Dnsmasq not working after last FTL update

root@rpi3:~# sudo /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service

dnsmasq: failed to create listening socket for port 53: Address already in use
root@rpi3:~# ps -e | grep dnsmasq
13014 ? 00:00:00 dnsmasq
root@rpi3:~#

Okay ... try

sudo killall -9 dnsmasq

before trying to start it.

root@rpi3:~# sudo killall -9 dnsmasq
root@rpi3:~# sudo /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
root@rpi3:~# ps -e | grep dnsmasq
13409 ? 00:00:00 dnsmasq
root@rpi3:~#

Okay, so you can start it with this command, but not with the systemd service rules...

Update: systemctl will call a /etc/init.d/dnsmasq systemd-exec which in turn will do

        exec $DAEMON -x /run/dnsmasq/$NAME.pid \
            ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \
            ${MAILTARGET:+ -t $MAILTARGET} \
            ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \
            ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \
            ${DHCP_LEASE:+ -l $DHCP_LEASE} \
            ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \
            ${RESOLV_CONF:+ -r $RESOLV_CONF} \
            ${CACHESIZE:+ -c $CACHESIZE} \
            ${CONFIG_DIR:+ -7 $CONFIG_DIR} \
            ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS}

with a bunch of variables that cannot be checked straightforwardly.

BUT what we can do is going into the file /etc/init.d/dnsmasq and looking for the part of the code I have posted above (should be line 296 in your case). Please put in before this line the following code (it is exactly the same, but echo instead of exec):

        echo $DAEMON -x /run/dnsmasq/$NAME.pid \
            ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \
            ${MAILTARGET:+ -t $MAILTARGET} \
            ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \
            ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \
            ${DHCP_LEASE:+ -l $DHCP_LEASE} \
            ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \
            ${RESOLV_CONF:+ -r $RESOLV_CONF} \
            ${CACHESIZE:+ -c $CACHESIZE} \
            ${CONFIG_DIR:+ -7 $CONFIG_DIR} \
            ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS}

and try again with:

sudo killall -9 dnsmasq
pihole restartdns
systemctl status dnsmasq.service

root@rpi3:~# killall -9 dnsmasq
dnsmasq: no process found
root@rpi3:~# pihole restartdns
Job for dnsmasq.service failed because of unavailable resources or another system error.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
root@rpi3:~# systemctl status dnsmasq.service
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: resources) since Tue 2017-06-06 05:29:13 UTC; 21s ago
Process: 14579 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 14571 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 14563 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 14561 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)

Jun 06 05:29:13 rpi3 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jun 06 05:29:13 rpi3 dnsmasq[14561]: dnsmasq: syntax check OK.
Jun 06 05:29:13 rpi3 dnsmasq[14563]: /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service . 172800 IN DS 1
9036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . 172800 IN DS 20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Jun 06 05:29:13 rpi3 systemd[1]: dnsmasq.service: PID 13409 read from file /run/dnsmasq/dnsmasq.pid does not exist or is a zombie.
Jun 06 05:29:13 rpi3 systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Jun 06 05:29:13 rpi3 systemd[1]: dnsmasq.service: Unit entered failed state.
Jun 06 05:29:13 rpi3 systemd[1]: dnsmasq.service: Failed with result 'resources'.
root@rpi3:~#

root@rpi3:~# systemctl status dnsmasq.service
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: resources) since Tue 2017-06-06 05:42:42 UTC; 15s ago
Process: 14778 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 14771 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 14762 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 14760 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)

Jun 06 05:42:42 rpi3 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jun 06 05:42:42 rpi3 dnsmasq[14760]: dnsmasq: syntax check OK.
Jun 06 05:42:42 rpi3 dnsmasq[14762]: /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service . 172800 IN DS 1
9036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . 172800 IN DS 20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Jun 06 05:42:42 rpi3 systemd[1]: dnsmasq.service: PID file /run/dnsmasq/dnsmasq.pid not readable (yet?) after start-post: No such file or directory
Jun 06 05:42:42 rpi3 systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Jun 06 05:42:42 rpi3 systemd[1]: dnsmasq.service: Unit entered failed state.
Jun 06 05:42:42 rpi3 systemd[1]: dnsmasq.service: Failed with result 'resources'.
root@rpi3:~#

/run/dnsmasq/ is empty

So this is the exact call your system sends to dnsmasq. Let me think where this may come from

PS If you try to run the command I cited above (prefaced with sudo), does dnsmasq start up properly or does it give the same error as in the status report?

It gives the same error. I've checked:

root@rpi3:~# sudo killall -9 dnsmasq
dnsmasq: no process found
root@rpi3:~# sudo pihole restartdns
Job for dnsmasq.service failed because of unavailable resources or another system error.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
root@rpi3:~# sudo systemctl status dnsmasq.service
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS serv
er
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset:
enabled)
Active: failed (Result: resources) since Tue 2017-06-06 06:12:39 U
TC; 15s ago
Process: 15035 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exit
ed, status=0/SUCCESS)
Process: 15028 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (cod
e=exited, status=0/SUCCESS)
Process: 15021 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status
=0/SUCCESS)
Process: 15018 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SU
CCESS)

Jun 06 06:12:38 rpi3 systemd[1]: Starting dnsmasq - A lightweight DHCP and cachi
ng DNS server...
Jun 06 06:12:38 rpi3 dnsmasq[15018]: dnsmasq: syntax check OK.
Jun 06 06:12:38 rpi3 dnsmasq[15021]: /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.p
id -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service .
172800 IN DS 19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32
f24e8fb5 . 172800 IN DS 20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc68
3457104237c7f8ec8d
Jun 06 06:12:39 rpi3 systemd[1]: dnsmasq.service: PID file /run/dnsmasq/dnsmasq.
pid not readable (yet?) after start-post: No such file or directory
Jun 06 06:12:39 rpi3 systemd[1]: Failed to start dnsmasq - A lightweight
DHCP and caching DNS server.
Jun 06 06:12:39 rpi3 systemd[1]: dnsmasq.service: Unit entered failed st
ate.
Jun 06 06:12:39 rpi3 systemd[1]: dnsmasq.service: Failed with result 're
sources'.
root@rpi3:~#

I meant:

sudo dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service . 172800 IN DS 1 9036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . 172800 IN DS 20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d

and if that does not work (what I'd expect), then try:

sudo dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service

second one runs:

root@rpi3:~# sudo killall -9 dnsmasq
root@rpi3:~# sudo dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service . 172800 IN DS 1 9036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . 172800 IN DS 20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d

dnsmasq: junk found in command line
root@rpi3:~# sudo dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
root@rpi3:~# ps -e | grep dnsmasq
15125 ? 00:00:00 dnsmasq
root@rpi3:~#

TY! So we finally identified that is causing your problem (a wrong DNSSEC anchor file). Please do:

cat /usr/share/dns/root.ds | nc tricorder.pi-hole.net 9999

we we can have a look at that file.

root@rpi3:~# cat /usr/share/dns/root.ds | nc tricorder.pi-hole.net 9999
ua9vhfk7qi

Okay, so your file /usr/share/dns/root.ds contains

.	172800	IN	DS	19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
.	172800	IN	DS	20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d

but this is wrong (the formatting is incorrect and the second entry is wrong altogether)!

You can fix this by

echo ". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5" | sudo tee /usr/share/dns/root.ds

The official reference for the DNSSEC trust anchor is here, just so you can be sure that I don't suggest you to insert anything wrong/bad/whatever on your system:

Validating resolvers ought to be able write out a list of current
trust anchors in the format above. Validating resolvers that perform
trust anchor maintenance MUST be able to update their trust anchor
storage.

Example: (ID width rules force text onto two lines)

. 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5

Note: Trust anchor maintenance [RFC5011] and other schemas may
require a different format as timers and other meta data is needed.

Source: draft-ietf-dnsop-dnssec-trust-anchor-04 - DNSSEC Trust Anchor Configuration and Maintenance

You should report this bug somewhere if you find the time...

I fixed anchor file but dns stil is not working
root@rpi3:~# systemctl status dnsmasq.service
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: failed (Result: resources) since Tue 2017-06-06 07:00:22 UTC; 35s ago
Process: 368 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 360 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 344 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 321 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)

Jun 06 07:00:21 rpi3 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jun 06 07:00:21 rpi3 dnsmasq[321]: dnsmasq: syntax check OK.
Jun 06 07:00:22 rpi3 dnsmasq[344]: /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-
service --trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
Jun 06 07:00:22 rpi3 systemd[1]: dnsmasq.service: PID file /run/dnsmasq/dnsmasq.pid not readable (yet?) after start-post: No such file or directory
Jun 06 07:00:22 rpi3 systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Jun 06 07:00:22 rpi3 systemd[1]: dnsmasq.service: Unit entered failed state.
Jun 06 07:00:22 rpi3 systemd[1]: dnsmasq.service: Failed with result 'resources'.
root@rpi3:~#

There's a bug in the Debian Stretch package of dnsmasq that seems to have hit in the last couple of days. For now it's not working across the board until they fix the issue. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860274

1 Like

Did you do pihole restartdns?

Yes. But as DanSchaper wrote there is a bug in dnsmasq version 2.76 in Debian Stretch. I installed dnsmasq v=2.77 from Debian Sid and it helps. Now i see pihole is running. Thanks for Your help and time.