Inconsistent information in pihole logfiles

barneyboy · March 12, 2019, 8:31pm

Hi folks,

I’m running pihole on a Raspberry 3B (version v4.2.2-0-gba1e94d v4.2-0-g347994d v4.2.3). OS is Raspbian-Stretch with latest updates.

Via pihole's web interface I selected 4 DNS servers:

DNS.WATCH: 84.200.69.80
Quad9: 9.9.9.10
Custom1: 82.196.9.45
Custom2: 51.15.98.97

After saving the selection pihole modified the files /etc/pihole/setupVars.conf and /etc/dnsmasq.d/01-pihole.conf

/etc/pihole/setupVars.conf contains the following DNS info:
PIHOLE_DNS_1=84.200.69.80
PIHOLE_DNS_2=9.9.9.10
PIHOLE_DNS_3=82.196.9.45#53
PIHOLE_DNS_4=51.15.98.97#53

/etc/dnsmasq.d/01-pihole.conf contains the following DNS info:
server=84.200.69.80
server=9.9.9.10
server=82.196.9.45#53
server=51.15.98.97#53

With these new values I restarted pihole with the command: systemctl restart pihole-FTL.service.

In /var/log/pihole.log I see the following lines:
Mar 12 16:28:36 dnsmasq[6531]: using nameserver 51.15.98.97#53
Mar 12 16:28:36 dnsmasq[6531]: using nameserver 82.196.9.45#53
Mar 12 16:28:36 dnsmasq[6531]: using nameserver 9.9.9.10#53
Mar 12 16:28:36 dnsmasq[6531]: using nameserver 84.200.69.80#53

BUT in /var/log/pihole-FTL.log I see the following lines:
[2019-03-12 16:28:36.603 6529] New forward server: 208.67.220.220 (0/4096)
[2019-03-12 16:28:36.603 6529] New forward server: 51.15.98.97 (1/4096)
[2019-03-12 16:28:36.603 6529] New forward server: 82.196.9.45 (2/4096)
[2019-03-12 16:28:36.614 6529] New forward server: 9.9.9.10 (3/4096)

The servers 51.15.98.97, 82.196.9.45 and 9.9.9.10 appear in both log files. That's okay.

BUT the server 84.200.69.80 (DNS.Watch), which I selected, appears only in /var/log/pihole.log, but not in /var/log/pihole-FTL.log. That's wrong.

BUT the server 208.67.220.220 (OpenDNS), which I did not select, appears in /var/log/pihole-FTL.log. That's wrong, too.

How does it come, that a not selected DNS server is listed as an used server in /var/log/pihole-FTL.log? How does it come, that a selected DNS server is not listed as an used server in /var/log/pihole-FTL.log?

Thanks for reading and have a nice day.

Barney

Mcat12 · March 13, 2019, 12:45am

We need more context about the lines in the FTL log. Those lines may have been made when it processed queries from the database (past queries), which had been made with past DNS servers. FTL will only output the "new forward server" line if it forwards a query to the server, not just if it is configured.

jpgpi250 · March 13, 2019, 9:05am

I've noticed the same, after changing the DNS server selection. To overcome this, I've added the following to my new installation procedure;

sudo service pihole-FTL stop
sudo rm /etc/pihole/pihole-FTL.db
sudo service pihole-FTL start

The database is recreated, if it doesn't exist when pihole-FTL is started.

DL6ER · March 15, 2019, 4:56pm

That's precisely what is happening here. FTL parses the queries of the past 24 hours and finds the previously used forward destinations. The fact that it logs them means that it is aware of them, not that it uses them for anything. The "knowledge" about the existence of the forward destinations will only disappear when they haven't been used for at least 24 hours as they won't be imported in this case.

What @jpgpi250 mentioned will work as well but only because when you delete the database then the previously used forward destinations cannot be imported from anywhere. Mind that you will loose all history in this case which is - in my view - not worth it. Remember, the FTL messages only indicates that FTL is aware of them and nothing more than than.

barneyboy · March 24, 2019, 2:16pm

Sorry for my late answering. I've been absent from home for several days.

First of all: thanks to everybody, who replied.

@DL6ER: I think, you're right. I tried the hint of @jpgpi250: stopped pihole-FTL.service, deleted the files /var/log/pihole.log, /var/log/pihole-FTL.log and /etc/pihole/pihole-FTL.db and started pihole-FTL.service again.

After that /var/log/pihole.log showed the same DNS servers as in my OP. And /var/log/pihole-FTL.log exactly lists just only those DNS servers I defined in /etc/pihole/setupVars.conf. They appeared not directly after restarting pihole-FTL.service, but with a delay of several hours.

Thanks for reading and have a nice day.

Barney