FTLDNS as Local/Internal forward & reverse resolution

#1

I was using dnsmasq for forward and reverse local resolution but now that’s gone…

I have my /etc/hosts file setup with the names I want to use of the local machines I (not hostnames) and I don’t use DHCP anywhere. I’m also using dnscrypt so I don’t think unbound is a way forward either.

Any way I can use FTLDNS to achieve the same behavior as dnsmasq?

thanks

#2

This should work already, since FTLDNS contains dnsmasq and runs in place of the dnsmasq process. All your existing dnsmasq configuration files should work as before. This command from the Linux terminal will show which dnsmasq version is running:

dig chaos txt version.bind +short

What are the contents of your /etc/hosts file?

Also, please generate a debug log, upload it and post the token here so we can look under the hood.

#3
@pi-hole:~ $ dig chaos txt version.bind +short
"dnsmasq-pi-hole-2.80"
@pi-hole:~ $ more /etc/hosts
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

192.168.1.125   eve-ng
100.100.100.100 big-ip
192.168.1.100   microesxi1
192.168.1.101   microesxi2
192.168.1.110   esxi1-ilo
192.168.1.111   esxi2-ilo
192.168.1.15    vcsa
192.168.1.39    nas1
192.168.1.40    nas2
192.168.1.33    med-srv
192.168.1.37    msi-laptop
192.168.1.5     wifi-ap

127.0.1.1       pi-hole

https://tricorder.pi-hole.net/60pig8ty75!

#4

What is the output of the following command from the Pi terminal:

dig eve-ng

What upstream DNS are you using with Pi-Hole DNSCrypt or unbound? Your debug log shows:

*** [ DIAGNOSING ]: Ports in use
127.0.0.1:5959 dnscrypt-p (IPv4)

 PIHOLE_DNS_1=127.0.0.1#5353

Also, this is in your debug log - any iptables that are blocking Google DNS?

[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)

#5
; <<>> DiG 9.10.3-P4-Raspbian <<>> eve-ng
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58927
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;eve-ng.                                IN      A

;; ANSWER SECTION:
eve-ng.                 2       IN      A       192.168.1.125

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 04 15:22:27 UTC 2019
;; MSG SIZE  rcvd: 51

yes I’m blocking UDP & TCP 53 outbound.

Sources are located in a file on my pihole… public-resolvers.md:
urls = [‘https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md’,
https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md’]
cache_file = ‘public-resolvers.md’

See here for details:

Thanks for the response. :slight_smile:

#6

This indicates that your local name resolution is working.

Perhaps I don’t understand the problem. How are the sources in your cache-file related to the problem?

#7

If I try and ping eve-ng from any of my workstations the pi-hole won’t resolve the name to the IP address.
It worked fine 2 days ago using dnsmasq before I updated my pihole.

Local resolution is all I’m trying to achieve.

Thanks

#8

Pi-hole is resolving name to proper IP as proven below:

Try run below one on one of those workstations on a command line prompt to see which DNS server is answering queries:

nslookup eve-ng

If its anything other than the Pi-hole address, have a look here for proper configuration:

EDIT: You can use same tool to query Pi-hole directly:

nslookup eve-ng <PIHOLE_IP_ADDRESS>

#9
C:\>nslookup eve-ng
Server:  pi-hole
Address:  192.168.1.20

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to pi-hole timed-out
C:\>nslookup eve-ng 192.168.1.20
Server:  pi-hole
Address:  192.168.1.20

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to pi-hole timed-out

All devices with an IP address are using the pihole as their only DNS and local resolution has been working fine with dnsmasq for the past 3 years. I updated my pihole 2 days ago and now local resolution no longer works.

Are there any config files for ftldns that i have to edit to get this working? i had to edit dnsmasq.conf to get it working 3 years ago.

#10

Might want to check/edit out private details for below ones:

sudo iptables -L -n

ip a

grep 'IPV[4,6]_ADDRESS\|PIHOLE_INTERFACE' /etc/pihole/setupVars.conf

sudo grep -v '^#\|^$' -R /etc/dnsmasq.*

EDIT: one more:

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '

#11
pi@pi-hole:~ $ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether mac address here brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 /64 scope link
       valid_lft forever preferred_lft forever
pi@pi-hole:~ $ grep 'IPV[4,6]_ADDRESS\|PIHOLE_INTERFACE' /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.1.20/24
IPV6_ADDRESS=
pi@pi-hole:~ $ sudo grep -v '^#\|^$' -R /etc/dnsmasq.*
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:domain-needed
/etc/dnsmasq.conf.old:bogus-priv
/etc/dnsmasq.conf.old:local=/local.lan/
/etc/dnsmasq.conf.old:no-dhcp-interface=eth0
/etc/dnsmasq.conf.old:expand-hosts
/etc/dnsmasq.conf.old:domain=local.lan
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
/etc/dnsmasq.conf.old:dhcp-reply-delay=tag:client_is_a_pi,2
/etc/dnsmasq.conf.save:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:wpad-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:wpad-ignore
/etc/dnsmasq.d/01-pihole.conf:server=127.0.0.1#5353
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
/etc/dnsmasq.d/01-pihole.conf:server=/local.lan/192.168.1.254
/etc/dnsmasq.d/01-pihole.conf:server=/1.168.192.in-addr.arpa/192.168.1.254
/etc/dnsmasq.d/01-pihole.conf:domain=local.lan
/etc/dnsmasq.d/01-pihole.conf:local=/local.lan/
/etc/dnsmasq.d/02-dnscrypt.conf:server=127.0.0.1#5959
/etc/dnsmasq.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.old:dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
/etc/dnsmasq.old:dhcp-reply-delay=tag:client_is_a_pi,2
pi@pi-hole:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:5353 \|:67 \|:80 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      524/pihole-FTL
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      493/lighttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      524/pihole-FTL
tcp6       0      0 ::1:4711                :::*                    LISTEN      524/pihole-FTL
tcp6       0      0 :::80                   :::*                    LISTEN      493/lighttpd
tcp6       0      0 :::53                   :::*                    LISTEN      524/pihole-FTL
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           260/avahi-daemon: r
udp        0      0 0.0.0.0:53              0.0.0.0:*                           524/pihole-FTL
udp6       0      0 :::5353                 :::*                                260/avahi-daemon: r
udp6       0      0 :::53                   :::*                                524/pihole-FTL

Thanks for all the assistance. :slight_smile:

1 Like
#12

These are my dnsmasq.conf updates to get local resolution working 3 years ago:

/etc/dnsmasq.conf.old:domain-needed
/etc/dnsmasq.conf.old:bogus-priv
/etc/dnsmasq.conf.old:local=/local.lan/
/etc/dnsmasq.conf.old:no-dhcp-interface=eth0
/etc/dnsmasq.conf.old:expand-hosts
/etc/dnsmasq.conf.old:domain=local.lan
#13

Edit - we were typing at the same time and your reply above already addresses some of this.

With FTLDNS, you don’t want to make changes to dnsmasq.conf. This is set up as a directory index. Make changes as shown in the commented block below:

cat /etc/dnsmasq.conf
conf-dir=/etc/dnsmasq.d

cd /etc/dnsmasq.d
pi@Pi-3B-DEV:/etc/dnsmasq.d $ ls -lh
total 4.0K
-rw-r--r-- 1 root root 1.6K Mar 31 16:05 01-pihole.conf

cat 01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
###############################################################################
...
1 Like
#14

You have the server= directive configured twice on different ports.
Try configure with only one server= directive.
The one that needs to answer upstream.

EDIT: I would prefer delete the one in /etc/dnsmasq.d/02-dnscrypt.conf

EDIT2: or did you intentionally configure two upstream DNS servers that run on different ports ?

#15

I didnt noticed before but you have configured Pi-hole to query the avahi-daemon on port 5353 upstream:

avahi-daemon cant be queried like traditional recursive DNS … I believe.

EDIT:

pi@noads:~ $ nslookup pi-hole.net localhost -port=5353
;; connection timed out; no servers could be reached
#16

I added:
domain-needed
bogus-priv
interface=eth0
domain=local.lan
local=/local.lan/

The rest of the config in 01-pihole.conf it did it’s self during the update.

I’ve created a file as suggested:/etc/dnsmasq.d/yourname.conf
and added the config from /etc/dnsmasq.conf.old to this file (not all of it, just the bits listed above)

IT’S WORKING!!! :smile:

Thank you to the both of you for helping “resolve” my issue. :wink:

1 Like
closed #17

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.