Network manager breaks pi-hole

Help Community Help
43

Is dnsmasq not started now at boot ?
Can try comment that line eg:

#dns=none

Hobby learning thing yeah.

That will surely be appreciated:

44

Dnsmasq is started at boot. I need to manually kill it and then restart pihold-FTL.
Even then VNC servers are not reachable :confused:

Have a pack full of beers on me :wink:

1 Like
45

The solutions I found on the net were all pointing to that dns= directive:

http://www.vassox.com/linux-general/ubuntu/disabling-dnsmasq-via-network-manager-on-ubuntu-16-04/

Shame you cant get it to work like it should.
You could script something dirty killing the dnsmasq PID but thats just rubbish :wink:

46

Umm, mate. it works... out of the blue and for no reason. Pi3B+, buster.

sudo nano /etc/NetworkManager/NetworkManager.conf

[main]
plugins=ifupdown,keyfile
#dns=none

[ifupdown]
managed=false

I then ran:

sudo service network-manager restart

I rebooted and then this:


pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1098/lighttpd       
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1117/pihole-FTL     
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      1117/pihole-FTL     
tcp6       0      0 :::80                   :::*                    LISTEN      1098/lighttpd       
tcp6       0      0 :::53                   :::*                    LISTEN      1117/pihole-FTL     
tcp6       0      0 ::1:4711                :::*                    LISTEN      1117/pihole-FTL     
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1117/pihole-FTL     
udp6       0      0 :::53                   :::*                                1117/pihole-FTL

I don't get it. I have commented it out.....

47

If you first dont succeed, try try again :wink:
Cheers!

48

Loooooooooooooool

So to sum it all up:

sudo netstat -nltup | grep 'Proto|:53 |:67 |:80 |:547 |:471[1-8] '

kill the PID of dnsmasq

sudo systemctl mask dhcpcd

pihole -r

sudo nano /etc/NetworkManager/NetworkManager.conf

and add in the [main] section

dns=none

systemctl restart NetworkManager.service

sudo systemctl restart pihole-FTL

reboot

1 Like
49

Nope, I was happy too soon. I rebooted again and dnsmasq is still there upon boot... dammit

50

You could try break dnsmasq like below example:

pi@noads:~ $ which dnsmasq
/usr/sbin/dnsmasq

pi@noads:~ $ sudo mv /usr/sbin/dnsmasq /usr/sbin/~dnsmasq
pi@noads:~ $

pi@noads:~ $ sudo service dnsmasq start
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details.

To undo:

sudo mv /usr/sbin/~dnsmasq /usr/sbin/dnsmasq

51

Kinda aggressive :smiley:

I did but then netstat is not working. I have to manually start pihole-FTL. Why isn't it done on boot?

pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
pi@raspberrypi:~ $ sudo systemctl restart pihole-FTL
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1148/lighttpd       
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1543/pihole-FTL     
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      1543/pihole-FTL     
tcp6       0      0 :::80                   :::*                    LISTEN      1148/lighttpd       
tcp6       0      0 :::53                   :::*                    LISTEN      1543/pihole-FTL     
tcp6       0      0 ::1:4711                :::*                    LISTEN      1543/pihole-FTL     
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1543/pihole-FTL     
udp6       0      0 :::53                   :::*                                1543/pihole-FTL     
pi@raspberrypi:~ $

EDIT: Hmmm, not good. after a while I lose my network VNC local connection to pi

52

Was worth a try.
When I can think of something else, I'll post.
For now nn.

53

:wink: thanks nn

54

There is no traffic going to the wifi/outside world. However, pihole-FTL can retrieve the DNSs.
The same with chromium. It cannot connect anywhere. So many issues to be fixed... :sweat_smile:

pi@raspberrypi:~ $ dig realvnc.com

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> realvnc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25849
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;realvnc.com.			IN	A

;; ANSWER SECTION:
realvnc.com.		3275	IN	A	146.101.60.69

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jul 21 08:27:07 CEST 2020
;; MSG SIZE  rcvd: 56

pi@raspberrypi:~ $ ping realvnc.com
ping: realvnc.com: Name or service not known
55

I believe we missed some steps believing dnsmasq is part of NM.
Can you post output for below:

systemctl status dnsmasq

which dnsmasq

dpkg -S /usr/sbin/dnsmasq

apt policy dnsmasq-base

If dnsmasq-base is installed, you should be able to disable dnsmasq from starting at boot with below:

sudo systemctl disable dnsmasq

Or:

sudo systemctl mask dnsmasq

I wouldnt purge dnsmasq-base so to keep the man pages available:

pi@noads:~ $ dpkg -L dnsmasq-base
[..]
/usr/sbin/dnsmasq
[..]
/usr/share/man
/usr/share/man/es
/usr/share/man/es/man8
/usr/share/man/es/man8/dnsmasq.8.gz
/usr/share/man/fr
/usr/share/man/fr/man8
/usr/share/man/fr/man8/dnsmasq.8.gz
/usr/share/man/man8
/usr/share/man/man8/dnsmasq.8.gz
[..]

They might come in handy if tinkering with pihole-FTL that shares most settings from dnsmasq.

56

Here they are:

pi@raspberrypi:~ $ systemctl status dnsmasq
Unit dnsmasq.service could not be found.
pi@raspberrypi:~ $ which dnsmasq
/usr/sbin/dnsmasq
pi@raspberrypi:~ $ dpkg -S /usr/sbin/dnsmasq
dnsmasq-base: /usr/sbin/dnsmasq
pi@raspberrypi:~ $ apt policy dnsmasq-base
dnsmasq-base:
  Installed: 2.80-1+rpt1
  Candidate: 2.80-1+rpt1
  Version table:
     2.81-4 -1
         -1 http://raspbian.raspberrypi.org/raspbian bullseye/main armhf Packages
 *** 2.80-1+rpt1 500
        500 http://archive.raspberrypi.org/debian buster/main armhf Packages
        100 /var/lib/dpkg/status
     2.80-1 500
        500 http://raspbian.raspberrypi.org/raspbian buster/main armhf Packages

I rely on sharing my Wi-Fi connection LAN to the router and then the router distributes it to all of the devices (I am connecting through a EAP TTLS wifi network, hence the need for NM). If I disable dnsmasq, will the sharing of the connection still be handled or even work with NM?

By the way, I have masked it:

pi@raspberrypi:/etc/dnsmasq.d $ sudo systemctl mask dnsmasq
Unit dnsmasq.service does not exist, proceeding anyway.
Created symlink /etc/systemd/system/dnsmasq.service → /dev/null.
57

This is exactly what I've been trying to do here:

Any chance to get a summary from of what to do from first boot (I likely need to start from scratch), cause I was losing my mind with this. Should be so straight forward to do but somehow I mess up somewhere.

58

@deHakkelaar My main question actually is how do I copy (or keep a backup, since I guess that NM is not handling sharing connections in pihole-FTL) my current dnsmasq settings to Pihole's FTL?

@EnkiABZ I will try to sum it up once finishing up like I have done so far for in post #48.

1 Like
59

@deHakkelaar I believe forwarding rules are kept from NM but the gateway is missing. this is done from the admin page under Settings I assume :slight_smile:

Ok so what I am doing now:

  • sudo netstat -nltup | grep 'Proto|:53 |:67 |:80 |:547 |:471[1-8] '
  • stop wifi (otherwise I cannot kill dnsmasq, it respawns!)
  • kill (dnsmasq PID)
  • sudo systemctl restart pihole-FTL
  • sudo netstat -nltup | grep 'Proto|:53 |:67 |:80 |:547 |:471[1-8] ' (normally pihole-FTL is up now)

put in the admin -> Setting -> DHCP -> gateway the IP of the gateway of the wifi. Check with VNC that it can be forwarded and it is ok.

I am so close. Upon reboot I have to kill dsnmasq by switching off wifi first and then enabling pihole-FTL.

Should I remove dnsmasq-base altogether? I don't get it, I masked dnsmasq, no other process should be able to call it. Not sure though if this is a good idea, since when I do
sudo mv /usr/sbin/dnsmasq /usr/sbin/~dnsmasq the system hangs after a minute and NM keeps on loading...

60

The only reason dnsmasq-base is installed (if it was installed with NM) is to cache DNS queries.
And as pihole-FTL has the dnsmasq code embedded into its own code, pihole-FTL can almost be considered as a drop in replacement for dnsmasq.
pihole-FTL even reads the exact same config file /etc/dnsmasq.conf as dnsmasq does (if dnsmasq whas run standalone).
So there is no reason to assume it will break your network setup if substitute dnsmasq with pihole-FTL.

Masking wont do if the dnsmasq binary is called upon directly by NM and not via systemd.

See my first answer above ^

Not for now.

I made wrong assumption with previous posting of mine ... again :wink:
The package dnsmasq-base contains the /usr/sbin/dnsmasq binary:

pi@ph5:~ $ apt-file list dnsmasq-base
dnsmasq-base: /etc/dbus-1/system.d/dnsmasq.conf
dnsmasq-base: /usr/sbin/dnsmasq
dnsmasq-base: /usr/share/dnsmasq-base/trust-anchors.conf
dnsmasq-base: /usr/share/doc/dnsmasq-base/DBus-interface.gz
dnsmasq-base: /usr/share/doc/dnsmasq-base/FAQ.gz
dnsmasq-base: /usr/share/doc/dnsmasq-base/README.Debian
dnsmasq-base: /usr/share/doc/dnsmasq-base/changelog.Debian.gz
dnsmasq-base: /usr/share/doc/dnsmasq-base/changelog.archive.gz
dnsmasq-base: /usr/share/doc/dnsmasq-base/changelog.gz
dnsmasq-base: /usr/share/doc/dnsmasq-base/copyright
dnsmasq-base: /usr/share/doc/dnsmasq-base/doc.html
dnsmasq-base: /usr/share/doc/dnsmasq-base/examples/dnsmasq.conf.example
dnsmasq-base: /usr/share/doc/dnsmasq-base/setup.html
dnsmasq-base: /usr/share/locale/de/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/es/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/fi/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/fr/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/id/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/it/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/no/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/pl/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/pt_BR/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/locale/ro/LC_MESSAGES/dnsmasq.mo
dnsmasq-base: /usr/share/man/es/man8/dnsmasq.8.gz
dnsmasq-base: /usr/share/man/fr/man8/dnsmasq.8.gz
dnsmasq-base: /usr/share/man/man8/dnsmasq.8.gz
[..]

And the package dnsmasq contains the systemd unit file dnsmasq.service thats needed to start dnsmasq via systemd (systemctl start/stop etc):

pi@ph5:~ $ apt-file list dnsmasq
dnsmasq: /etc/default/dnsmasq
dnsmasq: /etc/dnsmasq.conf
dnsmasq: /etc/dnsmasq.d/README
dnsmasq: /etc/init.d/dnsmasq
dnsmasq: /etc/insserv.conf.d/dnsmasq
dnsmasq: /etc/resolvconf/update.d/dnsmasq
dnsmasq: /lib/systemd/system/dnsmasq.service
dnsmasq: /usr/lib/resolvconf/dpkg-event.d/dnsmasq
dnsmasq: /usr/lib/tmpfiles.d/dnsmasq.conf
dnsmasq: /usr/share/dnsmasq/installed-marker
dnsmasq: /usr/share/doc/dnsmasq

The later seems not installed and isnt needed if NM boots up dnsmasq.
Can you validate NM being the parent of dnsmasq with below before digging any deeper ?
Will need to reboot first to get dnsmasq running again.

pstree -s $(pidof dnsmasq)

61

Thanks for the long explanation :wink:

You are right in your assumption:

pi@raspberrypi:~ $ pstree -s $(pidof dnsmasq)
systemd───NetworkManager───dnsmasq

For some reason I cannot see the queries. Is that ok?

image
image1009×830 22.7 KB

62

My laptop is also using NM but default doesnt have that dns= directive:

dehakkelaar@laptop:~$ cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

dehakkelaar@laptop:~$ sudo grep 'dns=\|dnsmasq' -R /etc/NetworkManager/
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ sudo netstat -nltup | grep dnsmasq
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ cat /etc/resolv.conf
# Generated by NetworkManager
search dehakkelaar.nl
nameserver 10.0.0.2

dnsmasq-base was already installed from previous tinkering.
I added that dns=dnsmasq directive and now have below output after reboot:

dehakkelaar@laptop:~$ cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=dnsmasq

[ifupdown]
managed=false

dehakkelaar@laptop:~$ sudo grep 'dns=\|dnsmasq' -R /etc/NetworkManager/
/etc/NetworkManager/NetworkManager.conf:dns=dnsmasq

dehakkelaar@laptop:~$ sudo netstat -nltup | grep dnsmasq
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1604/dnsmasq
udp        0      0 0.0.0.0:50831           0.0.0.0:*                           1604/dnsmasq
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1604/dnsmasq

dehakkelaar@laptop:~$ cat /etc/resolv.conf
# Generated by NetworkManager
search dehakkelaar.nl
nameserver 127.0.0.1

dehakkelaar@laptop:~$ pstree -s $(pidof dnsmasq)
systemd───NetworkManager───dnsmasq

If I remove that dns=dnsmasq directive again and reboot, everything reverts back to as was before without dnsmasq running.
Are you sure that directive isnt configured somewhere (added sudo below) and did you reboot in between while trying options ?

sudo grep 'dns=\|dnsmasq' -R /etc/NetworkManager/

No its not.
Try clear browser cache first and reload the page.
If that doesn fix, try run below and select repair:

pihole -r

EDIT: ow ps. do you run a desktop ?
Something might be configured in the pi user home folder ~ :

sudo grep 'dns=' -R ~