Negative Domains on Adlists / Gravity DNS Resolution

Help
1

Hi all, I've been following this guide where I've been re-doing my Pi4B 8GB in docker/portainer:

Pihole + unbound docker setup on Raspberry Pi – xFelix

I've got two (2) issues that I think are related:

  1. Domains on Adlists are a negative number:
    image
    image1259×146 18.8 KB
  2. I get the following error when updating gravity:
[✗] DNS resolution is currently unavailable
[✗] DNS resolution is not available

My docker compose file is the following:

version: '3'

networks:
  dns_net:
    driver: bridge
    ipam:
        config:
        - subnet: 172.22.0.0/16

services:
  pihole:
    container_name: pihole
    hostname: pihole
    image: pihole/pihole:latest
    networks:
      dns_net:
        ipv4_address: 172.22.0.6
    ports:
    - "53:53/tcp"
    - "53:53/udp"
    - "8080:80/tcp"
    environment:
    - 'TZ=Australia/Sydney'
    - 'WEBPASSWORD=password'
    - 'DNS1=172.20.0.7#5053'
    - 'DNS2=no'
    volumes:
    - '/home/pi/pihole/etc-pihole/:/etc/pihole/'
    - '/home/pi/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
    restart: unless-stopped
  unbound:
    container_name: unbound
    image: mvance/unbound-rpi:latest
    networks:
      dns_net:
        ipv4_address: 172.22.0.7
    volumes:
    - /home/pi/unbound:/opt/unbound/etc/unbound
    ports:
    - "5053:5053/tcp"
    - "5053:5053/udp"
    healthcheck:
      disable: true
    restart: unless-stopped

Thank you

2

Those two observations are likely unrelated.

is likely caused by:

not matching:

Once you've fixed that, please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

1 Like
3

Wow, what a mistake. Thank you!
I've made the update but updating Gravity still is an issue.

Portainer view showing update:

image
image1120×838 39.1 KB

https://tricorder.pi-hole.net/2rUFIj1a/

4

Your gravity database seems empty:

*** [ DIAGNOSING ]: Gravity Database
-rw-rw-r-- 1 pihole pihole 92K Apr  1 01:31 /etc/pihole/gravity.db

Try to trigger an online gravity update via Pi-hole's Adlist group management.

Likely unrelated, but you should also set the recommended FTLCONF_LOCAL_IPV4 environment variable for your Pi-hole container to your host's(!) private IP and restart your container.

1 Like
5

Thanks, I'm on the "Adlist Group Management" page but I can't find an obvious way to trigger a gravity update? It gives a hint that directs me back to the "Update Gravity" page. Apologies, not sure what you mean for me to do.

Please note that I've had these adlists disabled (besides Pihole's default list) when I did the debug log. Doesn't make any different if I have these enabled or disabled.

image
image1012×1158 58.8 KB

By host you mean the Rasp Pi's IP address? I've done so:

image
image1378×666 31.7 KB

Doesn't seem to have fixed either issue above.

6

Use Tools > Update Gravity.

1 Like
7

Oh right, that's what I've been doing & reporting back on in my first (original configuration) & second posts (updated DNS IP). Sorry must have misinterpreted.

I've done it again in light of the FTLCONF_LOCAL_IPV4 update in the docker-compose file:

[✗] DNS resolution is currently unavailable
[✗] DNS resolution is not available

8

Hi, I’m not sure what I might next need to do. Would appreciate any advice or help.

Thank you

9

Please share your current Docker configuration for Pi-hole, as well as a fresh debug token.

11

Thank you. Debug token is here: https://tricorder.pi-hole.net/Qm06mN0v/

Docker compose file is:

version: '3'

networks:
  dns_net:
    driver: bridge
    ipam:
        config:
        - subnet: 172.22.0.0/16

services:
  pihole:
    container_name: pihole
    hostname: pihole
    image: pihole/pihole:latest
    networks:
      dns_net:
        ipv4_address: 172.22.0.6
    ports:
    - "53:53/tcp"
    - "53:53/udp"
    - "8080:80/tcp"
    environment:
    - 'TZ=Australia/Sydney'
    - 'WEBPASSWORD=password'
    - FTLCONF_LOCAL_IPV4=192.168.1.10
    - 'DNS1=172.22.0.7#5053'
    - 'DNS2=no'
    volumes:
    - '/home/pi/pihole/etc-pihole/:/etc/pihole/'
    - '/home/pi/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
    restart: unless-stopped
  unbound:
    container_name: unbound
    image: mvance/unbound-rpi:latest
    networks:
      dns_net:
        ipv4_address: 172.22.0.7
    volumes:
    - /home/pi/unbound:/opt/unbound/etc/unbound
    ports:
    - "5053:5053/tcp"
    - "5053:5053/udp"
    healthcheck:
      disable: true
    restart: unless-stopped
12

Hi, just following up before the token expires. Thank you

13

Sorry, the token is already expired.

Please, generate a new one.

1 Like
14

No worries, thank you!

https://tricorder.pi-hole.net/u8Dd7Ocy/

15

Bump before token expires. Thank you :slight_smile:

17

Your gravity database still seems empty:

*** [ DIAGNOSING ]: Info table
  property              value                                   
  --------------------  ----------------------------------------
  version               15                                      
  Last gravity run finished at:

Please perform an update via Tools | Update Gravity and share the output.

1 Like
18

[✗] DNS resolution is currently unavailable
[✗] DNS resolution is not available

19

That would suggest that your machine hosting Docker (or just your Pi-hole container) is not able to resolve upstream DNS.

Please make sure that your Docker host OS is allowing required ports, specifically DNS/port 53 traffic.

Run from that machine, what is the output of:

cat /etc/resolv.conf

nslookup pi.hole

dig +short -t txt versions.pi-hole.net @ns1.pi-hole.net
1 Like
20 
# Generated by resolvconf
domain home
nameserver 192.168.1.10
nameserver 192.168.1.1

Server:         192.168.1.10
Address:        192.168.1.10#53

Name:   pi.hole
Address: 192.168.1.10

Raspbian=10,11 Ubuntu=20,22 Debian=10,11 Fedora=36,37 CentOS=8,9

21

That output isn't entirely ok (quite probably, we'd have to take care of your router's 192.168.1.1 showing up as a nameserver at a later time).
Nevertheless, it would suggest that your Pi-hole host is able to resolve DNS.
In particular, the last output confirms that you can access the list of Pi-hole's supported OSs.

That would suggest that your issue is caused by your Pi-hole container's and/or your upstream unbound container's DNS operation failing.

What is the output of:

dig pi.hole @192.168.1.10

(expected answer 192.168.1.10)

dig pi.hole @192.168.1.10 -p 5053

(expected answer NXDOMAIN)

1 Like
22 
; <<>> DiG 9.16.37-Debian <<>> pi.hole @192.168.1.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63873
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi.hole.                       IN      A

;; ANSWER SECTION:
pi.hole.                0       IN      A       192.168.1.10

;; Query time: 0 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Fri Apr 28 07:36:47 AEST 2023
;; MSG SIZE  rcvd: 52

; <<>> DiG 9.16.37-Debian <<>> pi.hole @192.168.1.10 -p 5053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50980
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;pi.hole.                       IN      A

;; AUTHORITY SECTION:
.                       770     IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2023042702 1800 900 604800 86400

;; Query time: 63 msec
;; SERVER: 192.168.1.10#5053(192.168.1.10)
;; WHEN: Fri Apr 28 07:37:53 AEST 2023
;; MSG SIZE  rcvd: 111