Just upgraded to FTLDNS from pihole v.3.3.1 on my tomato arm (netgear r7000)router update went smoothly except when it tries to run pihole-FTL it says
"root@b-12-l-14-gw:~# /etc/init.d/pihole-FTL start
Not running
Failed to set capabilities on file `/usr/bin/pihole-FTL' (Operation not supported)
sh: 1: /usr/bin/pihole-FTL: not found" and pihole terminates
root@b-12-l-14-gw:/# tail -f /var/log/pihole-FTL.log
[2018-04-24 22:28:13.194] -> Exactly blocked DNS queries: 5435
[2018-04-24 22:28:13.194] -> Wildcard blocked DNS queries: 4
[2018-04-24 22:28:13.194] -> Unknown DNS queries: 11
[2018-04-24 22:28:13.194] -> Unique domains: 1611
[2018-04-24 22:28:13.194] -> Unique clients: 11
[2018-04-24 22:28:13.194] -> Known forward destinations: 1
[2018-04-24 22:41:43.789] FATAL: FTL received SIGTERM from PID/UID 9545/0, exiting gracefully
[2018-04-24 22:41:43.789] Shutting down...
[2018-04-24 22:41:43.840] Finished final database update
[2018-04-24 22:41:43.841] ########## FTL terminated after 51.8 ms! ##########
my pihole v.3.3.1 has been running for almost a month now and no issues so far
dnsmasq is not running during my test, my guess it might be kernel related issues "Failed to set capabilities on file `/usr/bin/pihole-FTL’ (Operation not supported)"
ps -p 95450--o comm= should return the command that is causing FTLDNS to terminate. provided it is still running if you try again and get a different PID use it. that could help us narrow down what is happening
This means you have checked out the FTLDNS beta testing branch, right? The reason for why we need to manage capabilities here is the strong security model we implement for FTLDNS. While dnsmasq is running as root, we run pihole-FTL under user pihole for your own safety and comfort. Obviously, the user pihole (being entirely unprivileged) cannot bind to ports below 1000 (among some other things related to DHCP services FTLDNS offers) and as such we need to supplement the binary with these capabilities so pihole-FTL can bind to port 53, etc. without giving any additional permissions to the pihole user.
Now, it seems that your Tomato router has issues with this. Two questions:
sh: 1: /usr/bin/pihole-FTL: not found
Does this file exist? If not, where is pihole-FTL located for you?
Failed to set capabilities on file `/usr/bin/pihole-FTL’ (Operation not supported)
root@-gw:/# setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip /usr/bin/pihole-FTL
Failed to set capabilities on file `/usr/bin/pihole-FTL' (Operation not supported)
i,ve read somewhere that extended attribute needs to be compiled/enabled on my file system to store capabilities, i have no idea how to enable it on chrooted environment, my current pihole 3.3.1 is working fine on this router
reason i tried FTLDNS is the local dns server support with unbound, right now i manually edited 01-pihole.conf to add 127.0.0.1#5353 for unbound to work with v.3.3.1, hope it will be officially supported
debian chroot resides on ext3 file system, i didnt bother on the extended attribute issue as it involves compiling a new kernel and tomato firmware is very limited on this area.
Pi-hole v4.0 will bring (a more polished version of) what is currently in the beta phase. Hence, the more issues we can resolve already now, the better. I might have a solution for this, and will comment here again later.