Network manager breaks pi-hole

Help Community Help
22

https://manpages.debian.org/unstable/network-manager/NetworkManager.conf.5.en.html

dns
Set the DNS processing mode.

If the key is unspecified, default is used, unless /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf, /run/systemd/resolve/resolv.conf, /lib/systemd/resolv.conf or /usr/lib/systemd/resolv.conf. In that case, systemd-resolved is chosen automatically.

default: NetworkManager will update /etc/resolv.conf to reflect the nameservers provided by currently active connections.

dnsmasq: NetworkManager will run dnsmasq as a local caching nameserver, using "Conditional Forwarding" if you are connected to a VPN, and then update resolv.conf to point to the local nameserver. It is possible to pass custom options to the dnsmasq instance by adding them to files in the "/etc/NetworkManager/dnsmasq.d/" directory. Note that when multiple upstream servers are available, dnsmasq will initially contact them in parallel and then use the fastest to respond, probing again other servers after some time. This behavior can be modified passing the 'all-servers' or 'strict-order' options to dnsmasq (see the manual page for more details).

23

Cannot repair my pihole. It states:


  [✓] Update local cache of available packages
  [i] Existing PHP installation detected : PHP version 7.3.19-1~deb10u1
  [i] Repair option selected
  [✓] Disk space check

  [✓] Checking apt-get for upgraded packages... 12 updates available
  [i] It is recommended to update your OS after installing the Pi-hole!

  [i] Installer Dependency checks...
  [i] Checking for dhcpcd5 (will be installed)
  [✓] Checking for git
  [✓] Checking for iproute2
  [✓] Checking for whiptail
  [✓] Checking for dnsutils
  [i] Processing apt-get install(s) for: dhcpcd5, please wait...
------------------------------------------------------------------------------------------------------------------------
E: Package 'dhcpcd5' has no installation candidate

As for dnsmasq, looking at it now

24

Yeah was afraid of that.
EDIT: at least it wont get installed :wink:
Delete the apt file you've created and run sudo apt update to revert.

25

but but but, that will reinstall dhcpcd5!

26

Ok, I am setting

sudo nano /etc/NetworkManager/NetworkManager.conf

[main]
plugins=ifupdown,keyfile
dns=none
27

Maybe it suffices to just disable dhcpcd5 so it wont conflict with NM:

sudo systemctl disable dhcpcd

EDIT: and also reboot to be sure and check:

sudo systemctl status dhcpcd

28

It is inactive indeed:

pi@raspberrypi:~ $ sudo systemctl status dhcpcd
● dhcpcd.service - dhcpcd on all interfaces
Loaded: loaded (/lib/systemd/system/dhcpcd.service; disabled; vendor preset:
Active: inactive (dead)
lines 1-3/3 (END)

So NM is still in charge, that is good. But pihole is still relying on dhcpcd?

However, pihole is still not running:
DNS service not running
and
FTL offline

As for dnsmasq and NM, I have added the dns=none in NM's conf and can no longer exit to the internet (because my VNC says that I am in Service mode so it does not resolve) :confused:

29

Below even more powerfull as disabling:

sudo systemctl mask dhcpcd

30

Yes but dhcpcd cant interfere anymore.

31

Check with netstat if dnsmasq is really killed now.

32

Ok done it ( no idea how to delete the symlink afterwards) :sweat_smile:

33

Pfff, no:

pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1075/lighttpd       
tcp        0      0 192.168.0.39:53         0.0.0.0:*               LISTEN      604/dnsmasq         
tcp6       0      0 :::80                   :::*                    LISTEN      1075/lighttpd       
udp        0      0 192.168.0.39:53         0.0.0.0:*                           604/dnsmasq         
udp        0      0 0.0.0.0:67              0.0.0.0:*                           604/dnsmasq
34 
pi@ph5:~ $ man systemctl
[..]
       mask UNIT...
           Mask one or more units, as specified on the command line.
           This will link these unit files to /dev/null, making it
           impossible to start them. This is a stronger version of
           disable, since it prohibits all kinds of activation of the
           unit, including enablement and manual activation. Use this
           option with care. This honors the --runtime option to only
           mask temporarily until the next reboot of the system. The
           --now option may be used to ensure that the units are also
           stopped. This command expects valid unit names only, it
           does not accept unit file paths.

       unmask UNIT...
           Unmask one or more unit files, as specified on the command
           line. This will undo the effect of mask. This command
           expects valid unit names only, it does not accept unit file
           paths.
[..]
1 Like
35

Need to kill it :wink:

36

Done :slight_smile:

pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1075/lighttpd       
tcp        0      0 192.168.0.39:53         0.0.0.0:*               LISTEN      1891/dnsmasq        
tcp6       0      0 :::80                   :::*                    LISTEN      1075/lighttpd       
udp        0      0 192.168.0.39:53         0.0.0.0:*                           1891/dnsmasq        
udp        0      0 0.0.0.0:67              0.0.0.0:*                           1891/dnsmasq        
pi@raspberrypi:~ $ kill 1891
bash: kill: (1891) - Operation not permitted
pi@raspberrypi:~ $ sudo kill 1891
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1075/lighttpd       
tcp6       0      0 :::80                   :::*                    LISTEN      1075/lighttpd
37

Start here up:

sudo systemctl restart pihole-FTL

And check netstat.

38

I think you did it:

pi@raspberrypi:~ $ sudo systemctl status pihole-FTL
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated)
   Active: active (exited) since Tue 2020-07-21 00:41:24 CEST; 3s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 2294 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Jul 21 00:41:24 raspberrypi systemd[1]: Starting LSB: pihole-FTL daemon...
Jul 21 00:41:24 raspberrypi pihole-FTL[2294]: Not running
Jul 21 00:41:24 raspberrypi su[2318]: (to pihole) root on none
Jul 21 00:41:24 raspberrypi su[2318]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jul 21 00:41:24 raspberrypi pihole-FTL[2294]: FTL started!
Jul 21 00:41:24 raspberrypi su[2318]: pam_unix(su:session): session closed for user pihole
Jul 21 00:41:24 raspberrypi systemd[1]: Started LSB: pihole-FTL daemon.
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      2326/pihole-FTL     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1075/lighttpd       
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      2326/pihole-FTL     
tcp6       0      0 ::1:4711                :::*                    LISTEN      2326/pihole-FTL     
tcp6       0      0 :::80                   :::*                    LISTEN      1075/lighttpd       
tcp6       0      0 :::53                   :::*                    LISTEN      2326/pihole-FTL     
udp        0      0 0.0.0.0:53              0.0.0.0:*                           2326/pihole-FTL     
udp6       0      0 :::53                   :::*                                2326/pihole-FTL
39

Thats a healthy netstat:

pi@ph5:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      7412/pihole-FTL
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      14030/lighttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      7412/pihole-FTL
tcp6       0      0 ::1:4711                :::*                    LISTEN      7412/pihole-FTL
tcp6       0      0 :::80                   :::*                    LISTEN      14030/lighttpd
tcp6       0      0 :::53                   :::*                    LISTEN      7412/pihole-FTL
udp        0      0 0.0.0.0:53              0.0.0.0:*                           7412/pihole-FTL
udp6       0      0 :::53                   :::*                                7412/pihole-FTL
40

So now I got to find how to be killing dnsmasq or not loading dnsmasq while booting up. Ok.

pi@raspberrypi:~ $ ps awx | grep dns
604 ? S 0:00 /usr/sbin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=192.168.0.39 --dhcp-range=192.168.0.48,192.168.0.254,60m --dhcp-option=option:router,192.168.0.39 --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-eth0.leases --pid-file=/run/nm-dnsmasq-eth0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
1822 pts/0 S+ 0:00 grep --color=auto dns

My guess is that NM is using the conf-dir=/etc/NetworkManager/dnsmasq-shared.d

41

sudo grep dns= -R /etc/NetworkManager/