Hi all,
I have setup pi-hole on a fresh install of debian 9, and connect my phone to the openvpn server where is pi-hole installed. I have made a traditional install, i mean without docker.
Here is my debug logs [✓] Your debug token is: m1lsavlmx5
I think the problem is:
[code][✗] dnsmasq daemon is inactive[/code[✗] dnsmasq daemon is inactive]
I hope someone can help me.
Best regards.
In V4.0, dnsmasq is embedded in pihole-FTL, and dnsmasq no longer runs as a separate process. The debug log will show dnsmasq as either failed or inactive.
pihole-FTL is running on port 53 in place of dnsmasq:
*** [ DIAGNOSING ]: Ports in use
...
*:53 pihole-FTL (IPv4)
*:53 pihole-FTL (IPv6)
https://docs.pi-hole.net/ftldns/dns-resolver/
Your debug log shows that Pi-Hole is blocking domains:
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] staticnode23932.win is 0.0.0.0 via localhost (127.0.0.1)
[✓] staticnode23932.win is 0.0.0.0 via Pi-hole (92.222.72.77)
[✓] doubleclick.com is 216.58.209.238 via a remote, public DNS server (8.8.8.8)
The problem appears to lie in your network/VPN configuration. The requests from the clients are not getting to the Pi_hole. Look at the IP addresses assigned below:
[i] Default IPv4 gateway: 92.222.64.1
* Pinging 92.222.64.1...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)
*** [ DIAGNOSING ]: Setup variables
PIHOLE_INTERFACE=tun0
IPV4_ADDRESS=92.222.72.77/32
-rw-r--r-- 1 root root 42 Nov 13 13:25 /etc/pihole/local.list
92.222.72.77 network
92.222.72.77 pi.hole
Do you have Pi-Hole configured to listen on all interfaces, permit all origins?
I gona setup a new install because i have try so many thing ...
My advice - setup the Pi-Hole and get it running on your network.
Then, after it is running properly and serving your network clients, add the VPN service.
One thing at a time, or if it doesn't work somewhere along they way you won't know what caused the problem.
Ok i will do like this :
Thx for the help @jfb
i can't tell you that this is the correct interface. After you setup the VPS, when you install Pi-Hole you will need to select the correct interface for the assigned IP address.
Ok, i see so for sure i dont setup pi-hole on tun0 ?
You set up Pi-Hole on the active IP address and interface of the VPS, whichever that is for your VPS setup.
Ok, i whas realy wrong so.
I whas installing the vps -> vpn and at the end pi-hole on tun0
Gona try your way, bring back.
Thx.
If your VPS is publicly acessible, you do want to put on the VPN prior to installing Pi-Hole, or you'll be making an open DNS resolver. That is not a desired outcome.
New install without vpn for the moment. Installer on ipv4 and v6
[✓] Your debug token is: mgmcaksjiw
Your Pi-Hole is working but you have created an open resolver. You should get that secured behind a VPN immediately.
Here is my dig to your public IP of the VPS:
google.com @{Your Public IP}
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39527
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 212 IN A 216.58.215.46
;; Query time: 154 msec
;; SERVER: {Your Public IP}#53({Your Public IP})
;; WHEN: Tue Nov 13 12:52:13 CST 2018
;; MSG SIZE rcvd: 55
Sorry for this "noob" question but how i can secure that ?
Behind a vpn ? you mean install the vpn and setup pihole on this card ?
Edit: Can i block or just allow some port in ufw/iptables ?
Behind a VPN.
Where is your VPS hosted?
Ovh france
Which card are you referring to here?
Whas a bad question, the good one is, how to not be a openresolver ?
To avoid having an open resolver, do not install Pi-Hole on any device that is either (1) not protected behind a firewall or router, or (2) not access controlled by a VPN.
A typical home user installs Pi-Hole on a Pi or other similar SBC that is behind their network router, hidden from the internet by the router.
nothing i can do with iptables or ufw ?
You can improve security with those things, but a VPN is the best option.