Internet broken on network after install

jclayton · February 22, 2025, 11:53am

Expected Behaviour:

Running pi-hole v6 on Fedora 41 Workstation. Router: TP-Link Archer A10.
Pi-hole allows network traffic and resolves DNS

Actual Behaviour:

After configuring pi-hole as the primary and secondary DNS servers in the DHCP router settings, only the pi-hole machine has reliable internet access. I set the static IP address in both the DHCP reservations section and on the client machine, and tried it both separate ways first. I am able to ping both 8.8.8.8 and the pi-hole's address successfully from the client machines, but it seems like there is a DNS resolution issue, as google.com fails to resolve in the browser.

None of the clients show up in the pi-hole admin panel. I disabled the SPI Firewall, but it didn't seem to help. Manually setting the DNS server on one of the clients temporarily got it to show up in the admin panel as a client but did not result in internet access -- this is not a realistic option for me, anyways.

Debug Token:

https://tricorder.pi-hole.net/H1EPTzJF/

CallMeCurious · February 22, 2025, 10:03pm

From a client pc if you open a terminal what is the output of

nslookup google.com

nslookup google.com <piholes ip addess>

jclayton · February 23, 2025, 12:03am

Hi, here are the outputs:

nslookup google.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached

nslookup google.com 192.168.0.xx
;; communications error to 192.168.0.xx#53: timed out
;; communications error to 192.168.0.xx#53: host unreachable
;; communications error to 192.168.0.xx#53: timed out
;; no servers could be reached

CallMeCurious · February 23, 2025, 12:34am

A dev will likely need to look at your debug but It seem like a router setting. Are you sure that the pihole is setup as the DNS server in the LAN / DHCP section and not the WAN section?

I should add, whats the output from nslookup google.com 1.1.1.1 This will bypass pihole. Also, are you running a firewall on the pihole?

jclayton · February 23, 2025, 1:39am

Hi, thanks for your help so far. nslookup seems to work with the alternative dns:

nslookup google.com 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	google.com
Address: 142.250.176.206
Name:	google.com
Address: 2607:f8b0:4006:81f::200e

I am fairly confident I am setting the DNS settings right. I followed the instructions here: How to use Pi-Hole DNS Server on TP-Link routers

I don't believe there is a firewall. ufw is not installed and I explicitly added rules to allow traffic on both UDP and TCP port 53 to iptables.

CallMeCurious · February 23, 2025, 1:49am

That does seem correct so lets see what the pi shows. If you can ssh into it, whats the output of sudo ss -tupln |grep 53

jclayton · February 23, 2025, 2:15am

Output here seems to indicate a udp problem I am unsure how to diagnose further:

pihole@pi:/etc/pihole$ sudo ss -tupln | grep 53
udp   UNCONN 0      0                                 0.0.0.0:53         0.0.0.0:*    users:(("pihole-FTL",pid=27658,fd=20))
udp   UNCONN 0      0                                    [::]:53            [::]:*    users:(("pihole-FTL",pid=27658,fd=22))
tcp   LISTEN 0      32                                0.0.0.0:53         0.0.0.0:*    users:(("pihole-FTL",pid=27658,fd=21))
tcp   LISTEN 0      32                                   [::]:53            [::]:*    users:(("pihole-FTL",pid=27658,fd=23))

jfb · February 23, 2025, 2:18am

jclayton:

nslookup google.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached

This may be a problem on that client. First, the client is trying to use an internal DNS server (on the loopback address) and the first nslookup didn't go to Pi-hole.

The second one is directed to Pi-hole but didn't get there. This leads me to believe there is a problem within that client, since neither internal or external DNS servers are reachable.

jfb · February 23, 2025, 2:28am

Looking at your debug log, I see the following:

*** [ DIAGNOSING ]: FirewallD
[i] Firewalld service active
[✗]   Allow Service: http (https://docs.pi-hole.net/main/prerequisites/#firewalld)
[✓]   Allow Service: dns
[✓]   Allow Service: dhcp
[✓]   Allow Service: dhcpv6
[✗] FTL Custom Zone Not Detected (https://docs.pi-hole.net/main/prerequisites/#firewalld)

Check your FirewallD settings per the link shown in the output.

This section of your log is also unusual. FTL should be on port 53:

*** [ DIAGNOSING ]: Ports in use
    udp:0.0.0.0:43820 is in use by wsdd
    udp:192.168.0.10:3702 is in use by wsdd
    udp:239.255.255.250:3702 is in use by wsdd
[✗] udp:0.0.0.0:53 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)
    udp:0.0.0.0:68 is in use by <unknown>
    udp:0.0.0.0:123 is in use by <unknown>
    udp:127.0.0.1:323 is in use by <unknown>
    udp:*:59115 is in use by wsdd
    udp:[fe80::d6ee:4247:516e:e0f6]%wlp2s0:3702 is in use by wsdd
    udp:[ff02::c]%wlp2s0:3702 is in use by wsdd
[✗] udp:[::]:53 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)
    udp:[::]:123 is in use by <unknown>
    udp:[::1]:323 is in use by <unknown>
    tcp:0.0.0.0:27500 is in use by <unknown>
    tcp:127.0.0.1:631 is in use by <unknown>
[✗] tcp:0.0.0.0:53 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)
[✗] tcp:0.0.0.0:80 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)
[✗] tcp:0.0.0.0:443 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)
    tcp:[::1]:631 is in use by <unknown>
[✗] tcp:[::]:53 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)
[✗] tcp:[::]:80 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)
[✗] tcp:[::]:443 is in use by  (https://docs.pi-hole.net/main/prerequisites/#ports)

Likely unrelated, but you have a git status problem. Pi-hole should be able to pull the versions from github.

*** [ DIAGNOSING ]: Core version
git status failed

*** [ DIAGNOSING ]: Web version
git status failed

*** [ DIAGNOSING ]: FTL version
[✓] Version: v6.0.2
[i] Branch: master
[i] Commit: ac500d5f

The versions file on your Pi-hole host has the data, so this is likely a connectivity problem.

-rw-r--r-- 1 pihole pihole 323 Feb 22 02:37 /etc/pihole/versions
   CORE_VERSION=v6.0.3
   CORE_BRANCH=master
   CORE_HASH=0e6d9e74
   GITHUB_CORE_VERSION=v6.0.3
   GITHUB_CORE_HASH=0e6d9e74
   WEB_VERSION=v6.0.1
   WEB_BRANCH=master
   WEB_HASH=42e7279a
   GITHUB_WEB_VERSION=v6.0.1
   GITHUB_WEB_HASH=42e7279a
   FTL_VERSION=v6.0.2
   FTL_BRANCH=master
   FTL_HASH=ac500d5f
   GITHUB_FTL_VERSION=v6.0.2
   GITHUB_FTL_HASH=ac500d5f

Your Pi-hole is receiving and responding to clients on the network (at least one) from your pilhole.log.

 Feb 22 02:48:24 dnsmasq[27658]: query[A] safebrowsing.googleapis.com from 192.168.0.10
 Feb 22 02:48:24 dnsmasq[27658]: cached-stale safebrowsing.googleapis.com is 142.250.80.42

jclayton · February 23, 2025, 2:48am

Hi,
Thanks so much for this. I followed the firewalld instructions and everything seems to be working now. I generated a new debug log which shows the same port issues and github problems. Do i need to resolve these? Would running pihole -r help at all?

New debug is here, if that is helpful: https://tricorder.pi-hole.net/h2mczwdh/

jfb · February 23, 2025, 2:56am

If Pi-hole is working, I wouldn't worry about those for now.

system · March 16, 2025, 2:57am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.