DNS working but items not getting blocked

#1

Hi, having some issues since updating to v4.0

Expected Behaviour:

Sites in blocklists and blacklisted sites should be blocked.

Actual Behaviour:

Everything is allowed. seeing DNS requests in the query log. Add the DNS to blacklist from query log. DNS query still allowed.

Debug Token:

rm3qltvkfp

Additional info

Running a Synology
Current DSM version:
DSM 6.2-23739 Update 2
Model
DS1513+

Tried a pihole -r and repair with no luck.

root@DiskStation02:/# pihole -c -j && curl 192.168.1.6:8080/admin/api.php?summaryRaw
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.utf8)
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.utf8)
{"domains_being_blocked":129476,"dns_queries_today":8875,"ads_blocked_today":0,"ads_percentage_today":0.000000}
{"domains_being_blocked":129476,"dns_queries_today":8875,"ads_blocked_today":0,"ads_percentage_today":0,"unique_domains":1885,"queries_forwarded":6185,"queries_cached":2690,"clients_ever_seen":12,"unique_clients":12,"status":"enabled","gravity_last_updated":{"file_exists":true,"absolute":1539447315,"relative":{"days":"4","hours":"18","minutes":"26"}}}


root@DiskStation02:/# dnsmasq -v
Dnsmasq version 2.72  Copyright (c) 2000-2014 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect

root@DiskStation02:/# cat  /etc/resolv.conf
nameserver 127.0.0.1


root@DiskStation02:/# ls -lh /var/log/pihole.log
-rw-r--r-- 1 pihole pihole 2.3M Oct 18 21:49 /var/log/pihole.log

root@DiskStation02:/# cat /etc/issue
Debian GNU/Linux 8 \n \l

root@DiskStation02:/# cat /etc/*release
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian


root@DiskStation02:/# uname -a
Linux DiskStation02 3.10.105 #23739 SMP Wed Jun 20 22:40:01 CST 2018 x86_64 GNU/Linux

Any advice on how I can troubleshoot this further would be great.
Thanks!

0 Likes

#2

Make sure your devices are only using Pi-hole. If they have another DNS listed, some of their queries will be sent through the other server and won’t be blocked.

0 Likes

#3

I forced DNS to only go via pihole while doing the above testing.

Queries are going via pi hole as I can see them in the log.

0 Likes

#4

Share the lines in the log (/var/log/pihole.log) where you see blocked queries not getting blocked. Also make a new debug token.

0 Likes

#5

Debug token - xpqpmu3ktv

Added www.theage.com.au to my blacklist.

root@DiskStation02:/# cat /var/log/pihole.log|grep theage.com.au

Oct 27 21:46:12 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 27 21:46:12 dnsmasq[26061]: forwarded www.theage.com.au to 1.0.0.1
Oct 27 21:46:12 dnsmasq[26061]: reply www.theage.com.au is <CNAME>
Oct 27 21:47:27 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 27 21:47:27 dnsmasq[26061]: forwarded www.theage.com.au to 1.1.1.1
Oct 27 21:47:27 dnsmasq[26061]: reply www.theage.com.au is <CNAME>
0 Likes

#7

You are not fully updated to V4. Your FTL version is a few versions behind. The current version of FTL is V4.0.

*** [ DIAGNOSING ]: FTL version
[✓] FTL: v2.13.2 (How do I update Pi-hole?)

Run the following steps to attempt to update your Pi-Hole install:

sudo nano /etc/resolv.conf

Change 127.0.0.1 to 1.1.1.1, save and exit

pihole -up

0 Likes

#8

Debug token
1ddbgtiu4f

Updated FTL

Updated resolv.conf

root@DiskStation02:/# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 1.1.1.1


root@DiskStation02:/# cat /var/log/pihole.log|grep theage.com.au
Oct 28 11:11:32 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 28 11:11:32 dnsmasq[26061]: forwarded www.theage.com.au to 1.0.0.1
Oct 28 11:11:32 dnsmasq[26061]: reply www.theage.com.au is <CNAME>
Oct 28 11:11:32 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 28 11:11:32 dnsmasq[26061]: cached www.theage.com.au is <CNAME>
Oct 28 21:39:52 dnsmasq[26061]: query[A] www.theage.com.au from 192.168.1.151
Oct 28 21:39:52 dnsmasq[26061]: forwarded www.theage.com.au to 1.0.0.1
Oct 28 21:39:52 dnsmasq[26061]: reply www.theage.com.au is <CNAME>

Still no luck :frowning:

0 Likes

#10

With Pi-Hole V4, dnsmasq in embedded in pihole-FTL, and dnsmasq no longer runs as a separate process. pihole-FTL should be on port 53.

Your debug log shows that dnsmasq is on port 53, which is keeping FTL from listening on this port.

sudo service dnsmasq stop
sudo service dnsmasq disable
sudo service pihole-FTL restart

And if you choose to completely remove dnsmasq:

sudo apt-get remove dnsmasq

1 Like

#11

Thank you so much!

That worked.

Needed to also have the daemon run as root for the Synology.

/etc/init.d/pihole-FTL

#su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
/usr/bin/pihole-FTL
0 Likes

closed #12

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

0 Likes