No internet when DHCP is turned on

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

Pi-Hole should be acting as my DHCP service, and my DNS service and allowing my web pages to load without ads.

Actual Behaviour:

DNS and DHCP are both active, and resolutions are being forwarded from Pi-Hole as shown in the logs but nothing is loading, and I need to manually alter the DNS Server address on a device to 8.8.8.8 for internet to work.

Debug Token:

As I cant upload the script, I’m just uploading the results.
I don’t mind about the personal info in the results. It’s not too personal in the grand scheme of things.

This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net.

The intent of this script is to allow users to self-diagnose their installations.  This is accomplished by running tests against our software and providing the user with links to FAQ articles when a problem is detected.  Since we are a small team and Pi-hole has been growing steadily, it is our hope that this will help us spend more time on development.

NOTE: All log files auto-delete after 48 hours and ONLY the Pi-hole developers can access your data via the given token. We have taken these extra steps to secure your data and will work to further reduce any personal information gathered.

*** [ INITIALIZING ]
[i] 2018-05-22:00:19:56 debug log has been initialized.

*** [ INITIALIZING ] Sourcing setup variables
[i] Sourcing /etc/pihole/setupVars.conf...

*** [ DIAGNOSING ]: Core version
[i] Core: v3.3.1 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Branch: master
[i] Commit: v3.3.1-0-gfbee18e

*** [ DIAGNOSING ]: Web version
[i] Web: v3.3 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Branch: master
[i] Commit: v3.3-0-ge48aa29

*** [ DIAGNOSING ]: FTL version
[✓] FTL: v3.0 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)

*** [ DIAGNOSING ]: dnsmasq version
[i] 2.76

*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.35

*** [ DIAGNOSING ]: php version
[i] 5.6.33

*** [ DIAGNOSING ]: Operating system
[✓] Raspbian GNU/Linux 8 (jessie)

*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected

*** [ DIAGNOSING ]: Processor

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the wlan0 interface:
   192.168.1.2/24 matches the IP found in /etc/pihole/setupVars.conf

[✓] IPv6 address(es) bound to the wlan0 interface:
   fe80::5b2b:a782:e39d:395b does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

   ^ Please note that you may have more than one IP address listed.
   As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.

   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.

[i] Default IPv4 gateway: 192.168.1.1
   * Pinging 192.168.1.1...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)


*** [ DIAGNOSING ]: Ports in use
[53] is in use by dnsmasq
[80] is in use by lighttpd
[] is in use by 
[4711] is in use by pihole-FTL

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] ad.doubleclick.net.25978.9197.302br.net is 192.168.1.2 via localhost (127.0.0.1)
[✓] ad.doubleclick.net.25978.9197.302br.net is 192.168.1.2 via Pi-hole (192.168.1.2)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Pi-hole processes
[✓] dnsmasq daemon is active
[✓] lighttpd daemon is active
[✓] pihole-FTL daemon is active

*** [ DIAGNOSING ]: Setup variables
    PIHOLE_INTERFACE=wlan0
    IPV4_ADDRESS=192.168.1.2/24
    IPV6_ADDRESS=
    QUERY_LOGGING=true
    INSTALL_WEB=true
    LIGHTTPD_ENABLED=1
    DHCP_ACTIVE=true
    DHCP_START=192.168.1.3
    DHCP_END=192.168.1.254
    DHCP_ROUTER=192.168.1.1
    DHCP_LEASETIME=24
    PIHOLE_DOMAIN=lan
    DHCP_IPv6=false
    DNSMASQ_LISTENING=all
    PIHOLE_DNS_1=8.8.8.8
    PIHOLE_DNS_2=8.8.4.4
    DNS_FQDN_REQUIRED=true
    DNS_BOGUS_PRIV=true
    DNSSEC=false
    CONDITIONAL_FORWARDING=false

*** [ DIAGNOSING ]: Dashboard and block page
[✓] X-Pi-hole: A black hole for Internet advertisements.
[✓] X-Pi-hole: The Pi-hole Web interface is working!

*** [ DIAGNOSING ]: Gravity list
-rw-r--r-- 1 root root 4231631 May 22 00:20 /etc/pihole/gravity.list
   -----head of gravity.list------
   192.168.1.2 0.0.0.0
   192.168.1.2 0.r.msn.com
   192.168.1.2 0.start.bz
   192.168.1.2 000.gaysexe.free.fr

   -----tail of gravity.list------
   192.168.1.2 zzsyw.com
   192.168.1.2 zztxdown.com
   192.168.1.2 zzz.clickbank.net
   192.168.1.2 zzzrtrcm2.com

*** [ DIAGNOSING ]: contents of /etc/pihole

-rw-r--r-- 1 root root 633 May 20 23:54 /etc/pihole/adlists.list
   https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
   https://mirror1.malwaredomains.com/files/justdomains
   http://sysctl.org/cameleon/hosts
   https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
   https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
   https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
   https://hosts-file.net/ad_servers.txt

-rw-r--r-- 1 root root 39 May 22 00:20 /etc/pihole/local.list
   192.168.1.2 JESSIE
   192.168.1.2 pi.hole

-rw-r--r-- 1 root root 234 May 21 22:45 /etc/pihole/logrotate
   /var/log/pihole.log {
   	su root root
   	daily
   	copytruncate
   	rotate 5
   	compress
   	delaycompress
   	notifempty
   	nomail
   }
   /var/log/pihole-FTL.log {
   	su root root
   	weekly
   	copytruncate
   	rotate 3
   	compress
   	delaycompress
   	notifempty
   	nomail
   }

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d

-rw-r--r-- 1 root root 1547 May 21 23:47 /etc/dnsmasq.d/01-pihole.conf
   addn-hosts=/etc/pihole/gravity.list
   addn-hosts=/etc/pihole/black.list
   addn-hosts=/etc/pihole/local.list
   localise-queries
   no-resolv
   cache-size=10000
   log-queries=extra
   log-facility=/var/log/pihole.log
   local-ttl=2
   log-async
   server=8.8.8.8
   server=8.8.4.4
   domain-needed
   bogus-priv
   except-interface=nonexisting

-rw-r--r-- 1 root root 481 May 21 23:47 /etc/dnsmasq.d/02-pihole-dhcp.conf
   dhcp-authoritative
   dhcp-range=192.168.1.3,192.168.1.254,24h
   dhcp-option=option:router,192.168.1.1
   dhcp-leasefile=/etc/pihole/dhcp.leases
   domain=lan

*** [ DIAGNOSING ]: contents of /etc/lighttpd

-rw-r--r-- 1 root root 3027 May 21 22:45 /etc/lighttpd/lighttpd.conf
   server.modules = (
   	"mod_access",
   	"mod_accesslog",
   	"mod_auth",
   	"mod_expire",
   	"mod_compress",
   	"mod_redirect",
   	"mod_setenv",
   	"mod_rewrite"
   )
   server.document-root        = "/var/www/html"
   server.error-handler-404    = "pihole/index.php"
   server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
   server.errorlog             = "/var/log/lighttpd/error.log"
   server.pid-file             = "/var/run/lighttpd.pid"
   server.username             = "www-data"
   server.groupname            = "www-data"
   server.port                 = 80
   accesslog.filename          = "/var/log/lighttpd/access.log"
   accesslog.format            = "%{%s}t|%V|%r|%s|%b"
   index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
   url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
   static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
   compress.cache-dir          = "/var/cache/lighttpd/compress/"
   compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "/usr/share/lighttpd/create-mime.assign.pl"
   include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"
' 2>/dev/null"
   $HTTP["url"] =~ "^/admin/" {
       
       setenv.add-response-header = (
           "X-Pi-hole" => "The Pi-hole Web interface is working!",
           "X-Frame-Options" => "DENY"
       )
       $HTTP["url"] =~ ".ttf$" {
           
           setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
       }
   }
   $HTTP["url"] =~ "^/admin/\.(.*)" {
        url.access-deny = ("")
   }
   include_shell "cat external.conf 2>/dev/null"

*** [ DIAGNOSING ]: contents of /etc/cron.d

-rw-r--r-- 1 root root 1496 May 21 22:45 /etc/cron.d/pihole
   56 4   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity
   00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush once quiet
   @reboot root /usr/sbin/logrotate /etc/pihole/logrotate
   */10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local
   23 12  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
   @reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot

*** [ DIAGNOSING ]: contents of /var/log/lighttpd

-rw-r--r-- 1 www-data www-data 2545 May 21 23:50 /var/log/lighttpd/error.log
   2018-05-20 23:53:18: (log.c.164) server started 
   2018-05-20 23:54:04: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-20 23:54:05: (log.c.164) server started 
   2018-05-20 23:54:05: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 
   2018-05-21 00:05:09: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-21 00:05:22: (log.c.164) server started 
   2018-05-21 00:05:22: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 
   2018-05-21 22:09:20: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-21 22:09:32: (log.c.164) server started 
   2018-05-21 22:09:32: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 
   2018-05-21 22:15:39: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-21 22:16:17: (log.c.164) server started 
   2018-05-21 22:16:17: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 
   2018-05-21 22:29:43: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-21 22:29:49: (log.c.164) server started 
   2018-05-21 22:29:49: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 
   2018-05-21 22:38:57: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-21 22:39:14: (log.c.164) server started 
   2018-05-21 22:39:14: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 
   2018-05-21 22:42:22: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-21 22:42:34: (log.c.164) server started 
   2018-05-21 22:42:34: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 
   2018-05-21 22:45:58: (server.c.1558) server stopped by UID = 0 PID = 1 
   2018-05-21 22:45:58: (log.c.164) server started 
   2018-05-21 22:45:58: (server.c.1045) WARNING: unknown config-key: alias.url (ignored) 

*** [ DIAGNOSING ]: contents of /var/log

-rw-r--r-- 1 pihole pihole 1876 May 22 00:20 /var/log/pihole-FTL.log
   [2018-05-22 00:00:12.272] New forward server: 8.8.4.4 (0/4)
   [2018-05-22 00:00:12.273] Notice: Increasing overTime struct size from 0 to 100 (464.62 KB)
   [2018-05-22 00:00:22.285] New forward server: 8.8.8.8 (1/4)
   [2018-05-22 00:00:22.286] Notice: Increasing overTime struct size from 100 to 200 (469.99 KB)
   [2018-05-22 00:00:22.293] New client: 192.168.1.6 (1/10)
   [2018-05-22 00:00:22.303] New client: 192.168.1.131 tobys-iphone.lan (2/10)
   [2018-05-22 00:00:22.310] New client: 192.168.1.168 living-room.lan (3/10)
   [2018-05-22 00:00:22.317] New client: 192.168.1.236 x.lan (4/10)
   [2018-05-22 00:00:22.325] New client: 192.168.1.170 (5/10)
   [2018-05-22 00:00:22.387] New client: 192.168.1.1 (6/10)
   [2018-05-22 00:00:22.394] New client: 192.168.1.80 tobys-air.lan (7/10)
   [2018-05-22 00:00:22.466] New client: 192.168.1.2 jessie (8/10)
   [2018-05-22 00:00:22.481] New client: 192.168.1.3 (9/10)
   [2018-05-22 00:00:22.481] Notice: Increasing clients struct size from 10 to 20 (475.86 KB)
   [2018-05-22 00:00:22.498] Imported 7810 queries from the long-term database
   [2018-05-22 00:00:22.499] Reading from /var/log/pihole.log (rw-r--r--)
   [2018-05-22 00:20:29.464] NOTICE: Received signal SIGHUP - re-reading gravity files
   [2018-05-22 00:20:29.716] Gravity list entries: 122096
   [2018-05-22 00:20:29.716] No blacklist present
   [2018-05-22 00:20:29.716] No wildcard blocking list present
   [2018-05-22 00:20:29.716]  -> Total DNS queries: 9153
   [2018-05-22 00:20:29.716]  -> Cached DNS queries: 117
   [2018-05-22 00:20:29.716]  -> Forwarded DNS queries: 8766
   [2018-05-22 00:20:29.716]  -> Exactly blocked DNS queries: 31
   [2018-05-22 00:20:29.716]  -> Wildcard blocked DNS queries: 0

*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 dnsmasq root 453335 May 22 00:23 /var/log/pihole.log
   -----head of pihole.log------
   May 22 00:00:02 dnsmasq[1454]: 254 127.0.0.1/57260 query[PTR] 4.4.8.8.in-addr.arpa from 127.0.0.1
   May 22 00:00:02 dnsmasq[1454]: 254 127.0.0.1/57260 forwarded 4.4.8.8.in-addr.arpa to 8.8.4.4
   May 22 00:00:02 dnsmasq[1454]: 254 127.0.0.1/57260 forwarded 4.4.8.8.in-addr.arpa to 8.8.8.8
   May 22 00:00:03 dnsmasq[1454]: 255 127.0.0.1/32965 query[A] 3.debian.pool.ntp.org from 127.0.0.1
   May 22 00:00:03 dnsmasq[1454]: 255 127.0.0.1/32965 forwarded 3.debian.pool.ntp.org to 8.8.4.4
   May 22 00:00:03 dnsmasq[1454]: 255 127.0.0.1/32965 forwarded 3.debian.pool.ntp.org to 8.8.8.8
   May 22 00:00:03 dnsmasq[1454]: 256 127.0.0.1/32965 query[AAAA] 3.debian.pool.ntp.org from 127.0.0.1
   May 22 00:00:03 dnsmasq[1454]: 256 127.0.0.1/32965 forwarded 3.debian.pool.ntp.org to 8.8.4.4
   May 22 00:00:03 dnsmasq[1454]: 256 127.0.0.1/32965 forwarded 3.debian.pool.ntp.org to 8.8.8.8
   May 22 00:00:04 dnsmasq[1454]: 257 127.0.0.1/54526 query[A] clients1.google.com from 127.0.0.1
   May 22 00:00:04 dnsmasq[1454]: 257 127.0.0.1/54526 forwarded clients1.google.com to 8.8.4.4
   May 22 00:00:04 dnsmasq[1454]: 257 127.0.0.1/54526 forwarded clients1.google.com to 8.8.8.8
   May 22 00:00:05 dnsmasq[1454]: 258 192.168.1.131/54089 query[A] epdg.epc.mnc002.mcc505.pub.3gppnetwork.org from 192.168.1.131
   May 22 00:00:05 dnsmasq[1454]: 258 192.168.1.131/54089 forwarded epdg.epc.mnc002.mcc505.pub.3gppnetwork.org to 8.8.4.4
   May 22 00:00:05 dnsmasq[1454]: 258 192.168.1.131/54089 forwarded epdg.epc.mnc002.mcc505.pub.3gppnetwork.org to 8.8.8.8
   May 22 00:00:05 dnsmasq[1454]: 259 192.168.1.80/58276 query[TXT] sandbox.push.apple.com from 192.168.1.80
   May 22 00:00:05 dnsmasq[1454]: 259 192.168.1.80/58276 forwarded sandbox.push.apple.com to 8.8.4.4
   May 22 00:00:05 dnsmasq[1454]: 259 192.168.1.80/58276 forwarded sandbox.push.apple.com to 8.8.8.8
   May 22 00:00:05 dnsmasq[1454]: 260 192.168.1.168/62082 query[A] itunes.apple.com from 192.168.1.168
   May 22 00:00:05 dnsmasq[1454]: 260 192.168.1.168/62082 forwarded itunes.apple.com to 8.8.4.4


********************************************
********************************************
[✓] ** FINISHED DEBUGGING! **

    * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
    * For more information, see: https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/
    * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat.
[i] Debug script running in automated mode
    * Using openssl for transmission.
[✗]  There was an error uploading your debug log.
   * Please try again or contact the Pi-hole team for assistance.
   * A local copy of the debug log can be found at: /var/log/pihole_debug-sanitized.log
2

What's the output on nslookup flurry.com on your client and on the raspberry ?

3

Yes, I have manually updated to v2.76.

If I don’t turn DHCP on it works but everything looks like it’s coming from the router, I wanted to run the DHCP so I can see which device is requesting ads, etc.

4

Based on image

Did you disable the DHCP in your router? What IP range do you have it set-up on the LAN side?

Is it from the same class?

5

Yes I turned off the DHCP on the router and turned it on, on the Pi.

I set the Pi to be 192.168.1.2 and the IP leasing scope to be the same as what the router was leasing, except I dropped the Pi from the scope, so previously on the router it was 192.168.1.2-254 but on the Pi it’s now leasing from 192.168.1.3-254.

6

The debug log shows an error when querying (for) the gateway.

See this topic for additional info: Why is a default gateway important for Pi-hole?

7

This is strange.

If I turn on the DHCP on the Pi, and turn off the DHCP on the router, I don’t get internet.

But if I leave that setup and set my DNS to 8.8.8.8 on my phone, I can get internet access.

If I turn off the DHCP on my Pi, and turn on my DHCP on my router, I get internet access.

Does this make any sense to you?

I don’t think there’s an issue with the gateway as it appears to work when the Pi isn’t set as the DHCP.

8

From this, it sounds that you DO have internet but DNS is not working.
Is there a way for you to try these commands (when it fails) on a separate device ?

nslookup flurry.com 192.168.1.1
nslookup flurry.com 192.168.1.2
nslookup flurry.com 8.8.8.8

And ... post the output ...

9

Hey sorry for the delay,

I have now reimaged the SDCard with the latest version of Raspbian Stretch, upgrades are all installed and Dnsmasq is v2.76.

Your results:

DHCP and DNS handled by pie are still failing to load.

See the image I’ve sent through.

IMG_1079.jpg2851×2138 2.69 MB

10

Your lookup through 192.168.1.2 worked.

That’s the DNS IP you need to use on your clients/router

11

Yes, that’s what I’m using, and I can see forwards of DNS requests to the upstream DNS Server (Google) but nothing ever loads on the device making the requests.

12

Do you see in your pi-hole admin interface the requests?

13

I do.

I tried to access a website from Apple on my partners phone and then I refreshed the Pihole interface and I saw the website show up and it said the status was ‘forwarded’ but the page never loaded on the phone.

14

If you access a blocked domain on your device, you should see a pi-hole splash page. Try opening the domain above in a browser on the phone.

15

Sorry which domain, I couldn’t see any domain that you sent through?

16

The one you performed the nslookup on. flurry.com

17

Oh never mind I tried the flurry.com one and it blocked the page as you said.

image
image1125×2436 353 KB

18

That, right there is actually the Pi-hole responding to the DNS query.

Since '`flurry.com' is a blocked domain, this shows that pi-hole dns, intercepted the request and acted accordingly.

19

Yes, I understand, but if I were to turn the DHCP on, on the Pi, and off on the router and go to an unblocked website, it would say that the request was forwarded but never load the page.

I’m happy for you to remote to my device and take a look around with Teamviewer if you’d like?

20

when you turn on DHCP on the pi, what is the output of:

sudo sytemctl status dnsmasq and sudo systemctl status pihole-FTL.service ?

Your DHCP server might be failing due to some configuration errors...