Local DNS Records not being added to /etc/pihole/custom.list

awoolford · October 8, 2022, 3:15pm

Expected Behaviour:

Pi-hole v5.12.2 FTL Version: 5.18.1, Web Interface v5.15.1

Adding a local record to the pihole Local DNS Records page results in a green notification:
Custom DNS added
rasp.ap: 10.3.141.1

It is expected that the local machine and any clients connected to it will resolve the custom domain to the IP address added.

Actual Behaviour:

No custom DNS record is added to /etc/pihole/custom.list and the domain does not resolve with nslookup on the machine.

I have also added the rasp.ap domain to the /etc/hosts file after which, the domain will resolve on the console of the machine running pihole, but clients using pihole as the DNS server cannot resolve the local domain.

The pihole log shows:

Oct  8 12:15:18 dnsmasq[803]: query[A] rasp.ap from 192.168.4.101
Oct  8 12:15:18 dnsmasq[803]: forwarded rasp.ap to 1.1.1.1

Which indicates that local resolution is not taking place.

The lighttpd error-pihole.log contains the following error:

2022-10-08 12:16:30: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning: Executing sudo pihole -a addcustomdns 10.3.141.1 rasp.ap failed. in /var/www/html/admin/scripts/pi-hole/php/func.php on line 154

There is no further information on the cause of the failure.

The user:group for /var/www/html/admin/scripts/pi-hole/php/func.php (and for all parent directories) is root:root and permissions for that particular file is 644 which should be readable by everyone.

The function where the error occurs on line 154 is:

github.com/pi-hole/web

scripts/pi-hole/php/func.php

b110eccce


      
          * @param $argument_string String of arguments to run pihole with
          */
          function pihole_execute($argument_string)
          {
             $escaped = escapeshellcmd($argument_string);
             $output = null;
             $return_status = -1;
             $command = 'sudo pihole '.$escaped;
             exec($command, $output, $return_status);
             if ($return_status !== 0) {
                 trigger_error("Executing {$command} failed.", E_USER_WARNING);
             }
          
             return $output;
          }
          
          // Custom DNS
          $customDNSFile = '/etc/pihole/custom.list';
          
          function echoCustomDNSEntries()
          {

/**
 * More safely execute a command with pihole shell script.
 *
 * For example,
 *
 *   pihole_execute("-h");
 *
 * would execute command
 *
 *   sudo pihole -h
 *
 * and returns output of that command as a string.
 *
 * @param $argument_string String of arguments to run pihole with
 */
function pihole_execute($argument_string)
{
    $escaped = escapeshellcmd($argument_string);
    $output = null;
    $return_status = -1;
    $command = 'sudo pihole '.$escaped;
    exec($command, $output, $return_status);
    if ($return_status !== 0) {
        trigger_error("Executing {$command} failed.", E_USER_WARNING); // Line 154
    }

    return $output;
}

However, running the command as root from the console successfully adds the record as follows:

root@raspbx:/etc/pihole# pihole -a addcustomdns 10.3.141.1 rasp.ap
  [✓] Adding custom DNS entry...
  [✓] Restarting DNS server

Therefore the command appears to work when executed from the console as root, but not from php when invoked as sudo.

I have tried adding pihole and the lighttpd user (default is www-data) to the sudo group, but with no success. For now, the console command is a workaround for Local DNS, but this function pihole_execute() will fail every time it is invoked.

I would be grateful for any suggestions as to why sudo does not work?

jfb · October 8, 2022, 3:41pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

awoolford · October 8, 2022, 4:10pm

Thanks for your quick response.

The console command to upload the debug log works, but the GUI does nothing other than to deactivate the button after it is clicked. Maybe that is caused by the same issue with the pihole_execute() function.

Here is the link. Debug Log

jfb · October 8, 2022, 4:24pm

I am not able to duplicate the problem. I added that domain and IP successfully through the admin web GUI.

But, we'll figure out why your instance isn't working.

awoolford · October 8, 2022, 4:26pm

I did add it using the console command pihole -a addcustomdns 10.3.141.1 but it fails when executed as sudo via the php script. So I think the php user does not have sudo privileges, but I was unable to resolve that.

jfb · October 8, 2022, 4:42pm

Where is this Pi-hole instance hosted? On a local device, or on a cloud based device?

awoolford · October 8, 2022, 4:50pm

Here's a thing...

Trying to add a local domain in the console with the asterisk user (which is running lighttpd in my instance) fails because it is asking for the asterisk user password. This leads me to the solution...

sudo -u asterisk pihole -a addcustomdns 192.168.4.143 access.point

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for asterisk:

The solution is found in /etc/sudoers.d/pihole which must be commented / changed to:

# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Allows the WebUI to use Pi-hole commands
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
#
# www-data ALL=NOPASSWD: /usr/local/bin/pihole
asterisk ALL=NOPASSWD: /usr/local/bin/pihole

(note there is one blank line at the end)
...where 'asterisk' is the name of the user that lighttpd is running as.

jfb · October 8, 2022, 4:52pm

Looking into your debug log, you have other file access errors, perhaps related to the same user change.

-rw-r--r-- 1 asterisk asterisk 55K Oct  8 16:04 /var/log/lighttpd/error-pihole.log
   -----head of error-pihole.log------
   2022-10-02 00:00:01: (server.c.1759) logfiles cycled UID = 0 PID = 25374 
   2022-10-02 09:53:09: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  fopen(/var/log/pihole/pihole.log): failed to open stream: Permission denied in /var/www/html/admin/scripts/pi-hole/php/tailLog.php on line 36
   2022-10-02 09:53:09: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning:  fopen(/var/log/pihole/pihole.log): failed to open stream: Permission denied in /var/www/html/admin/scripts/pi-hole/php/tailLog.php on line 36

github.com/pi-hole/web

scripts/pi-hole/php/tailLog.php

b110eccce


      
          
              return $txt;
          }
          
          // Not using SplFileObject here, since direct
          // usage of f-streams will be much faster for
          // files as large as the pihole.log
          if (isset($_GET['FTL'])) {
              $file = fopen('/var/log/pihole/FTL.log', 'r');
          } else {
              $file = fopen('/var/log/pihole/pihole.log', 'r');
          }
          
          if (!$file) {
              exit(json_encode(array('offset' => 0, 'lines' => array("Failed to open log file. Check permissions!\n"))));
          }
          
          if (isset($_GET['offset'])) {
              $offset = intval($_GET['offset']);
              if ($offset > 0) {
                  // Seeks on the file pointer where we want to continue reading is known

 -----tail of error-pihole.log------
   2022-10-08 14:04:34: (gw_backend.c.507) bind failed for: unix:/var/run/lighttpd/php.socket-0 Permission denied 
   2022-10-08 14:04:34: (gw_backend.c.1510) [ERROR]: spawning gw failed. 
   2022-10-08 14:04:34: (server.c.1472) Configuration of plugins failed. Going down. 
   2022-10-08 14:04:35: (server.c.1464) server started (lighttpd/1.4.53) 
   2022-10-08 14:04:35: (gw_backend.c.476) unlink /var/run/lighttpd/php.socket-0 after connect failed: Permission denied 
   2022-10-08 14:04:35: (gw_backend.c.507) bind failed for: unix:/var/run/lighttpd/php.socket-0 Permission denied

awoolford · October 8, 2022, 5:16pm

Yes indeed. Those errors were fixed by changing the permissions of the log and run folders as described here: HTML Permissions - #12 by awoolford

I can confirm that the change to the sudoers file has now fixed the GUI, (although the console command still asks for a password but that's a bash issue I suspect).

Many thanks for your help.

system · October 29, 2022, 5:17pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.