IP addresses in dashboard instead of client names

darkvirus · August 8, 2021, 8:55pm

Thanks for looking.

grep -nRv '^#\|^$' /etc/dnsmasq.*
/etc/dnsmasq.conf:1:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:1:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/02-pihole-dhcp.conf:5:dhcp-authoritative
/etc/dnsmasq.d/02-pihole-dhcp.conf:6:dhcp-range=192.168.100.21,192.168.100.200,24h
/etc/dnsmasq.d/02-pihole-dhcp.conf:7:dhcp-option=option:router,192.168.100.1
/etc/dnsmasq.d/02-pihole-dhcp.conf:8:dhcp-leasefile=/etc/pihole/dhcp.leases
/etc/dnsmasq.d/02-pihole-dhcp.conf:11:domain=dv.local
/etc/dnsmasq.d/02-pihole-dhcp.conf:12:local=/dv.local/
/etc/dnsmasq.d/01-pihole.conf:21:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:22:addn-hosts=/etc/pihole/custom.list
/etc/dnsmasq.d/01-pihole.conf:25:localise-queries
/etc/dnsmasq.d/01-pihole.conf:28:no-resolv
/etc/dnsmasq.d/01-pihole.conf:32:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:34:log-queries
/etc/dnsmasq.d/01-pihole.conf:35:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:37:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:39:log-async
/etc/dnsmasq.d/01-pihole.conf:40:server=122.56.237.1
/etc/dnsmasq.d/01-pihole.conf:41:server=210.55.111.1
/etc/dnsmasq.d/01-pihole.conf:42:domain-needed
/etc/dnsmasq.d/01-pihole.conf:43:expand-hosts
/etc/dnsmasq.d/01-pihole.conf:44:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:45:interface=eno1
/etc/dnsmasq.d/01-pihole.conf:46:rev-server=192.168.1.0/24,192.168.1.252
/etc/dnsmasq.d/01-pihole.conf:47:server=/homo.local/192.168.1.252
/etc/dnsmasq.d/01-pihole.conf:48:server=/use-application-dns.net/

Bucking_Horn · August 8, 2021, 8:59pm

No surprises here either - no hidden extra files, only those created by Pi-hole itself.

From your most recent debug log, the only option relevant for the translation of IPs into names for Pi-hole's Query Log is still the one recommended by Roo earlier:

-rw-rw-r-- 1 pihole root 37 Aug  5 16:57 /etc/pihole/pihole-FTL.conf
   PRIVACYLEVEL=0
   REFRESH_HOSTNAMES=ALL

However, bespoke REFRESH_HOSTNAMES setting wouldn't do anything for you beyond the default IPv4, as yours seems to be an IPv4 only network, and ALL would just include IPv6 addresses also.

The only remaining difference to a standard Pi-hole would be your substitution of lighttpd by Apache. I am not aware of Apache having any bearing on translation of IPs to names, but then again, lighttpd is Pi-hole's supported webserver.

yubiuser · August 9, 2021, 8:37am

Do you have any browser plugins installed that might interfere with Pi-hole's web interface?
Do you see any errors in apache's logs?

Please open

http://pi.hole/admin/api.php?&topClientsBlocked

And see if the raw data provided by pihole-FTL contains the names already.

darkvirus · August 10, 2021, 5:25am

From the API :

{"top_sources_blocked":{"192.168.100.53":735,"192.168.100.65":231,"192.168.100.143":182,"192.168.100.35":96,"192.168.100.40":32,"192.168.100.72":11,"192.168.100.66":6,"192.168.100.150":4}}

No errors in the apache error log, and this is the access log matching the request

192.168.100.65 - - [10/Aug/2021:17:22:55 +1200] "GET /api.php?&topClientsBlocked HTTP/1.1" 200 188

As for browser plugins, i run uBlock, but with it disabled same results.

yubiuser · August 10, 2021, 12:42pm

Ok, so the missing client names are not an issue with the web interface or the web server, but rather pihole-FTL not providing the information.

For comparison:

{"top_sources_blocked":{"ThinkPad-X230.fritz.box|10.0.1.31":3076,"Sony-XZ1-Compact.fritz.box|10.0.1.22":2771,"Google-Pixel-{"top_sources_blocked":{"ThinkPad-X230.fritz.box|10.0.1.31":3076,"Sony-XZ1-Compact.fritz.box|10.0.1.22":2771,"Google-Pixel-4a.fritz.box|10.0.1.26":597,"iPad.fritz.box|10.0.1.64":374,"wireguard-sony-xz-compact|10.0.40.3":1}}4a.fritz.box|10.0.1.26":597,"iPad.fritz.box|10.0.1.64":374,"wireguard-sony-xz-compact|10.0.40.3":1}}

You could try adding DEBUG_RESOLVER=true to /etc/pihole/pihole-FTL.conf and restart FTL by pihole restartdns. This should add more information regarding hostname resolution to /var/log/pihole-FTL.log

darkvirus · August 10, 2021, 9:46pm

Few interesting entries.

[2021-08-11 09:40:15.768 822640/T822646] Trying to resolve 192.168.100.65
[2021-08-11 09:40:15.768 822640/T822646] Setting nameservers to:
[2021-08-11 09:40:15.768 822640/T822646]      0: 127.0.0.1:53 (IPv4)
[2021-08-11 09:40:15.800 822640/T822646] Setting nameservers back to default:
[2021-08-11 09:40:15.800 822640/T822646]      0: 8.8.8.8:53 (IPv4)
[2021-08-11 09:40:15.831 822640/T822646]  ---> "" (N/A)
[2021-08-11 09:40:15.831 822640/T822646]  ---> not found
[2021-08-11 09:40:15.831 822640/T822646] Client 192.168.100.65 -> "" is new

[2021-08-11 09:40:33.468 822640M]  ---> not found
[2021-08-11 09:40:33.468 822640M] getDatabaseHostname(): "SELECT interface FROM network JOIN network_addresses ON network_addresses.network_id = network.id WHERE network_addresses.ip = ? AND interface != 'N/A' AND interface IS NOT NULL;" with ? = "192.168.100.65"
[2021-08-11 09:41:14.423 822640M]  ---> not found
[2021-08-11 09:41:14.424 822640M] getDatabaseHostname(): "SELECT interface FROM network JOIN network_addresses ON network_addresses.network_id = network.id WHERE network_addresses.ip = ? AND interface != 'N/A' AND interface IS NOT NULL;" with ? = "192.168.100.65"

But if i do

cat /etc/pihole/dhcp.leases | grep 192.168.100.65
1628713223 4c:ed:fb:67:3d:70 192.168.100.65 DESKTOP-CUV0IR9 01:4c:ed:fb:67:3d:70

DHCP has the name, im just not sure why its not being given to FTL

And if i do NSLookup from my PC

nslookup 192.168.100.65
Server: darkvirus.nz
Address: 192.168.100.6

Name: DESKTOP-CUV0IR9.dv.local
Address: 192.168.100.65

DL6ER · August 11, 2021, 7:57am

Please also set

DEBUG_QUERIES=true

and restart FTL. This will add information about received queries into pihole-FTL.log as well.

darkvirus · August 11, 2021, 9:28pm

nslookup 192.168.100.143
Server: darkvirus.nz
Address: 192.168.100.6

Name: Embers-iPad.dv.local
Address: 192.168.100.143

[2021-08-12 09:27:14.635 906277M] **** new UDP query[PTR] query "143.100.168.192.in-addr.arpa" from eno1:192.168.100.65 (ID 15, FTL 14, /root/project/src/dnsmasq/forward.c:1592)
[2021-08-12 09:27:14.635 906277M] 143.100.168.192.in-addr.arpa is not known
[2021-08-12 09:27:14.636 906277M] ---> not found
[2021-08-12 09:27:14.637 906277M] getDatabaseHostname(): "SELECT interface FROM network JOIN network_addresses ON network_addresses.network_id = network.id WHERE network_addresses.ip = ? AND interface != 'N/A' AND interface IS NOT NULL;" with ? = "192.168.100.65"
[2021-08-12 09:27:14.643 906277M] **** got cache answer for Embers-iPad.dv.local / 192.168.100.143 / (ID 15, /root/project/src/dnsmasq/rfc1035.c:1555)

cat /etc/pihole/dhcp.leases |grep .143

1628768780 92:63:f7:7e:05:1f 192.168.100.143 Embers-iPad 01:92:63:f7:7e:05:1f

DL6ER · August 12, 2021, 9:19am

Thanks, however, now the lines like

which you had before are missing from your log snippet. Can you quote more from the log file, please?

darkvirus · August 12, 2021, 8:20pm

So it looks like those lines only exist directly after 'pihole restartdns'

[2021-08-13 08:13:20.288 973345/T973351] Client 192.168.100.43 -> "" is new
[2021-08-13 08:13:20.288 973345/T973351] Trying to resolve 192.168.100.53
[2021-08-13 08:13:20.288 973345/T973351] Setting nameservers to:
[2021-08-13 08:13:20.288 973345/T973351]      0: 127.0.0.1:53 (IPv4)
[2021-08-13 08:13:20.320 973345/T973351] Setting nameservers back to default:
[2021-08-13 08:13:20.320 973345/T973351]      0: 8.8.8.8:53 (IPv4)
[2021-08-13 08:13:20.352 973345/T973351]  ---> "" (N/A)
[2021-08-13 08:13:20.353 973345/T973351]  ---> not found
[2021-08-13 08:13:20.353 973345/T973351] Client 192.168.100.53 -> "" is new
[2021-08-13 08:13:20.353 973345/T973351] Trying to resolve 192.168.100.42
[2021-08-13 08:13:20.353 973345/T973351] Setting nameservers to:
[2021-08-13 08:13:20.353 973345/T973351]      0: 127.0.0.1:53 (IPv4)
[2021-08-13 08:13:20.385 973345/T973351] Setting nameservers back to default:
[2021-08-13 08:13:20.385 973345/T973351]      0: 8.8.8.8:53 (IPv4)
[2021-08-13 08:13:20.419 973345/T973351]  ---> "" (N/A)
[2021-08-13 08:13:20.419 973345/T973351]  ---> not found
[2021-08-13 08:13:20.419 973345/T973351] Client 192.168.100.42 -> "" is new
[2021-08-13 08:13:20.420 973345/T973351] 11 / 11 client host names resolved

It has 11 entries which is how many DHCP reservations i have.

Then when i do the nslookup for the IP

[2021-08-13 08:13:25.943 973345M] Set reply to DOMAIN (5)
[2021-08-13 08:13:25.944 973345M] **** new UDP query[PTR] query "65.100.168.192.in-addr.arpa" from eno1:192.168.100.65 (ID 5, FTL 19733, /root/project/src/dnsmasq/forward.c:1592)
[2021-08-13 08:13:25.944 973345M] 65.100.168.192.in-addr.arpa is not known
[2021-08-13 08:13:25.944 973345M] **** got cache answer for DESKTOP-CUV0IR9.dv.local / 192.168.100.65 / <unknown> (ID 5, /root/project/src/dnsmasq/rfc1035.c:1555)
[2021-08-13 08:13:25.944 973345M] Skipping detection of external blocking IP for ID 5 as query is PTR

DNS resolution is working fine, always has, its just purely the webpage not showing the name over the client IP.

However, i just tried to use group management > clients to add a direct name for my PC and i got the following error

Bucking_Horn · August 12, 2021, 8:48pm

darkvirus:

[2021-08-13 08:13:20.288 973345/T973351] Trying to resolve 192.168.100.53
[2021-08-13 08:13:20.288 973345/T973351] Setting nameservers to:
[2021-08-13 08:13:20.288 973345/T973351]      0: 127.0.0.1:53 (IPv4)

Is Pi-hole listening on 127.0.0.1:53?

What's the output of

sudo ss -tulpn | grep "Netid\|:53"

darkvirus · August 12, 2021, 9:25pm

ss -tulpn | grep "Netid\|:53"
Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
udp   UNCONN 0      0            0.0.0.0:53         0.0.0.0:*    users:(("pihole-FTL",pid=973345,fd=6))
udp   UNCONN 0      0            0.0.0.0:5355       0.0.0.0:*    users:(("systemd-resolve",pid=699,fd=11))
udp   UNCONN 0      0               [::]:53            [::]:*    users:(("pihole-FTL",pid=973345,fd=8))
udp   UNCONN 0      0               [::]:5355          [::]:*    users:(("systemd-resolve",pid=699,fd=13))
tcp   LISTEN 0      4096         0.0.0.0:5355       0.0.0.0:*    users:(("systemd-resolve",pid=699,fd=12))
tcp   LISTEN 0      32           0.0.0.0:53         0.0.0.0:*    users:(("pihole-FTL",pid=973345,fd=7))
tcp   LISTEN 0      4096            [::]:5355          [::]:*    users:(("systemd-resolve",pid=699,fd=14))
tcp   LISTEN 0      32              [::]:53            [::]:*    users:(("pihole-FTL",pid=973345,fd=9))

DL6ER · August 13, 2021, 9:46am

Okay, so this is indeed interesting.

Pi-hole is querying 127.0.0.1:53 for the hostname:

darkvirus:

[2021-08-13 08:13:20.288 973345/T973351] Trying to resolve 192.168.100.53
[2021-08-13 08:13:20.288 973345/T973351] Setting nameservers to:
[2021-08-13 08:13:20.288 973345/T973351]      0: 127.0.0.1:53 (IPv4)

but it does not receive an answer here, hence it tries again to use the default nameserver some 30 milliseconds later:

darkvirus:

[2021-08-13 08:13:20.320 973345/T973351] Setting nameservers back to default:
[2021-08-13 08:13:20.320 973345/T973351]      0: 8.8.8.8:53 (IPv4)
[2021-08-13 08:13:20.352 973345/T973351]  ---> "" (N/A)
[2021-08-13 08:13:20.353 973345/T973351]  ---> not found

This is not what should be happening here, because FTL should see its own query, like (from my own system after a restart):

[2021-08-13 11:42:24.035 779657/T779663] Trying to resolve 192.168.4.1
[2021-08-13 11:42:24.035 779657/T779663] Setting nameservers to:
[2021-08-13 11:42:24.035 779657/T779663]      0: 127.0.0.1:53 (IPv4)
[2021-08-13 11:42:24.035 779657M] **** new UDP IPv4 query[PTR] query "1.4.168.192.in-addr.arpa" from lo:127.0.0.1#51483 (ID 30, FTL 29476, src/dnsmasq/forward.c:1560)
[2021-08-13 11:42:24.035 779657M] 1.4.168.192.in-addr.arpa is not known
[2021-08-13 11:42:24.035 779657M] **** got cache reply: 1.4.168.192.in-addr.arpa is  (ID 30, src/dnsmasq/rfc1035.c:1569)
[2021-08-13 11:42:24.035 779657M] Set reply to RRNAME (6) in /home/dominik/FTL/src/dnsmasq_interface.c:1663
[2021-08-13 11:42:24.035 779657/T779663]  ---> "pi.hole" (found internally)
[2021-08-13 11:42:24.035 779657/T779663] Setting nameservers back to default:
[2021-08-13 11:42:24.035 779657/T779663]      0: 127.0.0.1:53 (IPv4)
[2021-08-13 11:42:24.035 779657/T779663] Client 192.168.4.1 -> "pi.hole" is new

As you showed, resolving as such works on your system but it doesn't seem to work when needed here.

Are you using the current official release or are did you join the beta testing of the next release?

darkvirus · August 13, 2021, 10:17pm

stock standard release, current version.

So i assume this is the core of my issue, on startup it checks the dhcp clients against itself, and the query doesn't actually make it to FTL by the looks, it then records in its database the names to be used by the webclient.

I just ran this test, nslookup 192.168.100.53 from the server itself.

Both the localhost and ipv4 address resolve the name, but obviously google dns doesnt.

Not sure why this doesnt occur on startup

DL6ER · August 14, 2021, 8:54am

Hmm, strange. FTL should try to re-resolve hostnames on every full hour. Does this happen for you as well and - even more interestingly - does it fail to get the answer here again?

darkvirus · August 15, 2021, 10:39pm

1AM

[2021-08-15 01:00:00.928 1237/T1243] Trying to resolve 192.168.100.40
[2021-08-15 01:00:00.928 1237/T1243] Setting nameservers to:
[2021-08-15 01:00:00.928 1237/T1243] 0: 127.0.0.1:53 (IPv4)
[2021-08-15 01:00:00.959 1237/T1243] Setting nameservers back to default:
[2021-08-15 01:00:00.959 1237/T1243] 0: 8.8.8.8:53 (IPv4)
[2021-08-15 01:00:00.993 1237/T1243] ---> "" (N/A)
[2021-08-15 01:00:00.993 1237/T1243] ---> not found
[2021-08-15 01:00:00.994 1237/T1243] Client 192.168.100.40 -> "" is new

2AM

[2021-08-15 02:00:00.238 1237/T1243] Trying to resolve 192.168.100.40
[2021-08-15 02:00:00.238 1237/T1243] Setting nameservers to:
[2021-08-15 02:00:00.238 1237/T1243] 0: 127.0.0.1:53 (IPv4)
[2021-08-15 02:00:00.271 1237/T1243] Setting nameservers back to default:
[2021-08-15 02:00:00.271 1237/T1243] 0: 8.8.8.8:53 (IPv4)
[2021-08-15 02:00:00.303 1237/T1243] ---> "" (N/A)
[2021-08-15 02:00:00.304 1237/T1243] ---> not found
[2021-08-15 02:00:00.304 1237/T1243] Client 192.168.100.40 -> "" is new

But as expected

[root@DarkServer log]# nslookup 192.168.100.40 192.168.100.6
40.100.168.192.in-addr.arpa name = Evans-iPad.dv.local.

[root@DarkServer log]# nslookup 192.168.100.40 127.0.0.1
40.100.168.192.in-addr.arpa name = Evans-iPad.dv.local.

Bucking_Horn · August 16, 2021, 6:20pm

It almost seems as if there would be another DNS server snatching those requests to the loopback address before Pi-hole sees them.

Your ss output suggests you are running systemd's stub resolver alongside Pi-hole on a different port (5355).

What's the intention of having that running in addition to Pi-hole?

And even though it is reported as listening on a different port:
Could you try to verify if it would be involved by trying to stop and disable systemd-resolve?

darkvirus · August 16, 2021, 8:47pm

You win the prize.

So, it looks like even though pihole takes over the localhost resolver on port 53 on startup, it either takes long enough that the other resolver still responds, or it processes the dhcp devices before it takes over ownership of that port.

But it is all working now, thank you for the ongoing help instead of giving up.

DL6ER · August 17, 2021, 12:32pm

This can safely be ruled out as we see in your logs that it "gives up" after only 30 msec.

What you found is really puzzling. I don't see how a query to 127.0.0.1:53 can end up somewhere else. I (and many more) run unbound on the same machine on 127.0.0.1:5353 and we never had any report about something similar.

darkvirus · August 17, 2021, 8:51pm

I reinstalled fedora from scratch in december, installed pihole standard, the only deviation is that i dont use light httpd, but the files that are placed in the web directory i have a config for in httpd.conf.

There is one additional change that gets made with apache, and that is the sudoers file has an entry for lighthttpd user to control pihole, i change that to apache.

Other than that, the system is pretty default.