FTL not starting

shaunb27 · January 14, 2019, 12:43am

Please follow the below template, it will help us to help you!

Expected Behaviour:

DNS to start and block ads

Actual Behaviour:

Worked fine for 2 weeks then FTL randomly stopped working. No server reboot or service resets had been performed. /etc/resolv.conf only has 1.1.1.1 and is locked via "sudo chattr +i /etc/resolv.conf"
Lubuntu 18.10 via Docker image: pihole/pihole:latest

Debug Token:

bn5bgcxxkg

DanSchaper · January 14, 2019, 12:49am

Do these notes help with the situation?

shaunb27 · January 14, 2019, 1:03am

Yes it's now up BUT after the config changes I'm seeing:

WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server,
WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 127.0.0.11),

And for every list:

[i] Target: mirror1.malwaredomains.com (justdomains),
  [i] Status: Pending...
  [✗] Status: mirror1.malwaredomains.com is blocked by https://v.firebog.net/hosts/lists.php?type=nocross. Using DNS on 192.231.203.132 to download https://mirror1.malwaredomains.com/files/justdomains,
  [i] Status: Pending...
  [✓] Status: No changes detected,
,
  [i] Target: sysctl.org (hosts),
  [i] Status: Pending...
  [✗] Status: sysctl.org is blocked by https://v.firebog.net/hosts/lists.php?type=nocross. Using DNS on 192.231.203.132 to download http://sysctl.org/cameleon/hosts,
  [i] Status: Pending...
  [✓] Status: No changes detected,
,
  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist),
  [i] Status: Pending...
  [✗] Status: zeustracker.abuse.ch is blocked by https://v.firebog.net/hosts/lists.php?type=nocross. Using DNS on 192.231.203.132 to download https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist,
  [i] Status: Pending...
  [✗] Status: https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist (500000),
  [✗] List download failed: using previously cached list,
,
  [i] Target: s3.amazonaws.com (simple_tracking.txt),
  [i] Status: Pending...
  [✓] Status: No changes detected,

etc.

EDIT: changes added to docker-compose.yml:

cap_add:
  - NET_ADMIN
dns:
  - 127.0.0.1
  - 1.1.1.1

DanSchaper · January 14, 2019, 1:22am

With the file chattr'd it will not be updated with the two dns lines or the cli command shown in the readme.

shaunb27 · January 14, 2019, 1:45am

I locked it as network-manager would auto edit the file.
After unlock I still receive the same errors, even if I manually add 1.1.1.1 and 127.0.0.1.

DanSchaper · January 14, 2019, 1:54am

Thanks, @diginc, can you help me out on this?

shaunb27 · January 14, 2019, 2:08am

Note, I locked the host Lubuntu OS /etc/resolv.conf, not the one located within the docker image.
Looking at the complaint, it actually looks like it's the docker image /etc/resolv.conf that's the issue:

root@pihole:/# cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0

Not sure what to do about this file.

diginc · January 14, 2019, 2:21am

dns:
  - 127.0.0.1
  - 1.1.1.1

Adding these should modify your /etc/resolv.conf inside the container assuming you're not using --net=host.

Check with docker run pihole cat /etc/resolv.conf

shaunb27 · January 14, 2019, 2:43am

I've removed container and image and then redownloaded the docker image with no change. I'm not using net=host.

shaunb27 · January 14, 2019, 10:30pm

A small update that if I swap the DNS lines around the list updates now work, but the WARNINGS still occur.

cap_add:
  - NET_ADMIN
dns:
  - 1.1.1.1
  - 127.0.0.1

WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server
WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 127.0.0.11)
nameserver 127.0.0.11
options ndots:0

So yeah, Pihole isn't configuring the container's /etc/resolv.conf

EDIT: New debug if interested: 2z244wxvgd

shaunb27 · January 21, 2019, 10:37pm

That's been done (see above and below), but errors still remain.

diginc · January 22, 2019, 3:26pm

github.com/pi-hole/docker-pi-hole

Issue with running Pi-hole 4.1.1 in swarm (--cap-add)

opened 03:07PM - 14 Jan 19 UTC

shanekorbel

**In raising this issue, I confirm the following:** `{please fill the checkboxes…, e.g: [X]}` - [X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [X] The issue I am reporting can be *replicated*. - [X] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pi-hole/pi-hole/wiki/FAQs), [closed issues](https://github.com/pi-hole/pi-hole/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), and [open issues](https://github.com/pi-hole/pi-hole/issues)). **How familiar are you with the the source code relevant to this issue?:** `{1}` --- **Expected behaviour:** `{Up until 4.1.1 I have been running pihole as a docker swarm service on a x64 linux cluster running ubuntu 16.04 (five node swarm). This required a little modifying of the normal install, but only in how to start up the image, no real functionality changes. This has allowed me to scale pihole to 2 replicas for redundancy and be able to allow pihole to run on any of the five hosts in the swarm should one fail. }` **Actual behaviour:** `{Once i pulled the latest image (4.1.1) my service would no longer boot at all. I even removed my service and reset it up thinking it was something I accidently changed since i was trying to also configure placement preferences. Eventually it led me to the image repository and i noticed changes were made that required flags be added that are not allowed in swarm. > Starting with the v4.1.1 release your Pi-hole container may encounter issues starting the DNS service unless ran with the following settings: > > --cap-add=NET_ADMIN This previously optional argument is now required or strongly encouraged > Starting in a future version FTL DNS is going to check this setting automatically > --dns=127.0.0.1 --dns=1.1.1.1 The second server can be any DNS IP of your choosing, but the first dns must be 127.0.0.1 > A WARNING stating "Misconfigured DNS in /etc/resolv.conf" may show in docker logs without this. > These are the raw docker run cli versions of the commands. We provide no official support for docker GUIs but the community forums may be able to help if you do not see a place for these settings. Remember, always consult your manual too! }` **Steps to reproduce:** `{I realize this is somewhat of a special config since running pihole as docker service is not the way it is typically ran, however swarm and compose are very similar in most regards other then the issue i found... After some testing and having my service run a prior image, i have concluded that **--cap-add=NET_ADMIN** is the culprit that breaks pihole running as a service. I can see that --cap-add is not supported in swarm for security reasons and docker/moby says "it's being worked on" but it has been two+ years of "working on it". Since this is not standard i'm willing to work with how to better articulate the issue if it is not clear or setup any sort of demo of the issue. }` **Debug token provided by [uploading `pihole -d` log](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738#debug):** `{Service will not start, debug token unavailable.}` **Troubleshooting undertaken, and/or other relevant information:** `{setting my image to 4.1 solves the issue and lets the service startup, i fear though, that --cap-add won't be supported in the near or even medium future and therefore i will be stuck on a old image that may or may not have issues in the future with compatibility. docker service inspect pihole: { "AppArmorProfile": "docker-default", "Args": [], "Config": { "ArgsEscaped": true, "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": null, "Domainname": "", "Entrypoint": [ "/s6-init" ], "Env": [ "WEBPASSWORD=<REDACTED>", "TZ=Eastern", "IPv6=False", "ServerIP=127.0.0.1", "DNS1=1.1.1.1", "DNS2=1.0.0.1", "PATH=/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "S6OVERLAY_RELEASE=https://github.com/just-containers/s6-overlay/releases/download/v1.21.7.0/s6-overlay-amd64.tar.gz", "PIHOLE_INSTALL=/root/ph_install.sh", "PHP_ENV_CONFIG=/etc/lighttpd/conf-enabled/15-fastcgi-php.conf", "PHP_ERROR_LOG=/var/log/lighttpd/error.log", "S6_LOGGING=0", "S6_KEEP_ENV=1", "S6_BEHAVIOUR_IF_STAGE2_FAILS=2", "FTL_CMD=debug", "VERSION=v4.1", "ARCH=amd64" ], "ExposedPorts": { "443/tcp": {}, "53/tcp": {}, "53/udp": {}, "67/udp": {}, "80/tcp": {} }, "Healthcheck": { "Test": [ "CMD-SHELL", "dig @127.0.0.1 pi.hole || exit 1" ] }, "Hostname": "HPC2", "Image": "pihole/pihole:4.1@sha256:3c165a8656d22b75ad237d86ba3bdf0d121088c144c0b2d34a0775a9db2048d7", "Labels": { "com.docker.swarm.node.id": "qkldc61gsxbqniii2rpkqjwlb", "com.docker.swarm.service.id": "4ym908jc96qxvqnxuczn48mlh", "com.docker.swarm.service.name": "pihole", "com.docker.swarm.task": "", "com.docker.swarm.task.id": "nb9cs1ietpry76pxdqf6acolj", "com.docker.swarm.task.name": "pihole.1.nb9cs1ietpry76pxdqf6acolj", "image": "pihole/pihole:v4.1_amd64", "maintainer": "adam@diginc.us", "url": "https://www.github.com/pi-hole/docker-pi-hole" }, "OnBuild": null, "OpenStdin": false, "StdinOnce": false, "Tty": false, "User": "", "Volumes": null, "WorkingDir": "" }, "Created": "2019-01-14T14:14:46.320931851Z", "Driver": "overlay2", "ExecIDs": [ "8b81d48090e6d2cb05f7b79c8b1c70377680ca98fc20e7b5049e093252affa4f", "ab6630a1ccff10ae554acac07fd365d031e5621c9bf8088ed362ecdf6605f0e7" ], "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/7a7e3c7c9dd580732dbb4e248812fe156f454846d4adfcec1590a1148d56f5a7-init/diff:/var/lib/docker/overlay2/e4411ae9935a55823ed2e088892172b3ca26eccb18c12ad4f1d5ca797562f6c9/diff:/var/lib/docker/overlay2/f8acc507dc6e36cea4a286b4d3342aec43a53e38c3b0432f269abd4f1941bc0c/diff:/var/lib/docker/overlay2/bd4ce6bcd15554f56994abae241c770df8ac35fa02e17d5535e35fb13d3cdac3/diff:/var/lib/docker/overlay2/f9eb95e392611ec5b7fe11292e60be4f7a752c23455977f74a1a7965305e1d85/diff:/var/lib/docker/overlay2/b9787676c7ff67d298173c596bf712c81ec9b76b9c76ab5b404e8cae0b4f802d/diff:/var/lib/docker/overlay2/a686ee271505c41b38fd3b6a14a33d24dbc573166cf43f14c31753d997b78230/diff:/var/lib/docker/overlay2/73b4f186c76919a4ab386630bdd895eb12f522fb0899af5ff34ff958ec51bd88/diff:/var/lib/docker/overlay2/e6962d8e85bacab08f8912263a1b36152245f249de77577ebb633befd14aa9e9/diff:/var/lib/docker/overlay2/db004dda0cee0d98f4e691e1bcfc340d88e8e8a9946771c0c531381cec4d6954/diff:/var/lib/docker/overlay2/bbc8131790dadd3afe9f405fe55ebe92e38a6a619f337961e6c6b7412281282f/diff", "MergedDir": "/var/lib/docker/overlay2/7a7e3c7c9dd580732dbb4e248812fe156f454846d4adfcec1590a1148d56f5a7/merged", "UpperDir": "/var/lib/docker/overlay2/7a7e3c7c9dd580732dbb4e248812fe156f454846d4adfcec1590a1148d56f5a7/diff", "WorkDir": "/var/lib/docker/overlay2/7a7e3c7c9dd580732dbb4e248812fe156f454846d4adfcec1590a1148d56f5a7/work" }, "Name": "overlay2" }, "HostConfig": { "AutoRemove": false, "Binds": null, "BlkioDeviceReadBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceWriteIOps": null, "BlkioWeight": 0, "BlkioWeightDevice": null, "CapAdd": null, "CapDrop": null, "Cgroup": "", "CgroupParent": "", "ConsoleSize": [ 0, 0 ], "ContainerIDFile": "", "CpuCount": 0, "CpuPercent": 0, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpuShares": 0, "CpusetCpus": "", "CpusetMems": "", "DeviceCgroupRules": null, "Devices": null, "DiskQuota": 0, "Dns": null, "DnsOptions": null, "DnsSearch": null, "ExtraHosts": [ "HPC1:172.16.0.191", "HPC2:172.16.0.192", "HPC3:172.16.0.193", "HPC4:172.16.0.194", "HPC5:172.16.0.195" ], "GroupAdd": null, "IOMaximumBandwidth": 0, "IOMaximumIOps": 0, "IpcMode": "shareable", "Isolation": "default", "KernelMemory": 0, "Links": null, "LogConfig": { "Config": {}, "Type": "json-file" }, "MaskedPaths": [ "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware" ], "Memory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "Mounts": [ { "Source": "/etc/pihole", "Target": "/etc/pihole", "Type": "bind" }, { "Source": "/etc/dnsmasq.d", "Target": "/etc/dnsmasq.d", "Type": "bind" }, { "Source": "/etc/hosts", "Target": "/etc/hosts", "Type": "bind" } ], "NanoCpus": 0, "NetworkMode": "default", "OomKillDisable": false, "OomScoreAdj": 0, "PidMode": "", "PidsLimit": 0, "PortBindings": {}, "Privileged": false, "PublishAllPorts": false, "ReadonlyPaths": [ "/proc/asound", "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ], "ReadonlyRootfs": false, "RestartPolicy": { "MaximumRetryCount": 0, "Name": "" }, "Runtime": "runc", "SecurityOpt": null, "ShmSize": 67108864, "UTSMode": "", "Ulimits": null, "UsernsMode": "", "VolumeDriver": "", "VolumesFrom": null }, "HostnamePath": "/var/lib/docker/containers/724d84a1d0424866984fd3d5e1063a49372b98ac617e6da776d7d3d15597b8ad/hostname", "HostsPath": "/etc/hosts", "Id": "724d84a1d0424866984fd3d5e1063a49372b98ac617e6da776d7d3d15597b8ad", "Image": "sha256:d2cae28ed1651910f7a2317594bd6d566cda90613eb3911cde92860630f81d95", "LogPath": "/var/lib/docker/containers/724d84a1d0424866984fd3d5e1063a49372b98ac617e6da776d7d3d15597b8ad/724d84a1d0424866984fd3d5e1063a49372b98ac617e6da776d7d3d15597b8ad-json.log", "MountLabel": "", "Mounts": [ { "Destination": "/etc/pihole", "Mode": "", "Propagation": "rprivate", "RW": true, "Source": "/etc/pihole", "Type": "bind" }, { "Destination": "/etc/dnsmasq.d", "Mode": "", "Propagation": "rprivate", "RW": true, "Source": "/etc/dnsmasq.d", "Type": "bind" }, { "Destination": "/etc/hosts", "Mode": "", "Propagation": "rprivate", "RW": true, "Source": "/etc/hosts", "Type": "bind" } ], "Name": "/pihole.1.nb9cs1ietpry76pxdqf6acolj", "NetworkSettings": { "Bridge": "", "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "HairpinMode": false, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "MacAddress": "", "Networks": { "ingress": { "Aliases": [ "724d84a1d042" ], "DriverOpts": null, "EndpointID": "f8ee7b5f03473fd0b62c8e2ca6fbd142b02e7c3a0d86f50e86e4c5df39c6b2f1", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": { "IPv4Address": "10.255.1.179" }, "IPAddress": "10.255.1.179", "IPPrefixLen": 16, "IPv6Gateway": "", "Links": null, "MacAddress": "02:42:0a:ff:01:b3", "NetworkID": "szxnv7y1azs975wkgra7mc18s" } }, "Ports": { "443/tcp": null, "53/tcp": null, "53/udp": null, "67/udp": null, "80/tcp": null }, "SandboxID": "d55da5cd2e11a3d5c62a689e24d17deaed2aac729c4db74633488609fe3fe8ad", "SandboxKey": "/var/run/docker/netns/d55da5cd2e11", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null }, "Path": "/s6-init", "Platform": "linux", "ProcessLabel": "", "ResolvConfPath": "/var/lib/docker/containers/724d84a1d0424866984fd3d5e1063a49372b98ac617e6da776d7d3d15597b8ad/resolv.conf", "RestartCount": 0, "State": { "Dead": false, "Error": "", "ExitCode": 0, "FinishedAt": "0001-01-01T00:00:00Z", "Health": { "FailingStreak": 0, "Log": [ { "End": "2019-01-14T09:57:37.641382259-05:00", "ExitCode": 0, "Output": "\n; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 pi.hole\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14480\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;pi.hole.\t\t\tIN\tA\n\n;; ANSWER SECTION:\npi.hole.\t\t2\tIN\tA\t127.0.0.1\n\n;; Query time: 0 msec\n;; SERVER: 127.0.0.1#53(127.0.0.1)\n;; WHEN: Mon Jan 14 14:57:37 Eastern 2019\n;; MSG SIZE rcvd: 52\n\n", "Start": "2019-01-14T09:57:37.39541478-05:00" }, { "End": "2019-01-14T09:58:07.820750563-05:00", "ExitCode": 0, "Output": "\n; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 pi.hole\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8257\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;pi.hole.\t\t\tIN\tA\n\n;; ANSWER SECTION:\npi.hole.\t\t2\tIN\tA\t127.0.0.1\n\n;; Query time: 0 msec\n;; SERVER: 127.0.0.1#53(127.0.0.1)\n;; WHEN: Mon Jan 14 14:58:07 Eastern 2019\n;; MSG SIZE rcvd: 52\n\n", "Start": "2019-01-14T09:58:07.651049203-05:00" }, { "End": "2019-01-14T09:58:38.046312332-05:00", "ExitCode": 0, "Output": "\n; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 pi.hole\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23608\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;pi.hole.\t\t\tIN\tA\n\n;; ANSWER SECTION:\npi.hole.\t\t2\tIN\tA\t127.0.0.1\n\n;; Query time: 0 msec\n;; SERVER: 127.0.0.1#53(127.0.0.1)\n;; WHEN: Mon Jan 14 14:58:37 Eastern 2019\n;; MSG SIZE rcvd: 52\n\n", "Start": "2019-01-14T09:58:37.830246755-05:00" }, { "End": "2019-01-14T09:59:08.194864943-05:00", "ExitCode": 0, "Output": "\n; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 pi.hole\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22643\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;pi.hole.\t\t\tIN\tA\n\n;; ANSWER SECTION:\npi.hole.\t\t2\tIN\tA\t127.0.0.1\n\n;; Query time: 0 msec\n;; SERVER: 127.0.0.1#53(127.0.0.1)\n;; WHEN: Mon Jan 14 14:59:08 Eastern 2019\n;; MSG SIZE rcvd: 52\n\n", "Start": "2019-01-14T09:59:08.055375217-05:00" }, { "End": "2019-01-14T09:59:38.337787788-05:00", "ExitCode": 0, "Output": "\n; <<>> DiG 9.10.3-P4-Debian <<>> @127.0.0.1 pi.hole\n; (1 server found)\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17238\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 4096\n;; QUESTION SECTION:\n;pi.hole.\t\t\tIN\tA\n\n;; ANSWER SECTION:\npi.hole.\t\t2\tIN\tA\t127.0.0.1\n\n;; Query time: 0 msec\n;; SERVER: 127.0.0.1#53(127.0.0.1)\n;; WHEN: Mon Jan 14 14:59:38 Eastern 2019\n;; MSG SIZE rcvd: 52\n\n", "Start": "2019-01-14T09:59:38.203771777-05:00" } ], "Status": "healthy" }, "OOMKilled": false, "Paused": false, "Pid": 377, "Restarting": false, "Running": true, "StartedAt": "2019-01-14T14:14:51.821691216Z", "Status": "running" } } }`