Issues with Pihole and DNSCrypt

Not knowing the pihole software well, I'm at a loss with this one.

Hardware: Raspberry Pi Zero W
OS: Latest (2017-04-10) Raspbian Jessie Lite.
Steps taken:

• sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
• Install DNSCrypt

sudo apt-get install build-essential tcpdump dnsutils libsodium-dev locate bash-completion libsystemd-dev pkg-config
mkdir -p dnsproxy
cd dnsproxy
wget https://download.dnscrypt.org/dnscrypt-proxy/LATEST.tar.bz2
tar -xf LATEST.tar.bz2
cd dnscrypt-proxy-1.9.5
sudo ldconfig
./configure --with-systemd
make
sudo make install

• sudo useradd -r -d /var/dnscrypt -m -s /usr/sbin/nologin dnscrypt-proxy
• edit dnscrypt-proxy.conf to select resolver and set up options.
• copy dnscrypt-proxy.conf to /usr/local/etc/dnscrypt-proxy.conf
• edit dnscrypt-proxy.socket to set proxy on 127.10.10.1
• copy dnscrypt-proxy.service and dnscrypt-proxy.socket to /lib/systemd/system/
• systemctl enable dnscrypt-proxy.service
• edit /etc/resolv.conf and /etc/dhcpcd.conf to point to 127.10.10.1
• reboot
• test DNSCrypt with nslookup pihole.net

nslookup pi-hole.net
Server: 127.10.10.1
Address: 127.10.10.1#53
Non-authoritative answer:
Name: pi-hole.net
Address: 104.24.109.83
Name: pi-hole.net
Address: 104.24.108.83

• install pihole

curl -sSL https://install.pi-hole.net | bash
Set up on eth0
Custom, 127.10.10.1
IP address: 192.168.1.51/16 │
Gateway: 192.168.1.1
Web Admin interface on
Log queries on

• fix issue 1: 403 on admin gui page with systemctl start lighthttpd
• fix issue 2: Pi-hole FTL no running with systemctl start pihole-FTL.service
• fix issue 3: Either no password displayed or didn't see it during install.
• Set DNS on PC to 192.168.1.50 and 192.168.1.51 (both identical raspberry pis set up in the same way as above)
• Test... Failed. No DNS server available.
• reboot both pi
• test again, still failed with no DNS server available...

Debug tokens: 53z7vmkhyq and n2myn6jely
Debug log pi1: https://pastebin.com/GVpyCVE0
Debug log pi2: https://pastebin.com/CYLBAatp

Incomplete setup as per Wiki:

See here: https://www.reddit.com/r/pihole/comments/6cs0tk/issues_setting_up_pihole_with_dnscrypt/dhx3dl4/

Dont run "sudo apt-get dist-upgrade" !
You almost never have to run this one.
It will break more instead of fixing things.

The dsnmasq.conf file specifically said it was auto generated and edits would be lost on upgrade. From what I can tell this just sets a custom nameserver into pihole - something I did manually during setup. I think in part it is because of the non standard port used in the wiki article. I'm using port 53, the typical dns port.

I will however try these edits when I get home this evening and report back.

As for dist-upgrade, I only do this on a fresh install - that way I don't break anything Incase it wasn't clear, these are brand new rasberrypi installations I'm working with.

For the record, I did temporarily try with pihole set to google's servers (shudder!) and still had the same problems of not resolving.

Got my answer from a helpful reddit user in the end!

Apparently it won't work with DNSCrypt-proxy set up on port 53. There was me trying to be clever and all! Works great on random port numbers with the dnsmasq config edits listed in the guide.

This seriously doesn't make sense to me though! Ah well, I now have two Pi Zeros sitting by my router handling and filtering all DNS requests on my network I'm a happy man!

It wouldn't work on port 53 because Dnsmasq also needs that port.

That would make perfect sense then. Could this information be added to the wiki article to prevent others having the same problem with trying to be clever like me?

I think this is mentioned:

change the IP from 127.0.0.1:53 to anything from 127.0.0.2 to 127.255.255.254: You could as well just change the port (127.0.0.1:53 is used by dnsmasq),