Please follow the below template, it will help us to help you!
If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.
Expected Behaviour:
dnsmasq should bind only to eth0.
Hardware: Raspberry Pi
OS: buster
Actual Behaviour:
It is attempting to binding to both eth0 and eth0:1. I have a bind 9 running on eth0:1.
Debug Token:
I shut down my bind 9 so that pihole will start.
root@pihole2:/etc/dnsmasq.d# netstat -an | grep LIST | grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.2.23:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.2.24:53 0.0.0.0:* LISTEN (should not try to listen on this address)
tcp6 0 0 ::1:53 :::* LISTEN
tcp6 0 0 fe80::23cf:e782:4e32:53 :::* LISTEN
There is a known dnsmasq bug we inherit that specifically listening on a "real" device that also has an "alias" on it leads to actually listening on both. I thought bind-interfaces mode would not be affected but I may be wrong.
Do you see a warning like "using interface eth0 instead" in the Pi-hole diagnosis system (or in /var/log/pihole.log if that's easier to check for you)?
No, I don't see that message anywhere.
eth0 is 192.168.2.23 what pihole is supposed to listen on.
eth0:0 is 192.168.2.24 is my local dns for branditianna.net and 192.168.2.0/24
I did move it to eth0:1 to make sure that it wasn't confused by the 0:0. No change.
Logs from failed startup.
Original failure from /var/log/syslog after updgrade
Dec 30 19:00:12 pihole2 pihole-FTL[671]: dnsmasq: failed to create listening socket for 192.168.2.24: Address already in use
Dec 30 19:00:12 pihole2 dnsmasq[696]: failed to create listening socket for 192.168.2.24: Address already in use
Dec 30 19:00:12 pihole2 dnsmasq[696]: FAILED to start up
Dec 30 19:00:12 pihole2 systemd[1]: session-c8.scope: Succeeded.
Dec 30 19:00:13 pihole2 systemd[1]: Started LSB: pihole-FTL daemon.
Messages from /var/log/pihole.log.1 after I shutdown my bind 9 listening
on eth0:0
Dec 30 19:14:55 dnsmasq[1153]: started, version pi-hole-2.87test4-6 cachesize 10000
Dec 30 19:14:55 dnsmasq[1153]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Dec 30 19:14:55 dnsmasq[1153]: using nameserver 9.9.9.10#53
Dec 30 19:14:55 dnsmasq[1153]: ignoring nameserver 192.168.2.24 - local interface
Dec 30 19:14:55 dnsmasq[1153]: ignoring nameserver 192.168.2.24 - local interface
Dec 30 19:14:55 dnsmasq[1153]: using only locally-known addresses for onion
Dec 30 19:14:55 dnsmasq[1153]: using only locally-known addresses for bind
Dec 30 19:14:55 dnsmasq[1153]: using only locally-known addresses for invalid
Dec 30 19:14:55 dnsmasq[1153]: using only locally-known addresses for localhost
Dec 30 19:14:55 dnsmasq[1153]: using only locally-known addresses for test
Dec 30 19:14:55 dnsmasq[1153]: read /etc/hosts - 5 addresses
Dec 30 19:14:55 dnsmasq[1153]: read /etc/pihole/custom.list - 2 addresses
Dec 30 19:14:55 dnsmasq[1153]: read /etc/pihole/local.list - 0 addresses
cat setupVars.conf
BLOCKING_ENABLED=true
WEBPASSWORD=xxxxxxx
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.2.23/24
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNSMASQ_LISTENING=bind
PIHOLE_DNS_1=9.9.9.10
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
REV_SERVER=true
REV_SERVER_CIDR=192.168.2.0/24
REV_SERVER_TARGET=192.168.2.18 (changed from 2.24, so that I can run.)
REV_SERVER_DOMAIN=branditianna.net
grep "listening" /var/log/pihole-FTL.log.* | tail
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.688 1311M] listening on 192.168.2.24 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.689 1311M] listening on eth0(#2): 192.168.2.24 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.689 1311M] listening on 192.168.2.23 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.690 1311M] listening on eth0(#2): 192.168.2.23 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.690 1311M] listening on 127.0.0.1 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.691 1311M] listening on lo(#1): 127.0.0.1 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.692 1311M] listening on fe80::23cf:e782:4e32:8134%eth0 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.692 1311M] listening on eth0(#2): fe80::23cf:e782:4e32:8134%eth0 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.693 1311M] listening on ::1 port 53
/var/log/pihole-FTL.log.1:[2021-12-30 20:19:06.694 1311M] listening on lo(#1): ::1 port 53
Ah, dnsmasq cannot tell apart your real interface and alias interface as it seems. I guess 192.168.2.24 is eth0:0, right? This is a tricky configuration, but we should be able to get it done.
in a new file /etc/dnsmasq.d/99-listen-address.conf and set the listening mode on the dashboard to the recommended setting "allow only local requests".
put lines in my 99- file
ran pihole restartdns
Got
root@pihole2:/etc/dnsmasq.d# tail -f /var/log/pihole-FTL.log | grep listening
[2021-12-31 16:18:15.835 14325M] listening on 192.168.2.24 port 53
[2021-12-31 16:18:15.837 14325M] listening on eth0(#2): 192.168.2.24 port 53
[2021-12-31 16:18:15.840 14325M] listening on 192.168.2.23 port 53
[2021-12-31 16:18:15.842 14325M] listening on eth0(#2): 192.168.2.23 port 53
[2021-12-31 16:18:15.845 14325M] listening on 127.0.0.1 port 53
[2021-12-31 16:18:15.847 14325M] listening on lo(#1): 127.0.0.1 port 53
[2021-12-31 16:18:15.850 14325M] listening on fe80::23cf:e782:4e32:8134%eth0 port 53
[2021-12-31 16:18:15.852 14325M] listening on eth0(#2): fe80::23cf:e782:4e32:8134%eth0 port 53
[2021-12-31 16:18:15.855 14325M] listening on ::1 port 53
[2021-12-31 16:18:15.857 14325M] listening on lo(#1): ::1 port 53
cat /etc/pihole/install.log
[✓] Installing scripts from /etc/.pihole
[i] Installing configs from /etc/.pihole...
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone! ************* is this an issue ******
[✓] Installed /etc/dnsmasq.d/01-pihole.conf
[✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
[i] Installing blocking page...
[✓] Creating directory for blocking page, and copying files
[i] Backing up index.lighttpd.html
No default index.lighttpd.html file found... not backing up
[✓] Installing sudoer file
[✓] Installing latest Cron script
[i] Installing latest logrotate script...
[i] Existing logrotate file found. No changes made.
[i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old
[✓] man pages installed and database updated
Can you check all other files in this directory, please?
There should be no interface=... or except-interface=... when using bind-interfaces or we will bind the the mentioned interfaces in addition to the addresses you mentioned above.
If everything is configured correctly, you should only see lines being reported with an address like
root@pihole2:/etc/dnsmasq.d# ls -la
total 20
drwxr-xr-x 2 root root 4096 Dec 31 16:16 .
drwxr-xr-x 87 root root 4096 Dec 30 18:59 ..
-rw-r--r-- 1 root root 1456 Dec 30 19:24 01-pihole.conf
-rw-r--r-- 1 root root 2190 Dec 30 18:59 06-rfc6761.conf
-rw-r--r-- 1 root root 53 Dec 31 16:16 99-my-settings.conf
cat 01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
# #
# ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
log-async
server=9.9.9.10
domain-needed
expand-hosts
bogus-priv
interface=eth0
bind-interfaces
rev-server=192.168.2.0/24,192.168.2.24
server=/branditianna.net/192.168.2.24
cat 06-rfc6761.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# RFC 6761 config file for Pi-hole
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
# #
# CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE #
# WITHIN /etc/dnsmasq.d/yourname.conf #
###############################################################################
# RFC 6761: Caching DNS servers SHOULD recognize
# test, localhost, invalid
# names as special and SHOULD NOT attempt to look up NS records for them, or
# otherwise query authoritative DNS servers in an attempt to resolve these
# names.
server=/test/
server=/localhost/
server=/invalid/
# The same RFC requests something similar for
# 10.in-addr.arpa. 21.172.in-addr.arpa. 27.172.in-addr.arpa.
# 16.172.in-addr.arpa. 22.172.in-addr.arpa. 28.172.in-addr.arpa.
# 17.172.in-addr.arpa. 23.172.in-addr.arpa. 29.172.in-addr.arpa.
# 18.172.in-addr.arpa. 24.172.in-addr.arpa. 30.172.in-addr.arpa.
# 19.172.in-addr.arpa. 25.172.in-addr.arpa. 31.172.in-addr.arpa.
# 20.172.in-addr.arpa. 26.172.in-addr.arpa. 168.192.in-addr.arpa.
# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
# 01-pihole.conf) because this also covers IPv6.
# OpenWRT furthermore blocks bind, local, onion domains
# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
server=/bind/
server=/onion/
cat 99-my-settings.conf
listen-address=192.168.2.23
listen-address=127.0.0.1
I built a new instance of pihole on another raspberry pi with no changes except for the bind only to eth0 checked. The problem was re-created. I then created the 99-listenaddress.conf as you recommended.
This didn't fix it. Following your last instructions, I commented out the interface= in 01-pihole.conf that the gui had added. did a pihole restartdns. At that point the listen on eth0:0 was gone. This follows your last set of instructions. So I have done the same thing now on my original pihole system and was able to then get my bind 9 up and listening on 192.168.2.24 . So the situation is very odd but is now working.
Aug
AG5AT
Glad it is solved now and working as expected. I'd still recommend to set the mode as suggested because the interface=... might otherwise be reinstalled on the next update or repair of Pi-hole.
