Internet not working on Pihole DNS

Help
1

Expected Behaviour:

I have setup a Pihole and Pivpn on my raspberry Pi4, the internet was working find this morning at around 6am EST. I did nothing to change the system settings but did have the pihole disconnected from the internet until around 10pm EST.

Actual Behaviour:

But it seems that I cannot get through using the Pihole dns for both the VPN and without it.

I can however get the internet working when I put 1.1.1.1 in my /etc/resolv.conf . There was an issue in a previous debug log that I didnt save that stated something along the lines of port 53 was found for dnsmasq but port 48 was being used instead. IT doesn't seem to be the problem right now.

Tried:

I have tried pihole -r and pihole -up, rebooting the Raspberry Pi, aswell as pihole restartdns to no success.

Debug Token:

https://tricorder.pi-hole.net/komPk7o2/

2

Your debug log shows you have enabled DNSSEC for your Pi-hole.

Please verify your RPi4's time and time zone information is correct.

If necessary, manually adjust your system time, e.g. by running

sudo date -s '2022-05-04 08:30:59'

Substitute above for your current date and time.

3

Thank you, that helped!!

I had to change the timezone first, using "sudo timezonectl set-timezone zone", it was set to UTC but im in the Americas; then used the command you gave above.

I also installed the package "fake-hwclock" from apt, to make sure this doesn't occur again. I activated the startup restore through "sudo systemctl start fake-hwclock.service", and will have to mess with cron to save periodically. Lastly install ntp, which ill need to see how it works.

Thanks again!!

4

On Raspberry Pi OS, fake-hwclock would already have been active by default, and it would already have been setup to save periodically (once per hour by default).

More importantly, note that fake-hwclock did not and cannot "make sure this doesn't occur again", and neither won't ntpd nor any other time service.

This is because RPis do lack a battery-backuped RTC, so they won't have a correct time after prolongued powerdown periods.
As a makeshift solution, Raspberry Pi OS starts with the last known time as saved by fake-hwclock, and it would then try to sync with NTP servers by their respective DNS names (as configurable by /etc/systemd/timesyncd.conf).

Now, DNSSEC validation requires a consistent time-frame on all involved machines, and if your RPi's time would be off by too much, DNS resolution of the time server name would fail. In fact, all DNS lookups will fail that way, and the resulting inability to contact an NTP server's IP for syncing time would leave you stuck with the wrong time and no DNS resolution.

To address this, you could try to add your router's IP address to your RPi's timesyncd.conf, provided your router can be configured to act as a local time server.

This is what I've done on my RPi (click for details)

(*at least before I mounted a DS3231 RTC :wink: *)

I've added a Local DNS record for time.fritz.box pointing to my router's IP, and I've edited /etc/systemd/timesyncd.conf to contain the following:

[Time]
NTP=time.fritz.box
FallbackNTP=0.de.pool.ntp.org 1.debian.pool.ntp.org

If my router's IP should change (e.g. if I had to switch to a different router), this would allow me to adjust the local DNS record instead of editing timesyncd.conf.

But let me remind you this only works if your router can act as a local time server.

Another option would be to configure Pi-hole to resolve certain time server requests by forwarding them to a separate DNS server (click for details).

To that end, you'd have to create a custom dnsmasq configuration (e.g. /etc/dnsmasq.d/42-time-server-no-dnssec-redirects.conf with the following content:

server=/pool.ntp.org/8.8.8.8

Pi-hole's embedded dnsmasq wouldn't apply DNSSEC validation for domains that are handled by such a server option.

Run pihole restartdns afterwards.

Note that this would leak DNS requests to a public DNS server (Google's 8.8.8.8 in above example) - depending on your personal preferences, that may be something you'd want to avoid.

Alternatively, you could consider to fit an RTC to your RPi4.
Those are available for already a few bucks only, and may be the most reliable choice.

5

Ok wow, you've gone above and beyond!! This explanation is so detailed and easy to understand, Thanks again Buck :smiley: !! Also this is the first time I've heard about the DS3231 RTC. They really are a great alternative to the hole software setup thing :wink: .

I did forget to mention that I am not running Pi OS but rather Ubuntu for the arm64 capabilities, but I don't think that makes too much of a difference for configs.

The Edgerouter X does support NTP but I still haven't found any docs on a local time server. I wonder if the router syncing NTP will also translate to an override of the RPi syncing the already synced router.

For now Im gonna test the Local DNS record and timesyncd.conf. This way I will get a lil more experienced with the networking aspects! That said the RTC does sound like the best alternative for reliability, and If I ever get to setting the RPi in a DMZ, I'll probably go with that option.

I got to say I've learned a lot, I tend to avoid any social interaction, weirdly enough even over the internet, but this has been a great learning experience, I hope your days are filled with Joy and a great amount of fun playing with life!!

1 Like
6

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.