Dnsmasq wants to listen on upstream server IPs

System: Raspberry PI4B 8Gb
Version: Debian 12.6

Functioning PiHole v5 as a "fresh" bare metal install upgraded to v6 per instructions.

I run both knot-resolver and unbound on loopback addresses (127.0.1.1, 127.0.1.2, ::13, ::14).

This works fine in 5.x, but in 6.x something seems to be wonky around how DNSMASQ converted it's settings.

Debug Link

Within the WebUI or by command line I can set:

hostsdir=/etc/pihole/hosts

# Don't read /etc/resolv.conf. Get upstream servers only from the configuration
no-resolv

# DNS port to be used
port=53

# List of upstream DNS server
server=127.0.1.1
server=127.0.1.2
server=::13
server=::14

# Bind to one interface
interface=eth0
bind-interfaces

and resolving names works on those IPs.

However, the WebUI reports: "DNS Server Failure" and the logs show:

2024-08-29 11:54:11.411 CDT [837M] INFO: Parsed config file /etc/pihole/pihole.toml successfully
2024-08-29 11:54:11.423 CDT [837M] INFO: PID of FTL process: 837
2024-08-29 11:54:11.426 CDT [837M] INFO: listening on 192.168.144.14 port 53
2024-08-29 11:54:11.426 CDT [837M] INFO: listening on eth0(#2): 192.168.144.14 port 53
2024-08-29 11:54:11.426 CDT [837M] INFO: listening on 192.168.144.13 port 53
2024-08-29 11:54:11.426 CDT [837M] INFO: listening on eth0(#2): 192.168.144.13 port 53
2024-08-29 11:54:11.427 CDT [837M] CRIT: Error in dnsmasq configuration: failed to create listening socket for 127.0.1.2: Address in use
2024-08-29 11:54:11.446 CDT [837M] INFO: PID of FTL process: 837
2024-08-29 11:54:11.450 CDT [837M] INFO: Database version is 19
2024-08-29 11:54:11.452 CDT [837M] INFO: Database successfully initialized
2024-08-29 11:54:12.148 CDT [837M] INFO: Imported 26922 queries from the on-disk database (it has 225071 rows)
2024-08-29 11:54:12.148 CDT [837M] INFO: Parsing queries in database
2024-08-29 11:54:12.273 CDT [837M] INFO: 10000 queries parsed...
2024-08-29 11:54:12.357 CDT [837M] INFO: 20000 queries parsed...
2024-08-29 11:54:12.512 CDT [837M] INFO: Imported 26922 queries from the long-term database
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Total DNS queries: 26922
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Cached DNS queries: 3572
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Forwarded DNS queries: 7073
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Blocked DNS queries: 15829
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Unknown DNS queries: 0
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Unique domains: 945
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Unique clients: 30
2024-08-29 11:54:12.512 CDT [837M] INFO: -> DNS cache records: 2289
2024-08-29 11:54:12.512 CDT [837M] INFO: -> Known forward destinations: 4
2024-08-29 11:54:12.518 CDT [837M] INFO: FTL is running as user pihole (UID 999)
2024-08-29 11:54:12.519 CDT [837M] INFO: Reading certificate from /etc/pihole/tls.pem ...
2024-08-29 11:54:12.520 CDT [837M] INFO: Using SSL/TLS certificate file /etc/pihole/tls.pem
2024-08-29 11:54:12.522 CDT [837M] INFO: Restored 1 API session from the database
2024-08-29 11:54:16.524 CDT [837/T859] INFO: Received 8/8 valid NTP replies from 192.168.144.11
2024-08-29 11:54:16.524 CDT [837/T859] INFO: Time offset: 1.903402e+04 ms (excluded 1 outliers)
2024-08-29 11:54:16.524 CDT [837/T859] INFO: Round-trip delay: 1.847403e-01 ms (excluded 1 outliers)

Weirdly, I also get this from the status query:

$ sudo pihole status
[✓] FTL is listening on port 53
[✓] UDP (IPv4)
[✓] TCP (IPv4)
[✓] UDP (IPv6)
[✓] TCP (IPv6)

[✓] Pi-hole blocking is enabled

Even though attempting a dig to the private IP times out:

$ dig @192.168.144.13 www.google.com
;; communications error to 192.168.144.13#53: timed out

I also spot in the debug output that PiHole is trying to attach to wlan0, even though I have disabled /not configured that connection.

In the v5 config, I did set interface binding and it looks like that was brought over into v6 with:

interface = "eth0" ### CHANGED, default = ""
listeningMode = "BIND" ### CHANGED, default = "LOCAL"

in /etc/pihole/pihole.toml

What did I miss?

You have a file called /etc/dnsmasq.d/99-ipbinding.conf - is it essential to how your Pi-hole should bind to its interfaces? Note that we do not source /etc/dnsmasq.d config files by default in v6 to avoid conflicts as good as possible. You can change this behavior by setting

  # Should FTL load additional dnsmasq configuration files from /etc/dnsmasq.d/?
  etc_dnsmasq_d = true

in /etc/pihole.toml, e.g. using

sudo pihole-FTL --config misc.etc_dnsmasq_d true

If that's not enough, please run

cat /etc/pihole/dnsmasq.conf | pihole tricorder

and provide the token so we can have a look into your config file.

Loading the legacy dnsmasq configs worked and it's up and running!

The file /etc/dnsmasq.d/99-ipbinding.conf contains:

$ cat /etc/dnsmasq.d/99-ipbinding.conf
except-interface=lo
listen-address=192.168.144.13
listen-address=fde4:b3e2:db9e:1000::13
bind-interfaces

The only thing I see that is not in the new config file is the except-interface statement.

If there is an option to set this and it's just not listed /documented, feel free to send me the clue-by-four so I can drop the legacy config loading.

Thank you!

There is indeed no way to add except-interfaces=... lines using the standard configuration. Most often, users want Pi-hole to listen on all interfaces and offer other services such as an upstream unbound on a different port instead.

Seems to me that a custom config file like yours is the way to go with your particular requirements!

Well darn - I was hoping there was a "cleaner" way.

Maybe once it goes RTM that will be an available option.

Thanks for the help and quick response!