No Internet Access Upon Using PiHole IP as DNS

yubiuser · May 20, 2021, 5:57am

Because apache is bound to port 80 already

[80] is in use by apache2 (https://docs.pi-hole.net/main/prerequisites/#ports)
*:443 apache2 (IPv6)
[80] is in use by apache2 (https://docs.pi-hole.net/main/prerequisites/#ports)

It failed because there is no domain from the gravity it can query. The database is empty because you deactivated all adlists

*** [ DIAGNOSING ]: Info table
   property              value                                   
   --------------------  ----------------------------------------
   version               14                                      
   updated               1621404891                              
   gravity_count         0                                       
   Last gravity run finished at: Rabu 19 Mei 2021 02:14:51  +08

** [ DIAGNOSING ]: Adlists
   id    enabled  group_ids     address                                                                                               date_added           date_modified        comment                                           
   ----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1        0     0             https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts                                      2021-05-19 10:37:58  2021-05-19 14:14:38  Migrated from /etc/pihole/adlists.list            
   2        0     0             https://adaway.org/hosts.txt                                                                          2021-05-19 10:40:35  2021-05-19 14:14:36  Firebog Advertising                               
   3        0     0             https://v.firebog.net/hosts/AdguardDNS.txt                                                            2021-05-19 10:40:35  2021-05-19 14:14:37  Firebog Advertising                               
   4        0     0             https://v.firebog.net/hosts/Admiral.txt                                                               2021-05-19 10:40:35  2021-05-19 14:14:37  Firebog Advertising                               
   5        0     0             https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt                            2021-05-19 10:40:35  2021-05-19 14:14:33  Firebog Advertising                               
   6        0     0             https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt                                            2021-05-19 10:40:35  2021-05-19 14:14:33  Firebog Advertising                               
   7        0     0             https://v.firebog.net/hosts/Easylist.txt                                                              2021-05-19 10:40:35  2021-05-19 14:14:32  Firebog Advertising                               
   8        0     0             https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext         2021-05-19 10:40:35  2021-05-19 14:14:32  Firebog Advertising                               
   9        0     0             https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts                      2021-05-19 10:40:35  2021-05-19 14:14:31  Firebog Advertising                               
   10       0     0             https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts                                      2021-05-19 10:40:35  2021-05-19 14:14:30  Firebog Advertising                               
   11       0     0             https://v.firebog.net/hosts/Easyprivacy.txt                                                           2021-05-19 10:41:17  2021-05-19 12:17:54  Firebog Tracking & Telemetry                      
   12       0     0             https://v.firebog.net/hosts/Prigent-Ads.txt                                                           2021-05-19 10:41:17  2021-05-19 12:17:54  Firebog Tracking & Telemetry                      
   13       0     0             https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts                       2021-05-19 10:41:17  2021-05-19 12:17:55  Firebog Tracking & Telemetry                      
   14       0     0             https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt               2021-05-19 10:41:17  2021-05-19 12:17:56  Firebog Tracking & Telemetry                      
   15       0     0             https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt                                            2021-05-19 10:41:17  2021-05-19 12:17:57  Firebog Tracking & Telemetry                      
   16       0     0             https://raw.githubusercontent.com/Kees1958/W3C_annual_most_used_survey_blocklist/master/TOP_EU_US_Ad  2021-05-19 10:41:17  2021-05-19 12:17:58  Firebog Tracking & Telemetry                      
   17       0     0             https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt                         2021-05-19 10:43:51  2021-05-19 14:14:29  developerdan Ad & Tracking List

Your router does not adverties your Pi-hole as DNS via DHCP. Is this on purpose?

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   * Received 548 bytes from enp6s0:192.168.0.1
     Offered IP address: 192.168.0.156
     Server IP address: N/A
     Relay-agent IP address: N/A
     BOOTP server: (empty)
     BOOTP file: (empty)
     DHCP options:
      Message type: DHCPOFFER (2)
      server-identifier: 192.168.0.1
      lease-time: 604800 ( 7d )
      netmask: 255.255.255.0
      router: 192.168.0.1
      dns-server: 8.8.8.8
      dns-server: 8.8.4.4
      dns-server: 202.188.18.188
      dns-server: 1.9.1.9

If not, change it so that Pi-hole is the only DNS server.

ahlooii · May 21, 2021, 12:21am

Thank you so much moderator.

1: Because apache is bound to port 80 already
A: So does it caused that I cannot browse the internet?

2: 'It failed because there is no domain from the gravity it can query. The database is empty because you deactivated all adlists'
A: I basically just dont know what else to do/try therefore i disable the adlist to see whether internets come back or not. which failed.

3: 'Your router does not advertise your Pi-hole as DNS via DHCP. Is this on purpose?'
A: Yes, otherwise i wouldn't have internet access.

I follow your advise turn back on the adlist and set my pihole as primary DNS on router (It wouldn't allow me to force only primary dns + secondary dns wouldn't allow me to use the same address as well), it will force other ISP DNS for me on secondary DNS. But still the same, once i set pihole dns as the primary one, entire home internet goes down. What should i do next?
New Pihole Debug Log

yubiuser · May 21, 2021, 4:29am

No, but I can cause issues with Pi-hole's web interface and isn't a supported web server.

      dns-server: 192.168.0.155
      dns-server: 202.188.18.188
      dns-server: 1.9.1.9

Ok, this is something we have to address later.

I can see some queries being recieved by your Pi-hole and forwarded upstream, but no reply. Let' check this. Please run form your client PC

nslookup pi.hole 192.168.0.155
nslookup google.com 192.168.0.155

ahlooii · May 21, 2021, 4:39am

Both shows the same result from my window cmd.

yubiuser · May 21, 2021, 4:40am

Which is...?

ahlooii · May 21, 2021, 5:42am

Sorry i did not know my image did not get upload, i tried again but to prevent it never get upload again i will paste the command result below:

C:\Users\Looi> nslookup google.com 192.168.0.155
DNS request timed out.
timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.155

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

yubiuser · May 21, 2021, 7:04pm

The timeout indicated that your Pi-hole device was not reachable or did not respond. Can you ping it?

ping 192.168.0.155

ahlooii · May 22, 2021, 12:27am

Capture

Pinging was no problem as i always SSH into it for administration stuff because my Nextcloud is hosted on this server.

ahlooii · May 24, 2021, 12:02am

Sorry ya @yubiuser weekend i do not have access to office network, luckily you do not also reply me on weekend, just to kindly ask is there any other troubleshooting steps i can do? Thanks!

yubiuser · May 24, 2021, 7:06pm

Ok, lets recap:

You can ping your Pi-hole device on 192.168.0.155 but sending a DNS request to this address (nslookup pi-hole 192.168.0.155) timeouted.

Did you see this request in Pi-hols's query log?

Your debug log expired after 48h - could you please generate a new one?

ahlooii · May 25, 2021, 12:14am

NEW PIHOLE DEBUG LOG: [https://tricorder.pi-hole.net/f4ntjemjg6]

Im not quite sure what those query means. But i dont think it works. Because whenever i specifically specify my PC's lan network dns server to be the pihole server then i wouldn't have any internet connection, but if i let auto config then my internet connection comes back which i believe it invoke the secondary DNS, where i believe at this point it wouldn't go through Pihole so therefore no query will be listed?

yubiuser · May 25, 2021, 5:33pm

I think it does. It shows queries from two different devices (localhost and hpserver). Some are answered (green) and some are blocked (red).

Pleaese try again

and look for the corresponding entry in the query log.

Do you use any kind of firewall or do you block DNS queries on the router level?

ahlooii · May 26, 2021, 12:26am

Above are some snap shots on my router setting, not sure if it's relevant but i do not know how to check whether i block DNS queries on the router level, is there any specific terms i should look in my router setting page?

No i do not use any kind of firewall.

I just did the nslookup.

hpserver you mentioned above was actually the Pihole device itself.

I still think the network did not route through the pihole, because i have 10 plus pc in my office and the query just look way too low. I then went to Pihole Web Interface -> Tools -> Network.

I only have 1 device are using pihole which is localhost 127.0.0.1::1 (152 queries) which i believe it was the router??
Another is hpserver 192.168.0.155 (13 queries) which is pihole server itself but pihole doesn't know whether or not this device uses pihole.

yubiuser · May 26, 2021, 8:24am

What router and model do you have?

Bucking_Horn · May 26, 2021, 8:59pm

Your nslookup results show that DNS requests for local (pi.hole) as well as public (google.com) domains time out, even if targeted directly at Pi-hole at 192.168.0.155.

This would indeed suggest a firewall interfering, preventing Pi-hole from receiving the DNS requests or discarding its answers.

Please repeat the nslookup commands and monitor if those requests do register in your Pi-hole's Query Log.

If they don't register, please verify that your Pi-hole host machine's firewall isn't blocking Pi-hole's required ports.

If those nslookups do register and/or all required ports are accessible on your Pi-hole host, then that would suggest your router is blocking DNS traffic.

If you cannot find any router settings related explicitly to blocking DNS/port 53 on your local 192.168.0.0/24 network, you'd have to consult your router's documentation and suppport channels.
For a start, you could try to find out whether that Anti-spoof Checking would prevent local handling of DNS requests.

Sharing your router's make and model as requested by yubiuser may help to attract users with relevant similar experiences.

ahlooii · May 27, 2021, 2:01am

Dlink DIR-842HW.

ahlooii · May 27, 2021, 2:09am

Omg, Thank you so muchh for reminding!! I just went and check my Ubuntu UFW and just try my luck by allowing port 53 and it's now working! I have no idea because i didn't saw in the documentation that we need to specifically allow it. I appreciate it so so much!

Oh geez, i feel like a complete idiot after knowing that's the issue. Thanks for @yubiuser for staying with me for so long, i almost gave up if it wasn't you that keep replying me.

ahlooii · May 27, 2021, 2:39am

yubiuser:

ahlooii:

It wouldn't allow me to force only primary dns + secondary dns wouldn't allow me to use the same address as well)
      dns-server: 192.168.0.155
      dns-server: 202.188.18.188
      dns-server: 1.9.1.9
Ok, this is something we have to address later.

Currently the below is the result i extract from Latest Pihole Bug Report

netmask: 255.255.255.0
router: 192.168.0.1
dns-server: 192.168.0.155
dns-server: 202.188.18.188
dns-server: 1.9.1.9
--- end of options ---

Do i need to do anything about it to force only one dns server?

[✗] Block page X-Header: X-Header does not match or could not be retrieved.

Is this error a big of a deal? or i can just leave it.

I had fixed the lighttdp issue by installing append port to 8080 on external.conf of lighttpd.

yubiuser · May 27, 2021, 11:16am

Not a big deal, esp. you don't use the block page (you have the default mode Null)

If your router doesn't allow you to specify only Pi-hole as DNS server via DHCP, you can disable your router's DHCP and use Pi-hole for that instead.

system · June 17, 2021, 11:16am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.