No internet access while DHCP enabled

The issue I am facing:
If I want to use Pihole I have to use the built-in DCHP because my router does not allow me to set DNS servers. And it works fine... until the router is restarted or sometimes randomly(maybe when leases expire?). When that happens in most cases I lose internet connection, I still have access to the local network and can ping/ssh my PIs but not outside connection.

Also even when I have internet services behind Caddy reverse proxy + cloudflare are unreachable, no hits on caddy logs. Services using cloudflare tunneling work fine.

Other rare cases:
Internet / No local network
I can access the Internet but not the local network, all devices can access the Internet. In some cases, I noticed that no ipv4 IP was assigned to any of the devices even if my laptop and 2 PIs have static IPs, instead, they all had only ipv6 IPs. Could not even access the router.

No Internet / Partial local network?
Similar with the issue above however, at that time my Laptop did not have a static ip just had a ipv6 ip and was completely locked out of the network while the PI's had an ipv4 and could ping each other.

Things I tried:
Enabled ipv6 in pihole, upstream servers : unbound recursive, google & quad9 with and w/o ipv6, restarting dns server after router reboot, flushing network table, reload config.
Anything I could think of and I could find on google.

I have been at this for 2 days now, pressed every button and ticked every box nothing seems to fix it.

I have also tried Adguard and have the same issue both with docker and w/o docker install.
Details about my system:
Using a PiZero 2 W
Static IP set to 192.168.8.2
Gateway 192.168.8.1
Debug log (in docker): https://tricorder.pi-hole.net/J4ETo0e7/

Debug log for fresh regular install:
https://tricorder.pi-hole.net/mD4ikl5q/

Docker compose:

version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    network_mode: host
    environment:
      TZ: 'Europe/London'
      WEBPASSWORD: '****' 
      FTLCONF_DELAY_STARTUP: 5 # to fix interface does not exist
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

dhcpcd.conf: (tried different name servers as 192.168.8.2 and just 1.1.1.1 and other combinations same results)

interface wlan0
static ip_address=192.168.8.2/24
static routers=192.168.8.1
static domain_name_servers=127.0.0.1 1.1.1.1

resolv.conf (edited before and tried different nameservers, 1.1.1.1, 192.168.8.2, ipv6 and some other things i could find on google)

# Generated by resolvconf
nameserver 127.0.0.1

resolvconf.conf (followed instructions for installing unbound from documentation)

# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details

resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
#name_servers=127.0.0.1


# Mirror the Debian package defaults for the below resolvers
# so that resolvconf integrates seemlessly.
dnsmasq_resolv=/var/run/dnsmasq/resolv.conf
pdnsd_conf=/etc/pdnsd.conf
#unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

Probably not relevant but unbound compose:

version: '3'
services:
  unbound:
    container_name: unbound
    image: "mvance/unbound-rpi:latest"
    expose:
      - "5334"
    ports:
      - 5334:53/tcp 
      - 5334:53/udp 
    volumes:
      - /home/nepherius/configs/unbound.conf:/opt/unbound/etc/unbound/unbound.conf
    restart: unless-stopped

and a paste of ifconfig (router as DHCP)

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.8.2  netmask 255.255.255.0  broadcast 192.168.8.255
        inet6 2a04:xxxxxxxfd8:496e:2  prefixlen 128  scopeid 0x0<global>
        inet6 fd88:36cf:xxxxxxx:ac73:d00c:ec6f  prefixlen 64  scopeid 0x0<global>
        inet6 2a04:xxxxx:ec9d:743e:a26f  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::3xxx:6cd5:e8a7  prefixlen 64  scopeid 0x20<link>
        ether d8:3a:dd:78:43:d5  txqueuelen 1000  (Ethernet)
        RX packets 21835  bytes 5640840 (5.3 MiB)
        RX errors 0  dropped 1  overruns 0  frame 0
        TX packets 16780  bytes 9493287 (9.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

What I have changed since installing Pi-hole:
I moved pihole to docker & added unbound

Edit: Added debug log for fresh install

Of the top of my head it seems like your router and Pi are fight for leases. When you have the issue you may want to check who the DHCP server is.

Linux you can run "grep dhcp /var/lib/dhcp/dhclient.enp0s31f6.leases "

Note: your interface may differ from enp0s31f6. if you use tab complete it should fill it in as you go.

On windows I think you can check via cmd uisng ipconfig /all

Make sure to check each client.

Both raspberry PIs have nothing in that folder or /dhclient folder, on laptop I have a lease in dhcpd folder but the command above does nothing. using cat I got some jumbled words and www-huawei-com:service:NetworkSyncService I'm assuming that's my router (huawei is the brand)

What version / distro are you running for linux on the Pi? Also, Do you need to run the pi in docker or no? From your comments it seems like it was a troubleshooting thing. If not I would consider going back to baremetal. Docker might be fine but it adds another layer of complexity.

PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"

The strange thing is I have literally the same issue with Adguard, both docker and regular install. So, I expect Pihole to have the same issue even with a regular install. A bit late to experiment now but I'll try it tomorrow.

I'm open to any suggestions, can even change the distro as long as it's pi zero 2 w friendly

I fired up a PiZero W and looks like that last command works on my laptop but not a PI. This one should tell you what your DHCP server is.

`ip r | grep default'
or just ip r
it will look something like :

default via 192.168.0.1 dev wlan0
default via 192.168.0.1 dev wlan0 proto dhcp src 192.168.0.2 metric 600
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.2 metric 600

in my case 192.168.0.1 is gateway and DHCP Server. 192.168.0.2 is the client.

Output with Router as DHCP

Pi W (the device I intend to use as host
default via 192.168.8.1 dev wlan0 src 192.168.8.2 metric 302

Secondary pi:
default via 192.168.8.1 dev eth0 proto static metric 100

Laptop:
default via 192.168.8.1 dev wlp2s0 proto dhcp src 192.168.8.10 metric 600

Output with PI as DHCP (will update tomorrow morning, when I break it again..)
Will also do a fresh install, no docker. And compare

Something else to use:

sudo dhclient -v wlan0 ( change wlan0 to whatever interface ).

This will give similar info but also tell you when the lease will expire.

Output with Router as DHCP

Pi W (the device I intend to use as host)
default via 192.168.8.1 dev wlan0 src 192.168.8.2 metric 302

Secondary pi:
default via 192.168.8.1 dev eth0 proto static metric 100

Laptop:
default via 192.168.8.1 dev wlp2s0 proto dhcp src 192.168.8.10 metric 600

Output with PI as DHCP after router reboot(this is on a fresh regular pi-hole install, not on docker)
default via 192.168.8.1 dev wlan0 src 192.168.8.2 metric 302
Pi W (DHCP host)
IP r:

127.0.0.0/8 dev lo proto dhcp scope host src 127.0.0.1 metric 201 
169.254.0.0/16 dev br-7b79041042bb scope link src 169.254.76.28 metric 203 
169.254.0.0/16 dev docker0 scope link src 169.254.148.126 metric 204 
169.254.0.0/16 dev br-b732a6846d3f scope link src 169.254.159.82 metric 205 
169.254.0.0/16 dev veth5d3bd7d scope link src 169.254.62.55 metric 207 
169.254.0.0/16 dev vetha814660 scope link src 169.254.192.229 metric 209 
169.254.0.0/16 dev veth3ca5b91 scope link src 169.254.71.248 metric 211 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
172.22.0.0/16 dev br-7b79041042bb proto kernel scope link src 172.22.0.1 
192.168.8.0/24 dev wlan0 proto dhcp scope link src 192.168.8.2 metric 302 
192.168.16.0/20 dev br-b732a6846d3f proto kernel scope link src 192.168.16.1

sudo dhclient -w wlan0

Listening on LPF/wlan0/d8:3a:dd:78:43:d5
Sending on   LPF/wlan0/d8:3a:dd:78:43:d5
Sending on   Socket/fallback
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 8
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 18
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 11
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 8

Debug log:

 5 09:35 /etc/resolv.conf
   nameserver 127.0.0.1
   nameserver 1.1.1.1

*** [ DIAGNOSING ]: Pi-hole diagnosis messages
   count   last timestamp       type                  message                                                       blob1                 blob2                 blob3                 blob4                 blob5               
   ------  -------------------  --------------------  ------------------------------------------------------------  --------------------  --------------------  --------------------  --------------------  --------------------
   1       2024-01-05 09:30:48  DNSMASQ_WARN          DHCP packet received on wlan0 which has no address                                                                                                                        
   
   1       2024-01-05 10:01:43  DNSMASQ_WARN          no address range available for DHCP request via br-7b7904104                                                                                                              
                                                      2bb                                                                                                                                                                       
   
   1       2024-01-05 10:01:43  DNSMASQ_WARN          no address range available for DHCP request via br-b732a6846                                                                                                              
                                                      d3f                                                                                                                                                                       
   
   1       2024-01-05 10:01:43  DNSMASQ_WARN          no address range available for DHCP request via docker0                                                                                                                   
   
   1       2024-01-05 10:01:43  DNSMASQ_WARN          no address range available for DHCP request via veth3ca5b91                                                                                                               
   
   1       2024-01-05 10:01:43  DNSMASQ_WARN          no address range available for DHCP request via veth5d3bd7d                                                                                                               
   
   1       2024-01-05 10:01:43  DNSMASQ_WARN          no address range available for DHCP request via vetha814660

    * curl failed, contact Pi-hole support for assistance.
    * Error message: curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

[✗] There was an error uploading your debug log.

Full log:
https://tricorder.pi-hole.net/mD4ikl5q/

Secondary PI: (has static IP set to 192.168.8.3)
This output is from both DHCP host and Laptop:

ping 192.168.8.3
PING 192.168.8.3 (192.168.8.3) 56(84) bytes of data.
From 192.168.8.2 icmp_seq=1 Destination Host Unreachable
From 192.168.8.2 icmp_seq=2 Destination Host Unreachable
From 192.168.8.2 icmp_seq=3 Destination Host Unreachable

From the PI itself:
IP r:
default via 192.168.8.1 dev eth0 proto dhcp proto static metric 100

nmcli c edit eth0 -> print ipv4:

ipv4.addresses: 192.168.8.3/24
ipv4.gateway: 182.168.8.1
... rest are default

sudo dhclient -v eth0
the outoout is similar with the one from the pi host just different interface name

Laptop
IP r:

default via 192.168.8.1 dev wlp2s0 proto dhcp src 192.168.8.201 metric 20600 
192.168.8.0/24 dev wlp2s0 proto kernel scope link src 192.168.8.201 metric 600

sudo dhclient -v wlp2s0:

Listening on LPF/wlp2s0/f8:34:41:59:ab:e1
Sending on   LPF/wlp2s0/f8:34:41:59:ab:e1
Sending on   Socket/fallback
DHCPDISCOVER on wlp2s0 to 255.255.255.255 port 67 interval 7
DHCPOFFER of 192.168.8.201 from 192.168.8.2
DHCPREQUEST for 192.168.8.201 on wlp2s0 to 255.255.255.255 port 67
DHCPACK of 192.168.8.201 from 192.168.8.2
Error: ipv4: Address already assigned.
bound to 192.168.8.201 -- renewal in 37009 seconds.

nmcli shows no gateway/ipaddress set for either ipv4 or ipv6

ipv4.method:                            auto
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.replace-local-rule:                -1 (default)
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.dhcp-hostname-flags:               0x0 (none)
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.required-timeout:                  -1 (default)
ipv4.dad-timeout:                       -1 (default)
ipv4.dhcp-vendor-class-identifier:      --
ipv4.link-local:                        0 (default)
ipv4.dhcp-reject-servers:               --
ipv4.auto-route-ext-gw:                 -1 (default)

Output from a secondary interface (have 5GHz i and 2.4) - this one has manual config

['ipv4' setting values]
ipv4.method:                            manual
ipv4.dns:                               1.1.1.1
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         192.168.8.100/24
ipv4.gateway:                           192.168.8.1
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.replace-local-rule:                -1 (default)
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.dhcp-hostname-flags:               0x0 (none)
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.required-timeout:                  -1 (default)
ipv4.dad-timeout:                       -1 (default)
ipv4.dhcp-vendor-class-identifier:      --
ipv4.link-local:                        0 (default)
ipv4.dhcp-reject-servers:               --
ipv4.auto-route-ext-gw:                 -1 (default)

I missed this on your initial post where you wrote:

"If I want to use Pihole I have to use the built-in DCHP because my router does not allow me to set DNS servers."

The piholes DHCP server doesn't fix / overide the routers DNS settings. They are seperate servers. DHCP will hand out the ip addresses / leases but DNS is seperate.

I would suggest going back to using the routers DHCP and turn the Piholes off ( simplify that situation ) and as you just have 3 clients, manually set the DNS server for each to point to the PIhole. I believe this would work aound the issue with the router not allowing you to change the DNS server.

For the Pi's you can edit /etc/resolve.conf Here is an example of mine where 192.168.0.8 is my pihole.

domain net
search net
nameserver 192.168.0.8
nameserver 0.0.0.0

For windows I believe you need to edit the connection and change in the ipv4 tab.

And to be clear, the Piholes IP needs to be static.

I'm not trying to override the router's DNS settings. Correct me if I'm wrong but the whole point of the pi-hole's built-in DHCP is to be used when the router's DNS settings cannot be modified.
The way it should work is that Pi-hole assigns IP's and handles DNS, router should be just the gateway to the outside world. I do not have just 3 clients, I have 3 clients mentioned + TVs, phones, PS, Xbox, smart devices, etc ..

There's clearly some kind of misconfiguration on the PI that breaks everything and prevents Pihole from functioning correctly, finding workarounds does not fix the issue it just fixes 1 of the symptoms of the issue.

After searching a bit it seems like it can indeed do it but I don't believe its a default kind of option and requires editing files in /etc/dnsmasq.d/

I've never messed with dnsmasq configs so can't confirm that this is what actually needs to be done. Perhaps someone with more experience does.

Mods, devs, anyone? Someone must have some idea...
nvm

As a nuclear option, I changed distros and installed PI OS Bookworm instead. Pihole now works as intended as a DHCP server, even with docker.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.