How to allow DNS ping?

Help Community Help
1

The issue I am facing: Unable to ping 8.8.8.8

Details about my system: Pi-hole running on Raspberry Pi. Configured for DoH using cloudflared.

What I have changed since installing Pi-hole: N/a

I have a Raspberry Pi running Pi Hole. I have configured DNS over HTTPS using cloudflared – see: cloudflared (DoH) - Pi-hole documentation

Everything is working fine. However, I have a work laptop (that I use on my home network) that runs a script to check if it is connected to the internet. It does this by pinging 8.8.8.8 However, this does not work in my network (request timed out). I am guessing that pi-hole knows that this is a DNS server and blocks the ping. Disabling blocking does not make any difference.

Is there anything I can do to allow the ping through please?

2

Being unable to ping would not be a pihole issue but rather a network issue of somekind. You could try running tracert 8.8.8.8 and see where its failing ( assuming you're using Windows ).

3

Thanks for the reply. I am able to ping OpenDNS and DNS.Watch so it looks like it is only a problem with Google DNS. 192.168.0.1 is my router, and 192.168.0.3 is my pi.hole.

Here is the output

C:\Users\Nick>tracert 8.8.8.8

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

  1    <1 ms    <1 ms     1 ms  pi.hole [192.168.0.3]
  2     1 ms     1 ms    <1 ms  192.168.0.1
  3     1 ms    <1 ms     1 ms  192.168.0.1
  4     2 ms     1 ms     *     pi.hole [192.168.0.3]
  5     2 ms     *        6 ms  192.168.0.1
  6     *        *        6 ms  192.168.0.1
  7     *        *        *     Request timed out.
  8     4 ms     2 ms     *     192.168.0.1
  9     *        *        *     Request timed out.
 10     3 ms     2 ms     5 ms  192.168.0.1
 11     *        *        *     Request timed out.
 12     3 ms     *        *     192.168.0.1
 13     3 ms     3 ms     *     192.168.0.1
 14     *        *        *     Request timed out.
 15    10 ms     3 ms     6 ms  192.168.0.1
 16     *        *        *     Request timed out.
 17     3 ms     *        *     192.168.0.1
 18     *        *        *     Request timed out.
 19     8 ms    14 ms     *     192.168.0.1
 20     *        *        *     Request timed out.
 21     5 ms     7 ms     5 ms  192.168.0.1
 22     *        *        *     Request timed out.
 23     5 ms     6 ms     *     192.168.0.1
 24     *        *        *     Request timed out.
 25     6 ms     8 ms     7 ms  192.168.0.1
 26     *        *        *     Request timed out.
 27     6 ms     *        *     192.168.0.1
 28     *        *        *     Request timed out.
 29     7 ms     6 ms    11 ms  192.168.0.1
 30     *        *        *     Request timed out.

Trace complete.

Here is the output of OpenDNS (which does work):

C:\Users\Nick>tracert 208.67.222.222

Tracing route to resolver1.opendns.com [208.67.222.222]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2     7 ms     9 ms     7 ms  251.core.plus.net [195.166.130.251]
  3     8 ms     8 ms     8 ms  84.93.253.91
  4     8 ms     8 ms     8 ms  195.99.125.136
  5     8 ms     8 ms     *     core6-hu0-3-0-15.faraday.ukcore.bt.net [109.159.252.134]
  6     9 ms     9 ms     9 ms  166-49-209-194.gia.bt.net [166.49.209.194]
  7     *        *        *     Request timed out.
  8    10 ms     9 ms     9 ms  resolver1.opendns.com [208.67.222.222]

Trace complete.
4

I'm not sure I understand why your 8.8.8.8 ping is going to the pi as the 1st hop. Maybe there is a route set up for it.

I'm guessing this works as should but lets see what you get if you tracert 192.168.0.1

Then could you do a route print 8.8.8.8 if that comes up blank maybe just route print

5

Hi - here is the output

C:\Users\Nick>tracert 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.0.1

Trace complete.

C:\Users\Nick>route print 8.8.8.8
===========================================================================
Interface List
 19...74 d4 35 e8 e1 2c ......Intel(R) Ethernet Connection I217-V
  8...14 cc 20 16 b4 85 ......Qualcomm Atheros AR938x Wireless Network Adapter
 22...16 cc 20 16 b4 85 ......Microsoft Wi-Fi Direct Virtual Adapter #3
  4...26 cc 20 16 b4 85 ......Microsoft Wi-Fi Direct Virtual Adapter #4
  2...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 10...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
  None
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
  None
Persistent Routes:
  None
6

Try the route print just by itself. Also Can you ping 8.8.4.4 ( alternate google dns server )?

Also, could you post the results of ipconfig?

7

Wrong guess: Pi-hole isn't capable of rerouting and blocking network traffic indiscriminately.

As a filtering DNS server, all that it ever sees are DNS requests, and only those from clients that are using it for DNS.
All other traffic goes whichever way your router and clients are configured for.
This means that a ping to an IP address does not involve Pi-hole at all.

Run from the Windows client that fails to ping, what's the output of

ipconfig /all

Also, please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

8

Thanks for your help. Here are the results:

C:\Users\Nick>route print
===========================================================================
Interface List
 19...74 d4 35 e8 e1 2c ......Intel(R) Ethernet Connection I217-V
  8...14 cc 20 16 b4 85 ......Qualcomm Atheros AR938x Wireless Network Adapter
 22...16 cc 20 16 b4 85 ......Microsoft Wi-Fi Direct Virtual Adapter #3
  4...26 cc 20 16 b4 85 ......Microsoft Wi-Fi Direct Virtual Adapter #4
  2...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 10...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.195     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      169.254.0.0      255.255.0.0         On-link     192.168.0.195     26
      169.254.0.0      255.255.0.0         On-link      192.168.40.1     36
      169.254.0.0      255.255.0.0         On-link      192.168.80.1     36
  169.254.255.255  255.255.255.255         On-link     192.168.0.195    281
  169.254.255.255  255.255.255.255         On-link      192.168.40.1    291
  169.254.255.255  255.255.255.255         On-link      192.168.80.1    291
      192.168.0.0    255.255.255.0         On-link     192.168.0.195    281
    192.168.0.195  255.255.255.255         On-link     192.168.0.195    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.195    281
     192.168.40.0    255.255.255.0         On-link      192.168.40.1    291
     192.168.40.1  255.255.255.255         On-link      192.168.40.1    291
   192.168.40.255  255.255.255.255         On-link      192.168.40.1    291
     192.168.80.0    255.255.255.0         On-link      192.168.80.1    291
     192.168.80.1  255.255.255.255         On-link      192.168.80.1    291
   192.168.80.255  255.255.255.255         On-link      192.168.80.1    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.0.195    281
        224.0.0.0        240.0.0.0         On-link      192.168.80.1    291
        224.0.0.0        240.0.0.0         On-link      192.168.40.1    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.0.195    281
  255.255.255.255  255.255.255.255         On-link      192.168.80.1    291
  255.255.255.255  255.255.255.255         On-link      192.168.40.1    291
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0    192.168.0.195       1
      169.254.0.0      255.255.0.0     192.168.40.1       1
      169.254.0.0      255.255.0.0     192.168.80.1       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 19    281 fd8a:adcf:5209:1::/64    fe80::36af:b3ff:fee5:37bb
 19    281 fdc1:95b0:7c20:a0cb::/64 On-link
 19    281 fdc1:95b0:7c20:a0cb:5e25:25a1:775d:26a4/128
                                    On-link
 19    281 fdc1:95b0:7c20:a0cb:9051:5fd4:b2df:9c3f/128
                                    On-link
 19    281 fe80::/64                On-link
 10    291 fe80::/64                On-link
  2    291 fe80::/64                On-link
  2    291 fe80::b0cf:335c:cd68:49ca/128
                                    On-link
 10    291 fe80::b54b:28b5:cc1e:1c48/128
                                    On-link
 19    281 fe80::e3ed:e6e1:c3f3:b879/128
                                    On-link
  1    331 ff00::/8                 On-link
 19    281 ff00::/8                 On-link
 10    291 ff00::/8                 On-link
  2    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Pinging 8.8.4.4. results in a timeout

C:\Users\Nick>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EAGLE
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-V
   Physical Address. . . . . . . . . : 74-D4-35-E8-E1-2C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fdc1:95b0:7c20:a0cb:5e25:25a1:775d:26a4(Preferred)
   Temporary IPv6 Address. . . . . . : fdc1:95b0:7c20:a0cb:9051:5fd4:b2df:9c3f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e3ed:e6e1:c3f3:b879%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.195(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 21 March 2024 17:15:08
   Lease Expires . . . . . . . . . . : 22 March 2024 19:57:57
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.3
   DHCPv6 IAID . . . . . . . . . . . : 259314741
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-F5-32-81-74-D4-35-E8-E1-2C
   DNS Servers . . . . . . . . . . . : 192.168.0.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter WiFi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Qualcomm Atheros AR938x Wireless Network Adapter
   Physical Address. . . . . . . . . : 14-CC-20-16-B4-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
   Physical Address. . . . . . . . . : 16-CC-20-16-B4-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
   Physical Address. . . . . . . . . : 26-CC-20-16-B4-85
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b0cf:335c:cd68:49ca%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.40.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 318787670
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-F5-32-81-74-D4-35-E8-E1-2C
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b54b:28b5:cc1e:1c48%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.80.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 385896534
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-F5-32-81-74-D4-35-E8-E1-2C
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Debug URL: https://tricorder.pi-hole.net/ANjmW8tO/

Other information that may be relevant: I am also running pivpn alongside pi-hole, but this is not being used for any of these tests. I have also tried to ping 8.8.8.8 from another PC on the network and get the same results.

9

OK - so I have found the problem - apologies for using up your time.

I had a static route setup in my router to send 8.8.8.8 and 8.8.4.4 to pi-hole. I did this a long time ago, but I think it was because I found that Android in some instances was insisting on using these IPs as the DNS and was bypassing pi-hole and serving up ads. Disabling those routes has allowed the ping to work.

Many thanks for making me think more about where the problem could be. I'll work out if I need to re-enable the routes and then raise a different topic if needed.

11

Glad you found it.

12

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.