DNSSEC broke network

Raphielh · August 28, 2019, 3:12am

Expected Behaviour:

Pihole should be functioning normally -- assigning IP addresses through DHCP and allowing devices on network to access internet

Actual Behaviour:

Raspberry pi is only device that can access internet

Debug Token:

https://tricorder.pi-hole.net/d9nmdei03y

Under the Settings page -> DNS tab, I checked DNSSEC. After checking, all devices, other than raspberry pi were unable to use internet and after rebooting pi and devices, cannot connect to network. I unchecked the DNSSEC check box but problem still persists.

I found this link "Setting DNSsec even temporarily permanently breaks pihole" which describes the issue I am having, but this person just started over.

I found this reddit post "Help, DNSSEC broke my Pihole" which also describes the same issue, but this person never submitted a debug log.

All I did was click DNSSEC to test it out. On breaking the network, I immediately unchecked and began troubleshooting, but it was too late. I did not find other instances on this discourse of this issue.

Many thanks for the help.

jfb · August 28, 2019, 3:34am

You have some problems shown in your debug log, unrelated to DNSSEC. This is likely why no other device other than the Pi can get DNS resolution.

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the tun0 interface:
   10.8.0.1/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

[✓] IPv6 address(es) bound to the tun0 interface:
   fe80::c079:fbf8:bac6:51b4 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

   ^ Please note that you may have more than one IP address listed.
   As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.

   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.

[i] Default IPv4 gateway: 192.168.1.1
   * Pinging 192.168.1.1...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] www.radioescapades.org is 0.0.0.0 via localhost (127.0.0.1)
[✗] Failed to resolve www.radioescapades.org via Pi-hole (192.168.1.216)
[✓] doubleclick.com is 172.217.9.206 via a remote, public DNS server (8.8.8.8)

Raphielh · September 3, 2019, 5:06pm

Thanks for the help, but I had to start over. I made an attempt to fix the mismatch in setupVars.conf and that did not help. Additionally, now that my new setup is up and running, a debug log reveals the same info under Networking (i.e., IPv4 addresses do not match and gateway did not respond), so that probably wasn't contributing. I will just leave DNSSEC unchecked. Again, many thanks jfb!

-Raphiel

system · September 24, 2019, 5:06pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.