Lost Pi.hole local DNS resolution after adding Unbound

System

  • Raspberry Pi 3
  • Raspberry Pi OS (Legacy, 32bit) Lite

Description

Installed PiHole and PiVPN using the setup scripts. Ran for a couple of days using pi.hole/admin to navigate to the admin console. I added Unbound per the instructions here unbound - Pi-hole documentation

I've also tried adding pi.hole and a couple of other domains to Local DNS -> DNS Records and they don't appear to be working

Expected Behavior

I would expect to be able to still navigate to pi.hole/admin and see the admin console. I can navigate to <pihole_local_ip>/admin and everything is fine. I also would expect to be able to add additional local DNS records to other ips on my LAN

Actual Behaviour:

No local DNS resolution appears to be happening. SSH'd into the Pi

kallick@pihole-wireguard:~ $ nslookup pi.hole
Server:         8.8.8.8 #Google was set as my upstream DNS before activating Unbound
Address:        8.8.8.8#53
** server can't find pi.hole: NXDOMAIN

kallick@pihole-wireguard:~ $ nslookup pi.hole 192.168.100.129 #pihole-wireguard's LAN IP
Server:         192.168.100.129
Address:        192.168.100.129#53
Name:   pi.hole
Address: 192.168.100.129
Name:   pi.hole
Address: fe80::5688:9dbe:1ee6:5f88

kallick@pihole-wireguard:~ $ nslookup flurry.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   flurry.com
Address: 18.136.37.69
Name:   flurry.com
Address: 44.228.206.170
Name:   flurry.com
Address: 54.161.105.65
Name:   flurry.com
Address: 34.213.101.254
Name:   flurry.com
Address: 13.251.69.97
Name:   flurry.com
Address: 13.49.212.207
Name:   flurry.com
Address: 34.225.127.72
Name:   flurry.com
Address: 13.50.184.192

kallick@pihole-wireguard:~ $ curl -i http://pi.hole/admin/api.php
curl: (6) Could not resolve host: pi.hole

Debug Token:

https://tricorder.pi-hole.net/UtpFk9pR/

Run these commands from a different machine on your network (not from the Pi) and post the output:

nslookup pi.hole

nslookup flurry.com

Certainly, thanks for the response

C:\Users\Kallick>nslookup pi.hole
Server:  UnKnown
Address:  10.0.0.243

*** UnKnown can't find pi.hole: Non-existent domain

C:\Users\Kallick>nslookup flurry.com
Server:  UnKnown
Address:  10.0.0.243

Non-authoritative answer:
Name:    flurry.com
Addresses:  13.50.184.192
          13.251.69.97
          34.213.101.254
          44.228.206.170
          18.136.37.69
          13.49.212.207
          34.225.127.72
          54.161.105.65

This is totally unexpected.

This machine is using 10.0.0.243 as DNS server, neither Pi-hole (192.168.100.129), nor the router (192.168.100.1).

Pi-hole and this DNS server are in completely different networks.

Very interesting, and maybe a little concerning. I can give a little more info on my network setup, in case it may be helpful.

I am running a couple of VLANs, but all of the devices being used in this thread are on the same one, which is the default VLAN. No VLANs are using 10 as the first octet. VLAN 2 only has cameras on it, so it doesn't have a DNS server, but VLAN 3 uses an ASUS router in AP mode and also routes to the Pihole for DNS. As far as I understood it, this required an inter-lan firewall rule. I hope I'm not doing anything stupid.

The Windows network interface seems to think the Pihole is the DNS server
image

Oh my goodness. I don't know what the community guidelines are here on this forum or I'd be using a lot of expletives in this response. I was connected to an external VPN via PIA. I didn't realize I jumped on it yesterday :facepalm: I turned it off and the pi.hole resolution works. Another one for user error.

That explains the different networks.


Note about the results from your initial tests:

From your debug log:

-rw-r--r-- 1 root root 19 Feb 20 15:43 /etc/resolv.conf
   nameserver 8.8.8.8

Your Pi is actually using Google (8.8.8.8) as DNS server (not Pi-hole).
Google has no idea what is pi.hole and as a consequence you receive NXDOMAIN.

This is a valid configuration and it's not an issue if you are not using a browser on the Pi (there is no need to block ads on the Pi itself).

1 Like

I actually was just scratching my head about that, since DNS resolution while SSH'd into the Pi was showing 8.8.8.8. Shouldn't it be using the loopback for Unbound, 127.0.0.1#5335? Won't this prevent me from specifying custom local DNS entries?

Thanks so much for the help and responses!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.