DNS working but items not getting blocked

RantyChen · October 18, 2018, 10:57am

Hi, having some issues since updating to v4.0

Expected Behaviour:

Sites in blocklists and blacklisted sites should be blocked.

Actual Behaviour:

Everything is allowed. seeing DNS requests in the query log. Add the DNS to blacklist from query log. DNS query still allowed.

Debug Token:

rm3qltvkfp

Additional info

Running a Synology
Current DSM version:
DSM 6.2-23739 Update 2
Model
DS1513+

Tried a pihole -r and repair with no luck.

root@DiskStation02:/# pihole -c -j && curl 192.168.1.6:8080/admin/api.php?summaryRaw
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.utf8)
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.utf8)
{"domains_being_blocked":129476,"dns_queries_today":8875,"ads_blocked_today":0,"ads_percentage_today":0.000000}
{"domains_being_blocked":129476,"dns_queries_today":8875,"ads_blocked_today":0,"ads_percentage_today":0,"unique_domains":1885,"queries_forwarded":6185,"queries_cached":2690,"clients_ever_seen":12,"unique_clients":12,"status":"enabled","gravity_last_updated":{"file_exists":true,"absolute":1539447315,"relative":{"days":"4","hours":"18","minutes":"26"}}}


root@DiskStation02:/# dnsmasq -v
Dnsmasq version 2.72  Copyright (c) 2000-2014 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect

root@DiskStation02:/# cat  /etc/resolv.conf
nameserver 127.0.0.1


root@DiskStation02:/# ls -lh /var/log/pihole.log
-rw-r--r-- 1 pihole pihole 2.3M Oct 18 21:49 /var/log/pihole.log

root@DiskStation02:/# cat /etc/issue
Debian GNU/Linux 8 \n \l

root@DiskStation02:/# cat /etc/*release
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian


root@DiskStation02:/# uname -a
Linux DiskStation02 3.10.105 #23739 SMP Wed Jun 20 22:40:01 CST 2018 x86_64 GNU/Linux

Any advice on how I can troubleshoot this further would be great.
Thanks!

Mcat12 · October 21, 2018, 5:45pm

Make sure your devices are only using Pi-hole. If they have another DNS listed, some of their queries will be sent through the other server and won't be blocked.

RantyChen · October 26, 2018, 10:50am

I forced DNS to only go via pihole while doing the above testing.

Queries are going via pi hole as I can see them in the log.

Mcat12 · October 26, 2018, 4:05pm

Share the lines in the log (/var/log/pihole.log) where you see blocked queries not getting blocked. Also make a new debug token.

RantyChen · October 27, 2018, 10:49am

Debug token - xpqpmu3ktv

Added www.theage.com.au to my blacklist.

root@DiskStation02:/# cat /var/log/pihole.log|grep theage.com.au

Oct 27 21:46:12 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 27 21:46:12 dnsmasq[26061]: forwarded www.theage.com.au to 1.0.0.1
Oct 27 21:46:12 dnsmasq[26061]: reply www.theage.com.au is <CNAME>
Oct 27 21:47:27 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 27 21:47:27 dnsmasq[26061]: forwarded www.theage.com.au to 1.1.1.1
Oct 27 21:47:27 dnsmasq[26061]: reply www.theage.com.au is <CNAME>

jfb · October 27, 2018, 2:41pm

You are not fully updated to V4. Your FTL version is a few versions behind. The current version of FTL is V4.0.

*** [ DIAGNOSING ]: FTL version
[✓] FTL: v2.13.2 (How do I update Pi-hole?)

Run the following steps to attempt to update your Pi-Hole install:

sudo nano /etc/resolv.conf

Change 127.0.0.1 to 1.1.1.1, save and exit

pihole -up

RantyChen · October 28, 2018, 10:43am

Debug token
1ddbgtiu4f

Updated FTL

Updated resolv.conf

root@DiskStation02:/# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 1.1.1.1


root@DiskStation02:/# cat /var/log/pihole.log|grep theage.com.au
Oct 28 11:11:32 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 28 11:11:32 dnsmasq[26061]: forwarded www.theage.com.au to 1.0.0.1
Oct 28 11:11:32 dnsmasq[26061]: reply www.theage.com.au is <CNAME>
Oct 28 11:11:32 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 28 11:11:32 dnsmasq[26061]: cached www.theage.com.au is <CNAME>
Oct 28 21:39:52 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 28 21:39:52 dnsmasq[26061]: forwarded www.theage.com.au to 1.0.0.1
Oct 28 21:39:52 dnsmasq[26061]: reply www.theage.com.au is <CNAME>

Still no luck

jfb · October 28, 2018, 3:17pm

With Pi-Hole V4, dnsmasq in embedded in pihole-FTL, and dnsmasq no longer runs as a separate process. pihole-FTL should be on port 53.

Your debug log shows that dnsmasq is on port 53, which is keeping FTL from listening on this port.

sudo service dnsmasq stop
sudo service dnsmasq disable
sudo service pihole-FTL restart

And if you choose to completely remove dnsmasq:

sudo apt-get remove dnsmasq

RantyChen · October 29, 2018, 9:47am

Thank you so much!

That worked.

Needed to also have the daemon run as root for the Synology.

/etc/init.d/pihole-FTL

#su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
/usr/bin/pihole-FTL

system · November 19, 2018, 9:47am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.