Lost Connection to API FTL not starting

microm3gaas · January 10, 2020, 11:17pm

Please follow the below template, it will help us to help you!

I have had pihole up for several months with no issue, Router lost power( power cord was disconnected) and since that time I receive the message that I was unable to see FLT online and noticed the message lost connection to API

sudo service pihole-FTL status

pi@raspberrypi:~ $ sudo service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
Active: active (exited) since Fri 2020-01-10 15:00:34 CST; 2h 13min ago
Docs: man:systemd-sysv-generator(8)
Process: 396 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/pihole-FTL.service

Jan 10 15:00:27 raspberrypi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 10 15:00:28 raspberrypi pihole-FTL[396]: Not running
Jan 10 15:00:34 raspberrypi su[1024]: Successful su for pihole by root
Jan 10 15:00:34 raspberrypi su[1024]: + ??? root:pihole
Jan 10 15:00:34 raspberrypi su[1024]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 10 15:00:34 raspberrypi pihole-FTL[396]: dnsmasq: failed to create listening socket for port 53: Address already in use
Jan 10 15:00:34 raspberrypi systemd[1]: Started LSB: pihole-FTL daemon.

I noticed the entry regarding Port 53, and suspect this is the issue.

This is the results from lsof. I saw a few threads where named was bound to port 53.

I'm confused by the following, I'm not sure what this indicates. I thought this means that there is just a service listening on port 53. Could someone clear this up for me? I did attempt to kill that PID but that did not have much affect.

pi@raspberrypi:~ $ sudo lsof -i :53
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
unbound 615 unbound 3u IPv6 12829 0t0 UDP localhost:domain
unbound 615 unbound 4u IPv6 12830 0t0 TCP localhost:domain (LISTEN)
unbound 615 unbound 5u IPv4 12831 0t0 UDP localhost:domain
unbound 615 unbound 6u IPv4 12832 0t0 TCP localhost:domain (LISTEN)

I have searched through the various, similar threads attempting to utilize the suggestions there but have not been able to get any headway

Expected Behaviour:

on the web interface dashboard I expect to see graphs indicating blocked Adds

Actual Behaviour:

I see spinning arrows instead of graphs and “lost connection to api” at the top of the page.

Debug Token:

0hf09z3hjt

RamSet · January 10, 2020, 11:45pm

Your instance of pihole-FTL cannot (indeed) start because something is using port 53 (mandatory for pihole-FTL in order to function properly).

What does this command return: sudo lsof -i :53 +c 0 | awk 'FNR==2{ print $1 }'

(You do seem to run Unbound but I don't know if you installed that, as it's not used/paired with Pi-hole)

microm3gaas · January 10, 2020, 11:57pm

lsof -i :53 +c 0 | awk 'FNR==2{ print $1 }'

Blockquote pi@raspberrypi:~ $ sudo lsof -i :53 +c 0 | awk 'FNR==2{ print $1 }'
unbound

so I see now it is unbound. I saw that earlier but wasn't clicking. Should I follow this guide to configure unbound to use 5353?

https://docs.pi-hole.net/guides/unbound/

I believe it was installed with Raspibian, but I don't specificalyl recall configuring that. It's not something that I believe I need.

RamSet · January 11, 2020, 12:03am

It's not a default package that comes with Raspbian. That most likely was installed by something else (as a dependency?).

There might be something else that might have declared it as a dependency at install (Maybe Exim4?).
It is safe to remove as at its core, it does the same thing as Pi-hole does.

It does have its uses and applications (as Unbound and Pi-hole are two different things) , but at its core, it's a DNS resolver.

I would disable/mask OR remove it, and then restart Pi-hole.

If you want to go the Unbound route, you can install it, configure it as specified in the guide, and pair it with Pi-hole.

microm3gaas · January 11, 2020, 12:06am

Awesome, that gives me direction and I have it disabled now and See Pi-hole functioning. Thank you very much for your input!

I'll sort out what I am going to do with Unbound.

Tesserax · January 11, 2020, 9:46pm

If you wish to use unbound, then yes, you should set its port to use port 5353. Unbound is used as a local recursive DNS server and is designed to "replace" any upstream server, like Google or OpenDNS (which are also recursive servers) for this purpose. The idea is that this local server will contact root servers directly for additional security reasons.

Without unbound enabled, a DNS request would go something like the following: Pi-hole > Google DNS > root DNS > Pi-hole

With it enabled: Pi-hole > unbound > root DNS > Pi-hole

The key is: Do you trust your upstream recursive servers to not track your DNS requests?

microm3gaas · January 15, 2020, 2:15am

That helps, thanks!

jfb · January 15, 2020, 3:38am

It is more a privacy issue than a security issue.

Tesserax · January 15, 2020, 3:51am

Ah, yes. Thanks for the correction.

system · February 5, 2020, 3:51am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.