misc.etc_dnsmasq_d change in server=?

Help
1

Did something changed in the way dnsmasq is handeling lookups with server=?

docker exec -it pihole bash
pihole:/# pihole -v
Core version is v6.0.6 (Latest: v6.0.6)
Web version is v6.1 (Latest: v6.1)
FTL version is v6.1 (Latest: v6.1)

etc-dnsmasq.d/02-locallan.conf
server=/lan/10.0.0.53

$ host test.network.lan
test.network.lan has address 10.0.0.10

docker exec -it pihole bash
pihole:/# pihole -v
Core version is v6.1 (Latest: v6.1)
Web version is cc1cc28 (Latest: v6.2.1)
FTL version is v6.2 (Latest: v6.2)

etc-dnsmasq.d/02-locallan.conf
server=/lan/10.0.0.53

$ host test.network.lan
Host test.network.lan not found: 3(NXDOMAIN)

etc-dnsmasq.d/02-locallan.conf
server=/vpn.lan/10.0.0.53
server=/network.lan/10.0.0.53

$ host test.network.lan
test.network.lan has address 10.0.0.10

Debug log has been uploaded.
https://tricorder.pi-hole.net/m7Xzn7tW/

1 Like
2

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or if you run your Pi-hole as a Docker container:

docker exec -it <pihole-container-name-or-id> pihole -d

where you substitute <pihole-container-name-or-id> as required.

3

Same issue here. Can't really generate a debug log when updating to 6.2 breaks so many things. Need to stick with 6.1 for now.

4

This will temporarily reset the nameserver on the Pi to bypass Pi-Hole DNS.

sudo nano /etc/resolv.conf

Edit the nameserver line to nameserver 9.9.9.9 or your preferred third party DNS service, save and exit

Run

pihole -d

and upload the debug log.

5

The domains "lan." and "vpn.lan." are two entirely different domains just like "net." and "pi-hole.net." are.
Not sure what you expect?

$ man dnsmasq
[..]
       -S,               --local,               --server=[/[<domain>]/[do‐
       main/]][<server>[#<port>]][@<interface>][@<source-ip>[#<port>]]
[..]
              More specific domains take precedence over less specific do‐
              mains,           so:            --server=/google.com/1.2.3.4
              --server=/www.google.com/2.3.4.5   will   send  queries  for
              google.com   and   gmail.google.com    to    1.2.3.4,    but
              www.google.com will go to 2.3.4.5
6

The --server=/lan/1.2.3.4 has always worked for all subdomains AFAIK..
But besides that, when .lan is configured in my config it still doesn't work.

server=/lan/10.0.0.53

Core version is v6.1 (Latest: v6.1)
Web version is cc1cc28 (Latest: v6.2.1)
FTL version is v6.2 (Latest: v6.2)

host test.lan 10.61.4.1

Using domain server:
Name: 10.61.4.1
Address: 10.61.4.1#53
Aliases:

Host test.lan not found: 3(NXDOMAIN)

server=/lan/10.0.0.53

Core version is v6.0.6 (Latest: v6.1)
Web version is v6.1 (Latest: v6.2.1)
FTL version is v6.1 (Latest: v6.2)

host test.lan 10.0.2.211
Using domain server:
Name: 10.0.2.211
Address: 10.0.2.211#53
Aliases:

test.lan has address 10.0.0.10

7

Tail the logs to get more insight when performing those queries:

sudo pihole tail

Or if running in Docker:

sudo docker exec -it <CONTAINER_NAME> pihole tail

Plus below if want a dev/mod to have a look:

8

As mentoined in another topic i already uploaded a debug log..

Im not able to do a pihole tail in the new version:

/var/log/pihole/pihole.log: (new version)
Jun 1 21:54:03 dnsmasq[50]: query pi.hole from 127.0.0.1
Jun 1 21:54:03 dnsmasq[50]: Pi-hole hostname pi.hole is 127.0.0.1
Jun 1 21:54:05 dnsmasq[50]: query test.lan from 10.0.3.7
Jun 1 21:54:05 dnsmasq[50]: config test.lan is NXDOMAIN
Jun 1 21:54:33 dnsmasq[50]: query pi.hole from 127.0.0.1

tail in previous version:

Jun 1 22:24:53: query[A] test.lan from 10.0.3.7
Jun 1 22:24:53: forwarded test.lan to 10.0.0.53
Jun 1 22:24:53: reply test.lan is 10.0.0.10
Jun 1 22:24:53: query[AAAA] test.lan from 10.0.3.7
Jun 1 22:24:53: forwarded test.lan to 10.0.0.53
Jun 1 22:24:53: reply test.lan is NODATA-IPv6
Jun 1 22:24:53: query[MX] test.lan from 10.0.3.7
Jun 1 22:24:53: forwarded test.lan to 10.0.0.53
Jun 1 22:24:53: reply test.lan is NODATA

9

This looks similar to what I saw too with FTL 6.2.

10

For historical reasons, the pattern /.google.com/ is equivalent to /google.com/ if you wish to match any subdomain of google.com but NOT google.com itself, use /*.google.com/

server=/lan/10.0.0.53
server=/*.lan/10.0.0.53

host test.lan 10.0.2.212
Using domain server:
Name: 10.0.2.212
Address: 10.0.2.212#53
Aliases:

test.lan has address 10.0.0.10

host unifi.vpn.lan 10.0.2.212
Using domain server:
Name: 10.0.2.212
Address: 10.0.2.212#53
Aliases:

unifi.vpn.lan has address 10.50.0.22

Using server=/lan/10.0.0.53 as only option test.lan stops working (and all subdomains)
Adding server=/*.lan/10.0.0.53 and everything works.. :thinking:
Removing server=/lan/10.0.0.53 and everything works, even .lan addresses.
:face_with_spiral_eyes:

11

So i did some testing:

10.61.100.1:
server=/lan/10.62.100.1

host test.lan 10.61.100.1
Using domain server:
Name: 10.61.100.1
Address: 10.61.100.1#53
Aliases:

Host test.lan not found: 3(NXDOMAIN)

10.61.100.1:
server=/home/10.62.100.1

host test.home 10.61.100.1
Using domain server:
Name: 10.61.100.1
Address: 10.61.100.1#53
Aliases:

test.home has address 10.0.0.10

I changed my dns-server for lan to an additional dnsmasq (10.62.100.1) container with .lan and .home. (host-record=test.home,10.0.0.10) (host-record=test.lan,10.0.0.10)
It looks like there's something wrong with resolving if .lan is involved.
Again server=/*.lan/10.62.100.1 has solved the issue, but according to the man page of dnsmasq server=/lan/10.62.100.1 should work. But it doesn't.

12

That's very odd, must be a bug somewhere since, as you say, we shouldn't have to deviate from what the man page says to do.

Does that mean for a subdomain, e.g. "iot.lan", it might work with "server=/*.iot.lan/x.y.z.n"?

13

I wonder if below has anything to do with your observations:

$ sudo cat /etc/pihole/dnsmasq.conf
[..]
# Never forward A or AAAA queries for plain names, without
# dots or domain parts, to upstream nameservers. If the name
# is not known from /etc/hosts or DHCP, NXDOMAIN is returned
local=//

$ man dnsmasq
[..]
       -S,              --local,               --server=[/[<domain>]/[do‐
       main/]][<server>[#<port>]][@<interface>][@<source-ip>[#<port>]]
[..]
              Also  permitted is a -S flag which gives a domain but no IP
              address; this tells dnsmasq that a domain is local  and  it
              may answer queries from /etc/hosts or DHCP but should never
              forward queries on that domain  to  any  upstream  servers.
              --local  is  a  synonym  for --server to make configuration
              files clearer in this case.

It didnt exist in the previous v5:

$ rgrep local= /etc/dnsmasq.*
$
14

It will definitely work with

server=*.lan/x.y.z.n"

But i think it's better to wait if one of the developers has marked this as a bug?

15

I tried that the other day but it still didn't work.

16

This issue is very odd. I'm going to wait for a reply from a developer on github.

17

See related discussion and my post here etc_dnsmasq_d Config not loading after updating to 6.1 - #18 by DL6ER

We are also already in contact with the maintainers of dnsmasq about this

18

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.