tmp tmpfs defaults,nosuid 0 0


#11

root@amlogic:~# sudo systemctl status --full --no-pager pihole-FTL.service
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; bad; vendor preset: enabled)
Active: active (exited) since Sat 2018-08-11 14:27:22 EDT; 57min ago
Docs: man:systemd-sysv-generator(8)

Aug 11 14:27:21 amlogic pihole-FTL[9203]: Not running
Aug 11 14:27:21 amlogic pihole-FTL[9203]: chown: cannot access ‘/etc/pihole/dhcp.leases’: No such file or directory
Aug 11 14:27:21 amlogic pihole-FTL[9203]: Failed to set capabilities on file `/usr/bin/pihole-FTL’ (Invalid argument)
Aug 11 14:27:21 amlogic pihole-FTL[9203]: The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
Aug 11 14:27:22 amlogic su[9228]: Successful su for pihole by root
Aug 11 14:27:22 amlogic su[9228]: + ??? root:pihole
Aug 11 14:27:22 amlogic su[9228]: pam_unix(su:session): session opened for user pihole by (uid=0)
Aug 11 14:27:22 amlogic pihole-FTL[9203]: dnsmasq: failed to create listening socket for port 53: Permission denied
Aug 11 14:27:22 amlogic systemd[1]: Started LSB: pihole-FTL daemon.
Aug 11 14:27:40 amlogic systemd[1]: Started LSB: pihole-FTL daemon.


#12

And sudo ls -lah /usr/bin/pihole-FTL?


#13

root@amlogic:~# sudo setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip /usr/bin/pihole-FTL
Failed to set capabilities on file `/usr/bin/pihole-FTL’ (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
root@amlogic:~# sudo ls -lah /usr/bin/pihole-FTL
-rwxr-xr-x 1 root root 4.1M Aug 10 04:29 /usr/bin/pihole-FTL
root@amlogic:~#


#14

Those are all the necessary commands for running FTLDNS. Since it is failing it does not look like we will be able to support that distribution or platform. What kind of server/board is it and what are you using for the distribution?


#15

this distro , 4.16.1-amlogics905x
, supports the board on my Nexbox device (old andriod based media box). I have repurposed the device via sdcard boot to run pihole explicitly.


#16

what’s this

Users that cannot use Linux capabilites for various reasons (lacking kernel or file system support) can modify the startup scripts of pihole-FTL to ensure the daemon is started as

i found it here

https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities


#17

However, be aware of that you do so on your own risk

It is possible, but we can not support it.


#18

how is

modify the startup scripts of pihole-FTL to ensure the daemon is started as root

different than adding the pihole user to the sudo users group


#19

The script does not run FTL with sudo, and giving the entire pihole user root access via sudo is not the same as starting one application with root.


#20

where is the script?