;; ANSWER SECTION:
pi-hole.net. 177 IN A 206.189.252.21
Obviously that works.
;; ANSWER SECTION:
pi-hole.net. 177 IN A 206.189.252.21
Obviously that works.
Somewhere along this thread, I've lost track of the problem. The local dig working and external IP dig not working was a problem on the Pi (from the Pi terminal), a client, or both?
Please post the exact commands you are running from both the Pi terminal and client, along with the complete output of the commands.
I've installed a raspberry pi with arch linux. The ip address is 192.168.0.170
I've installed pihole with pihole-FTL.
ON THE PIHOLE:
dig @localhost google.com
;; ANSWER SECTION:
google.com. 261 IN A 216.58.207.206
dig @localhost s.amazon-adsystem.com
;; ANSWER SECTION:
s.amazon-adsystem.com. 2 IN A 0.0.0.0
Good. Pi hole works!
Now ON THE PIHOLE AGAIN:
dig @192.168.0.170 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
ON A CLIENT:
dig @192.168.0.170 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Pi hole works, but something is blocking dns requests towards the pihole. Probably some firewall issue?
tail /etc/resov.conf:
nameserver 127.0.0.1
I assume the Pi is visible on your network at the 170 IP? Are you using ssh to the Pi via port 22, or do you control the Pi via a keyboard and mouse and monitor?
Also, please generate a Pi-Hole debug log, upload it when prompted and post the token here.
Yes, I can ssh to 192.168.0.170. That's the way I use my pi.
Can't post a debug log because I'm using arch.
Pi-hole debug options are disabled.
ArchLinux distribution of Pi-hole is not supported by official project and this debug report CAN NOT be uploaded to their debug team.
Follow instructions carefully on the project wiki page (Pi-hole - ArchWiki) and please refer to AUR package web page for support and debugging (AUR (en) - pi-hole-server).
Apologies - I see you posted Arch in an earlier reply. Since Arch isn't a supported platform and we can't get a debug log, I don't think we'll be able to help much. I would head over to the Arch Pi-Hole site and see what they can offer.
It does appear that something is blocking port 53 traffic to the Pi.
Ok, so iptables was empty.
I've executed these commannds:
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
It still doesn't work.
Now it looks like this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Seems a bit weird. I don't see the ports mentioned.
Ok, it is not a firewall.
nc -zvw3 192.168.0.170 53
pi.hole [192.168.0.170] 53 (domain) open
-> port is open
Edit:
telnet 192.168.0.170 53
Trying 192.168.0.170...
Connected to 192.168.0.170.
Escape character is '^]'.
Connection closed by foreign host.
This is correct behavior I guess?
dehakkelaar@laptop:~$ dig +short @10.0.0.2 chaos txt version.bind
"dnsmasq-pi-hole-2.80"
dehakkelaar@laptop:~$ dig +short +tcp @10.0.0.2 chaos txt version.bind
"dnsmasq-pi-hole-2.80"
dehakkelaar@laptop:~$ dig +short +notcp @10.0.0.2 chaos txt version.bind
"dnsmasq-pi-hole-2.80"
dehakkelaar@laptop:~$ nc -zvw3 10.0.0.2 53
Connection to 10.0.0.2 53 port [tcp/domain] succeeded!
dehakkelaar@laptop:~$ telnet 10.0.0.2 53
Trying 10.0.0.2...
Connected to 10.0.0.2.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
Check if interface configured for Pi-hole is the same as the one holding IP 192.168.0.170:
grep PIHOLE_INTERFACE /etc/pihole/setupVars.conf
ip a
Could be rebind protection:
If suspect rebind protection and cant find any settings related in the router settings, you could connect a PC/laptop configured with static IP directly to the Pi-hole box (no router/switch inbetween) to see if replies to dig/nslook/host etc.
dig +short +tcp @192.168.0.170 chaos txt version.bind "dnsmasq-pi-hole-2.80"
;; communications error to 192.168.0.170#53: end of file
;; communications error to 192.168.0.170#53: end of file
;; communications error to 192.168.0.170#53: end of file
;; communications error to 192.168.0.170#53: end of file
grep PIHOLE_INTERFACE /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=tun0
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether b9:23:ec:de:c3:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.170/24 brd 192.168.0.255 scope global dynamic eth0
valid_lft 2142sec preferred_lft 2142sec
inet 192.168.0.171/24 brd 192.168.0.255 scope global secondary noprefixroute eth0
valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether d2:4e:4f:35:8d:e4 brd ff:ff:ff:ff:ff:ff
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet x.x.x.x/24 brd x.x.x.x scope global noprefixroute tun0
valid_lft forever preferred_lft forever
The x.x.x.x is replacing a real ip.
Try change below Pi-hole DNS setting:
Lol, I only have CLI.
Edit: You mean in the pi hole admin settings.
THANKS. IT WORKS. YOU ARE MY HERO!
You can change with cli ... hold on
I was too fast. Problem solved!
Thanks again!
How ? For posterity
Well, in pi hole admin panel:
Settings > DNS
There you see the same as in the screenshot of de Hakkelaar.
Select Listen on all interfaces, permit all origins and click the save button.
I thought you'd done it via shell
Its possible but I would have to search and am too lazy atm
EDIT: Probably below directive:
pi@noads:~ $ grep DNSMASQ_LISTENING /etc/pihole/setupVars.conf
DNSMASQ_LISTENING=all
Would have to run Pi-hole repair afterwards to propagate:
pihole -r
Lol. There are much more settings on the admin panel than I thought. Probs to the devs.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.