My Pihole can't resolv anymore and blocking is offline


#1

My debug token is: fma0uao57d

In the past I updated my Pihole. Then after that Pihole resolv nothing, webpage blocking and block ads won’t work.

dnscrypt-proxy, unbound+dnsmasq works great but only pihole is working anymore.

pihole -g is working to resolv names and download block-lists but:

[✗] Failed to resolve enayahstore.com;1 via Pi-hole (192.168.178.21) 

Also won’t work:

http://pi.hole/admin = This site can’t be reached
pi.hole’s server IP address could not be found.

PLEASE HELP me! Many thanks!

Debug.log of Pihole:

*** [ DIAGNOSING ]: Core version
[i] Core: v3.3.1
[i] Branch: HEAD
[i] Commit: v3.3.1-0-gfbee18e

*** [ DIAGNOSING ]: Web version
[i] Web: v3.3
[i] Branch: master
[i] Commit: v3.3-0-ge48aa29

*** [ DIAGNOSING ]: FTL version
[✓] FTL: v3.0-251-g967588c

*** [ DIAGNOSING ]: dnsmasq version
[i] 2.79

*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.45

*** [ DIAGNOSING ]: php version
[i] 7.2.7

*** [ DIAGNOSING ]: Operating system
[✓] Ubuntu 18.04 LTS

*** [ DIAGNOSING ]: SELinux
[✓] Default SELinux: disabled
/opt/pihole/piholeDebug.sh: line 442: getenforce: command not found
[✓] Current SELinux: 

*** [ DIAGNOSING ]: Processor
[i] x86_64

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the enp4s0 interface:
   192.168.178.21/24 matches the IP found in /etc/pihole/setupVars.conf

[✗] No IPv6 address(es) found on the enp4s0 interface.

[i] Default IPv4 gateway: 192.168.178.1
   * Pinging 192.168.178.1...
[✓] Gateway responded.

*** [ DIAGNOSING ]: Ports in use
[5333] is in use by dnsmasq
[533] is in use by unbound
[80] is in use by lighttpd
[53] is in use by dnsmasq
[9050] is in use by tor
[513] is in use by dnscrypt-
[513] is in use by systemd
[53] is in use by dnsmasq

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] enayahstore.com;1 is  via localhost (127.0.0.1)
[✗] Failed to resolve enayahstore.com;1 via Pi-hole (192.168.178.21)
[✓] doubleclick.com is 172.217.16.78 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Pi-hole processes
[✓] dnsmasq daemon is active
[✓] lighttpd daemon is active
[✓] pihole-FTL daemon is active

*** [ DIAGNOSING ]: Setup variables
    PIHOLE_INTERFACE=enp4s0
    IPV4_ADDRESS=192.168.178.21/24
    IPV6_ADDRESS=
    PIHOLE_DNS_1=
    PIHOLE_DNS_2=
    QUERY_LOGGING=true
    INSTALL_WEB=true
    LIGHTTPD_ENABLED=1

*** [ DIAGNOSING ]: Dashboard and block page
[✗] X-Header does not match or could not be retrieved.
HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 345
Date: Thu, 12 Jul 2018 11:11:21 GMT
Server: lighttpd/1.4.45

[✗] X-Header does not match or could not be retrieved.
HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 345
Date: Thu, 12 Jul 2018 11:11:21 GMT
Server: lighttpd/1.4.45


*** [ DIAGNOSING ]: Gravity list
-rw-r--r-- 1 root root 27397975 Jul 12 13:05 /etc/pihole/gravity.list
   -----head of gravity.list------
   192.168.178.21 -sso.anbtr.com
   192.168.178.21 .doubleclick.com
   192.168.178.21 .doubleclick.net
   192.168.178.21 0-0-0-0-0-0-0-0-0-0-0-0-0-18-0-0-0-0-0-0-0-0-0-0-0-0-0.info

   -----tail of gravity.list------
   192.168.178.21 zzzxxxcc.no-ip.biz
   192.168.178.21 zzzz2233.cn
   192.168.178.21 zzzzz4.52896368.com
   192.168.178.21 ɢoogle.com

*** [ DIAGNOSING ]: contents of /etc/pihole

-rw-r--r-- 1 root root 1198 Jul 12 13:00 /etc/pihole/adlists.list
   https://adblock.mahakala.is
   https://www.dshield.org/feeds/suspiciousdomains_Low.txt
   https://hosts-file.net/ad_servers.txt
   https://hosts-file.net/emd.txt
   https://hosts-file.net/exp.txt
   https://hosts-file.net/grm.txt
   https://hosts-file.net/psh.txt
   https://raw.githubusercontent.com/quidsup/notrack/master/malicious-sites.txt
   https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
   https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.2o7Net/hosts
   https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Risk/hosts
   https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
   https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
   https://raw.githubusercontent.com/vokins/yhosts/master/hosts
   http://winhelp2002.mvps.org/hosts.txt
   http://www.joewein.net/dl/bl/dom-bl-base.txt
   https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
   https://mirror1.malwaredomains.com/files/justdomains
   http://sysctl.org/cameleon/hosts
   https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
   https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
   https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

-rw-r--r-- 1 root root 1954 Jul 12 13:09 /etc/pihole/blacklist.txt
   accounts.google.com
   adwords.google.com
   analytics.google.com
   books.google.com
   calendar.google.com
   chat.google.com
   chrome.google.com
   careers.google.com
   cse.google.com
   clients1.google.com
   clients2.google.com
   clients3.google.com
   clients4.google.com
   clients5.google.com
   cloud.google.com
   accounts.google.com
   adwords.google.com
   analytics.google.com
   books.google.com
   calendar.google.com
   chat.google.com
   chrome.google.com
   careers.google.com
   cse.google.com
   clients1.google.com
   clients2.google.com
   clients3.google.com
   clients4.google.com
   clients5.google.com
   cloud.google.com
   code.google.com
   console.developers.google.com
   domains.google
   enterprise.google.com
   fonts.google.com
   get.google.com
   google.com
   google.com.br
   google.de
   google.nl
   hangouts.google.com
   www.google.com
   www.google.com.br
   www.google.de
   www.google.nl
   google-analytics.com
   googletagservices.com
   groups.google.com
   gsuite.google.com
   google-fonts.azurewebsites.net
   history.google.com
   local.google.com
   mail.google.com
   mail.google.co.uk
   mail.google.de
   mail.google.nl
   maps.google.com
   maps.google.co.uk
   maps.google.de
   maps.google.nl
   meet.google.com
   msftncsi.com
   music.google.com
   myaccount.google.com
   myactivity.google.com
   news.google.com
   ns1.google.com
   ns2.google.com
   ns3.google.com
   ns4.google.com
   passwords.google.com
   patents.google.com
   pay.google.com
   photos.google.com
   play.google.com
   plus.google.com
   policies.google.com
   scholar.google.com
   search.google.com
   sites.google.com
   store.google.com
   support.google.com
   syndication.twitter.com
   tools.google.com
   transparencyreport.google.com
   translate.google.com
   trends.google.com
   twitter.com
   wallet.google.com
   ssl.google-analytics.com
   apps.facebook.com
   connect.facebook.net
   de-de.facebook.com
   facebook.com
   facebook.de
   fbcdn.net
   fbcdn.com
   login.facebook.com
   m.facebook.com
   static.ak.fbcdn.net
   static.ak.connect.facebook.com
   www.connect.facebook.net
   www.facebook.com
   www.facebook.de
   www.fbcdn.com
   www.fbcdn.net
   www.login.facebook.com
   motd.ubuntu.comcode.google.com

-rw-r--r-- 1 root root 42 Jul 12 13:05 /etc/pihole/local.list
   192.168.178.21 pihole
   192.168.178.21 pi.hole

-rw-r--r-- 1 root root 238 Jul 12 03:34 /etc/pihole/logrotate
   /var/log/pihole.log {
   	su root syslog
   	daily
   	copytruncate
   	rotate 5
   	compress
   	delaycompress
   	notifempty
   	nomail
   }
   /var/log/pihole-FTL.log {
   	su root syslog
   	weekly
   	copytruncate
   	rotate 3
   	compress
   	delaycompress
   	notifempty
   	nomail
   }

-rw-r--r-- 1 root root 0 Jul 12 13:03 /etc/pihole/whitelist.txt

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d

-rw-r--r-- 1 root root 677 Jul 12 13:11 /etc/dnsmasq.d/01-pihole.conf
   addn-hosts=/etc/pihole/gravity.list
   addn-hosts=/etc/pihole/black.list
   addn-hosts=/etc/pihole/local.list
   localise-queries
   no-resolv
   no-negcache
   cache-size=10000
   log-queries=extra
   log-facility=/var/log/pihole.log
   local-ttl=2
   log-async
   server=
   server=
   interface=enp4s0

*** [ DIAGNOSING ]: contents of /etc/lighttpd

-rw-r--r-- 1 root root 3027 Jul 12 03:34 /etc/lighttpd/lighttpd.conf
   server.modules = (
   	"mod_access",
   	"mod_accesslog",
   	"mod_auth",
   	"mod_expire",
   	"mod_compress",
   	"mod_redirect",
   	"mod_setenv",
   	"mod_rewrite"
   )
   server.document-root        = "/var/www/html"
   server.error-handler-404    = "pihole/index.php"
   server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
   server.errorlog             = "/var/log/lighttpd/error.log"
   server.pid-file             = "/var/run/lighttpd.pid"
   server.username             = "www-data"
   server.groupname            = "www-data"
   server.port                 = 80
   accesslog.filename          = "/var/log/lighttpd/access.log"
   accesslog.format            = "%{%s}t|%V|%r|%s|%b"
   index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
   url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
   static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
   compress.cache-dir          = "/var/cache/lighttpd/compress/"
   compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "/usr/share/lighttpd/create-mime.assign.pl"
   include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"
' 2>/dev/null"
   $HTTP["url"] =~ "^/admin/" {
       
       setenv.add-response-header = (
           "X-Pi-hole" => "The Pi-hole Web interface is working!",
           "X-Frame-Options" => "DENY"
       )
       $HTTP["url"] =~ ".ttf$" {
           
           setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
       }
   }
   $HTTP["url"] =~ "^/admin/\.(.*)" {
        url.access-deny = ("")
   }
   include_shell "cat external.conf 2>/dev/null"

*** [ DIAGNOSING ]: contents of /etc/cron.d

-rw-r--r-- 1 root root 1496 Jul 12 03:34 /etc/cron.d/pihole
   25 4   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity
   00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush once quiet
   @reboot root /usr/sbin/logrotate /etc/pihole/logrotate
   */10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local
   36 15  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
   @reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot

*** [ DIAGNOSING ]: contents of /var/log/lighttpd

-rw-r--r-- 1 www-data www-data 654 Jul 12 10:40 /var/log/lighttpd/error.log
   2018-07-11 19:10:54: (log.c.217) server started 
   2018-07-11 23:04:58: (server.c.1828) server stopped by UID = 0 PID = 1 
   2018-07-12 01:36:09: (log.c.217) server started 
   2018-07-12 02:22:13: (server.c.1828) server stopped by UID = 0 PID = 1 
   2018-07-12 02:23:44: (log.c.217) server started 
   2018-07-12 02:28:58: (server.c.1828) server stopped by UID = 0 PID = 1 
   2018-07-12 02:30:26: (log.c.217) server started 
   2018-07-12 03:30:32: (server.c.1828) server stopped by UID = 0 PID = 1 
   2018-07-12 04:28:54: (log.c.217) server started 
   2018-07-12 04:32:30: (server.c.1828) server stopped by UID = 0 PID = 1 
   2018-07-12 10:40:32: (log.c.217) server started 

*** [ DIAGNOSING ]: contents of /var/log

-rw-r--r--+ 1 pihole pihole 0 Jul 12 13:03 /var/log/pihole-FTL.log

*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 dnsmasq root 2408 Jul 12 13:11 /var/log/pihole.log
   -----head of pihole.log------
   Jul 12 13:08:15 dnsmasq[17647]: read /etc/hosts - 4 addresses
   Jul 12 13:08:15 dnsmasq[17647]: read /etc/pihole/local.list - 2 addresses
   Jul 12 13:08:15 dnsmasq[17647]: read /etc/pihole/black.list - 1 addresses
   Jul 12 13:08:15 dnsmasq[17647]: bad name at /etc/pihole/gravity.list line 2
   Jul 12 13:08:15 dnsmasq[17647]: bad name at /etc/pihole/gravity.list line 3
   Jul 12 13:08:15 dnsmasq[17647]: bad name at /etc/pihole/gravity.list line 112235
   Jul 12 13:08:16 dnsmasq[17647]: bad name at /etc/pihole/gravity.list line 675274
   Jul 12 13:08:16 dnsmasq[17647]: read /etc/pihole/gravity.list - 781210 addresses
   Jul 12 13:10:57 dnsmasq[17647]: exiting on receipt of SIGTERM
   Jul 12 13:10:57 dnsmasq[20218]: started, version 2.79 cachesize 10000
   Jul 12 13:10:57 dnsmasq[20218]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
   Jul 12 13:10:57 dnsmasq[20218]: using nameserver 20218
   #0
   Jul 12 13:10:57 dnsmasq[20218]: using nameserver 20218
   #0
   Jul 12 13:10:57 dnsmasq[20218]: using nameserver 127.0.0.3#513
   Jul 12 13:10:57 dnsmasq[20218]: using nameserver 127.0.0.2#513
   Jul 12 13:10:57 dnsmasq[20218]: read /etc/hosts - 4 addresses
   Jul 12 13:10:57 dnsmasq[20218]: read /etc/pihole/local.list - 2 addresses
   Jul 12 13:11:05 dnsmasq[20218]: exiting on receipt of SIGTERM
dig pi.hole/admin
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> pi.hole/admin
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22781
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi.hole/admin.			IN	A

;; AUTHORITY SECTION:
.			2995	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2018071200 1800 900 604800 86400

;; Query time: 322 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 12 13:31:31 CEST 2018
;; MSG SIZE  rcvd: 117

# nslookup pi.hole
Server:	127.0.0.1
Address:	127.0.0.1#53
** server can’t find pi.hole: NXDOMAIN

Hosts + local.list of PIHOLE?
#2

sudo service pihole-FTL status

pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated)
Active: active (exited) since Thu 2018-07-12 10:40:32 CEST; 3h 12min ago
Docs: man:systemd-sysv-generator(8)
Process: 1370 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Jul 12 10:40:32 amd pihole-FTL[1370]: Not running
Jul 12 10:40:32 amd pihole-FTL[1370]: rm: cannot remove ‘/var/run/pihole/FTL.sock’: No such file or directory
Jul 12 10:40:32 amd su[1446]: Successful su for pihole by root
Jul 12 10:40:32 amd su[1446]: + ??? root:pihole
Jul 12 10:40:32 amd su[1446]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jul 12 10:40:32 amd su[1446]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jul 12 10:40:32 amd pihole-FTL[1370]: dnsmasq: failed to create listening socket for port 5333: Address already in use
Jul 12 10:40:32 amd su[1446]: pam_unix(su:session): session closed for user pihole
Jul 12 10:40:32 amd su[1446]: pam_unix(su:session): session closed for user pihole
Jul 12 10:40:32 amd systemd[1]: Started LSB: pihole-FTL daemon.

how to fix? dnsmasq: failed to create listening socket for port 5333:


#3

For PiHole to work properly, it should be the only DNS in use, so yes. If the router is serving DHCP, then this DNS address will be passed on to all your network devices. Note that to get all your network devices using the new DNS after you set it in your router, you may have to clear DNS caches, restart, renew leases, etc (depends on the device).


#4

Also, how did you configure your devices to use Pi-hole?


#5

In my router and my pc I use static ip.

Which dns server must I set in my router? I want to use dnscrypt-proxy which is
on 127.0.0.2 and 127.0.0.3 on my pc.

Or? 192.168.178.21 which is local ip + pihole ip


#6

Please take a look and tell me if this configuration is correct or has errors.

Which values do I have to change or add?

“BLOCKING sites+adz etc. isn’t working anymore”

My config:

[/etc/dnsmasq.d]

01-pihole.conf

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list

localise-queries

no-resolv

no-negcache
cache-size=10000

log-queries=extra
log-facility=/var/log/pihole.log

local-ttl=2

log-async

server=
server=
interface=enp4s0

02-dnscrypt-proxy.conf

no-resolv
server=127.0.0.2#513
server=127.0.0.3#513
listen-address=127.0.0.1
proxy-dnssec

[/etc/pihole]

local.list

192.168.178.21 amd
192.168.178.21 pi.hole

pihole-FTL.conf

SOCKET_LISTENING=all
TIMEFRAME=rolling24h
QUERY_DISPLAY=yes
AAAA_QUERY_ANALYSIS=yes
MAXDBDAYS=5
RESOLVE_IPV6=no
RESOLVE_IPV4=yes
DBINTERVAL=60.0
DBFILE=/etc/pihole/pihole-FTL.db
MAXLOGAGE=24.0

setupVars.conf

PIHOLE_INTERFACE=enp4s0
IPV4_ADDRESS=192.168.178.21/24
IPV6_ADDRESS=
PIHOLE_DNS_1=
PIHOLE_DNS_2=
QUERY_LOGGING=true
INSTALL_WEB=true
LIGHTTPD_ENABLED=1
WEBPASSWORD=(removed pw)

[etc/systemd/]

resolved.conf

####//resolved.conf//####
[Resolve]
DNSStubHandler=no
namserver 127.0.0.2#513
namserver 127.0.0.3#513

[etc/]

dnsmasq.conf

port=5353
conf-dir=/etc/dnsmasq.d/,*.conf

[lib/systemd/system]

dnscrypt-proxy.socket

[Socket]
##//ipv4//
ListenStream=127.0.0.2:513
ListenDatagram=127.0.0.3:513

[etc/unbound]

unbound.conf

include: "/etc/unbound/unbound.conf.d/*.conf"

server:

hide-identity: yes

hide-version: yes

use-caps-for-id: yes

module-config: "iterator"

val-permissive-mode: yes

domain-insecure: "example"

do-not-query-localhost: no

interface: 0.0.0.0

access-control: 0.0.0.0/0 allow

port: 533

do-ip4: yes

do-ip6: no

do-udp: yes

do-tcp: yes

forward-zone:

name: "."

forward-addr: 127.0.0.1@5353

forward-first: no

remote-control:

control-enable: no

[NetworkManager] (Active Network Connections) STATIC_ip
IP Address: 192.168.178.21
Broadcast Address: 192.168.178.255
Subnet Mask: 255.255.255.0
Default Route: 192.168.178.1

[etc/network]

interfaces

auto lo
iface lo inet loopback

####//STATIC [!LAN!]//####
allow-hotplug enp4s0
iface enp4s0 inet static
 address 192.168.178.21
 netmask 255.255.255.0
 gateway 192.168.178.1

[etc/NetworkManager]

NetworkManager.conf

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=true

[device]
wifi.scan-rand-mac-address=no

[connection]
ethernet.cloned-mac-address=stable

#dns=dnsmasq

[etc]

resolv.conf

namserver 127.0.0.2#513
namserver 127.0.0.3#513

[etc]

host.conf

127.0.0.1	localhost
127.0.1.1	"removed user"

127.0.0.2	dnscrypt1
127.0.0.3	dnscrypt2

Fritz.Box Router DNS:

192.168.178.21??? [PIHOLE_ip local] static


#7

Set the static IP address of your PiHole as the DNS server on your router. Then all DNS traffic routes through the PiHole.

You currently don’t have a DNS server assigned in your PiHole. Set the DNS on the PiHole to the server of your choice. For troubleshooting, you can use Google at 8.8.8.8.


#8

Is that set correctly? (my Router)

Can I use Upstream-DNS_Server = dnscryptproxy? When yes, how to set in SetupVars.conf // 01-pihole.conf

Example:
SetupVars.conf
PIHOLE_DNS_1=127.0.0.1#5353 (dnsmasq) redirects to dnscrypt-proxy

dnsmasq is using dnscrypt-proxy-server: server=127.0.0.2#513 and server=127.0.0.3#513

Or?
SetupVars.conf
PIHOLE_DNS_1=127.0.0.2#513
PIHOLE_DNS_2=127.0.0.3#513

Which setting is correct to use dnscrypt-proxy as upstream DNS server with PIHOLE?


#9

It looks like the router settings are correct for DNS.

I’ll defer to others with more expertise on dnscryp-proxy for the settings. I don’t use that and don’t want to steer you wrong.

Have you tried using Google DNS for the PiHole to make sure the PiHole is working correctly? Once you do that, you can change to DNS of your choice later.


#10

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] disk-of56.stream is 38.133.143.13 via localhost (127.0.0.1)
[✓] disk-of56.stream is 38.133.143.13 via Pi-hole (0.0.0.0)
[✓] doubleclick.com is 172.217.19.78 via a remote, public DNS server (8.8.8.8)

now, resolve via pihole works but:

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the enp4s0 interface:
192.168.178.21/24 does not match the IP found in /etc/pihole/setupVars.conf

When I put 192.168.178.21/24 in SetupVars.conf then Pihole resolv won’t work but
the error “ip does not match” disappeared.

What can I do?
Must I put pihole ip to my “hosts”-file?

192.168.178.21 pi.hole
0.0.0.0 pi.hole
What is correct?

local.list: (pihole)
0.0.0.0 amd
0.0.0.0 pi.hole

PIHOLE_INTERFACE=enp4s0
IPV4_ADDRESS=0.0.0.0
IPV6_ADDRESS=
PIHOLE_DNS_1=84.200.69.80
PIHOLE_DNS_2=84.200.70.40
QUERY_LOGGING=false
INSTALL_WEB=false
LIGHTTPD_ENABLED=0

Is this setting correct in NetworkManager?

Status of pihole-FTL:

Router_Ports:

Blocking ads won’t work.
Blocking websites won’t work.

Some idea?


#11

nslookup pi.hole

Output:
Server: 127.0.0.1
Address: 127.0.0.1#53


#12

This is mandatory to be set to the Pi-hole IP 192.168.178.21/24 in order for your router to communicate with the DNS server based on:

image

PIHOLE_DNS_1= needs to be your Unbound resolver

You have all the settings tangled and messed up.

You might want to start from scratch and reference DNSCrypt How-to guide?

Maybe you will find some related information.

I personally use only Pi-hole+Unbound and no DNScrypt


#13

…and how I can set an unbound-ip to my localhost?

UNBOUND [CONFIG]

##########################

include: "/etc/unbound/unbound.conf.d/*.conf"

server: 192.168.178.22   ???

hide-identity: yes

hide-version: yes

use-caps-for-id: yes

module-config: "iterator"

val-permissive-mode: yes

domain-insecure: "example"

do-not-query-localhost: no

interface: enp4s0  ???

access-control: 0.0.0.0/0 allow

port: 533

do-ip4: yes

do-ip6: no

do-udp: yes

do-tcp: yes

forward-zone:

name: "."

forward-addr: 127.0.0.1@5333   (to dnsmasq)

forward-first: no

remote-control:

control-enable: no

correct?


#14

Follow this guide for using Pi-hole with Ubound:

https://docs.pi-hole.net/guides/unbound/


#15

ok, I’ll tried out the pi-hole unbound guide, all set in pihole.conf @ /etc/unbound/unbound.conf.d

Unbound starts, no errors in Terminal but when I type:

dig pi-hole.net @127.0.0.1 -p 5353

Output:
DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> pi-hole.net @127.0.0.1 -p 5353
;; global options: +cmd
;; connection timed out; no servers could be reached

some Idea?

which unbound address must I put in pihole setupVars.conf?
PIHOLE_DNS_1=

Which address to use?
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8

my network local ip is 192. 168. 178. 21, how do i have to change unbound’s address?


#16

If you set up per the instructions, PiHole uses 127.0.0.1#5353 to get its DNS lookups from unbound.


#17

…with this config, dig pi-hole.net @127.0.0.1 works now.
Output:

DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> pi-hole.net @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41846
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1252
;; QUESTION SECTION:
;pi-hole.net. IN A

;; ANSWER SECTION:
pi-hole.net. 83326 IN A 206.189.252.21

;; Query time: 159 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jul 13 03:41:30 CEST 2018
;; MSG SIZE rcvd: 67

server:

##//Specify the INTERFACE-address to listen on:
interface: 127.0.0.1

##//LISTEN on all INTERFACEZ:
#interface: 0.0.0.0

hide-identity: yes

hide-version: yes

use-caps-for-id: yes

module-config: “iterator”

val-permissive-mode: yes

domain-insecure: “example”

do-not-query-localhost: no

access-control: 0.0.0.0/0 allow

port: 533

do-ip4: yes

do-ip6: no

do-udp: yes

do-tcp: yes

forward-zone:

name: “.”

##//FORWARD to “dnsmasq”//
forward-addr: 127.0.0.1@5333

forward-first: no

remote-control:

control-enable: no


#18

forward-addr: 127.0.0.1@5353 to pihole? correct?

in /etc/unbound/unbound.conf.d/01-pihole-conf: which port to use? port: 5353 or port: 5333 (dnsmasq)

I type:
nslookup www.google.cz 127.0.0.1 = (works) got answer :slight_smile:
dig pi-hole.net @127.0.0.1 @5333 = (works) got answer :slight_smile:
dig pi-hole.net @127.0.0.1 @5353 = (works) got answer :slight_smile:

in
/etc/dnsmasq.d/01-pihole.conf

##//DNSCRYPT-PROXY//##
server=127.0.2.1#513
server=127.0.2.2#513 correct?

/etc/pihole/SetupVars.conf (pihole)
PIHOLE_DNS_1=server=127.0.0.1#5353 correct?

When I set in PIHOLE SetupVars.conf = IPV4_ADDRESS=0.0.0.0:

all green, no errors:
Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] h2i.it is 62.149.128.154
62.149.128.151
62.149.128.157
62.149.128.160 via localhost (127.0.0.1)
[✓] h2i.it is 62.149.128.154
62.149.128.157
62.149.128.160
62.149.128.151 via Pi-hole (0.0.0.0)
[✓] doubleclick.com is 172.217.19.78 via a remote, public DNS server (8.8.8.8)

When I set in PIHOLE SetupVars.conf = IPV4_ADDRESS=192.168.178.21/24:
The error “192.168.178.21/24 does not match the IP found in /etc/pihole/setupVars.conf” is not gone…

Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] jacobxx.co.uk is via localhost (127.0.0.1)
[✗] Failed to resolve jacobxx.co.uk via Pi-hole (192.168.178.21)
[✓] doubleclick.com is 172.217.19.78 via a remote, public DNS server (8.8.8.8)

with 0.0.0.0,

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] ads139.hpg.com.br is 187.31.64.20 via localhost (127.0.0.1)
[✓] ads139.hpg.com.br is 187.31.64.20 via Pi-hole (0.0.0.0)
[✓] doubleclick.com is 172.217.19.78 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Pi-hole processes
[✓] dnsmasq daemon is active
[✗] lighttpd daemon is inactive
[✓] pihole-FTL daemon is active

*** [ DIAGNOSING ]: Setup variables
API_EXCLUDE_DOMAINS=
API_EXCLUDE_CLIENTS=
API_QUERY_LOG_SHOW=all
API_PRIVACY_MODE=true
PIHOLE_INTERFACE=enp4s0
IPV4_ADDRESS=0.0.0.0
#IPV4_ADDRESS=192.168.178.21/24
IPV6_ADDRESS=
QUERY_LOGGING=false
INSTALL_WEB=false
LIGHTTPD_ENABLED=1
#DNSMASQ_LISTENING=single
##//UPSTREAM_DNS_SERVER//##
PIHOLE_DNS_1=server=127.0.0.1#5353
#PIHOLE_DNS_1=server=127.0.2.1#513
#PIHOLE_DNS_2=server=127.0.2.2#513
#PIHOLE_DNS_1=84.200.69.80
#PIHOLE_DNS_2=84.200.70.40
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=true
#CONDITIONAL_FORWARDING=false

can I ignore 192.168.178.21/24 does not match the IP found in /etc/pihole/setupVars.conf???

Or how can I fix it?


#19

:frowning: :frowning: with the new configs, my PIHOLE blocks nothing, no ads :frowning: What I’ve made wrong… damn…

token: jysgrzc0kb


#20

I’m a little bit further:

sudo lighty-enable-mod fastcgi
service lighttpd force-reload
sudo lighty-enable-mod fastcgi-php
service lighttpd force-reload

now I can get into the pi-hole admin dashboard but can’t save any settings in dashboard :frowning: