I am fairly new to all of this so forgive me for my ignorance. I really would like to learn if anyone has the patience to help. I attempted to install Ubuntu and Pi-hole on an unused laptop at my home with a wired ethernet to in hope to see DNS queries, or just get a visual of the internet activity being that I have a tv running Kodi and a PC for my Rocket League obsession. I have recently replaced my ISP provided router with a TP Link Archer AX3000. I noticed the subscription to monitor network activity was very vague but also i had a lot of action going on with the tv and all of the various installations made on it (you know adult content and other malicious things)
ANYWAYS back to the issue at hand here...
My ISP does not really indulge into the IPv6 so i have that set as OFF
SLAAC+Stateless DHCP. Somewhere my configuration has invalid or just wrong altogether from the start. But if someone could just list the commands that would help a lot.
Just a suggestion. I would go directly to the source for implementing Pi-hole at Overview of Pi-hole - Pi-hole documentation instead of some tutorial from youtube. Some of those instructions usually left out part, so you'll end up with issue. It is good that you provide a debug log for admin to assist you in troubleshooting.
What's your reason for wanting a recursive resolver?
Pi-hole isn't a recursive resolver, it is a filtering DNS forwarder.
According to your debug log, you are running Bind9's DNS server named:
*** [ DIAGNOSING ]: Ports in use
[✗] udp:192.168.0.3:53 is in use by named (https://docs.pi-hole.net/main/prerequisites/#ports)
Bind9's DNS server can be configured to run as recursive or authoritative DNS server, so if you really want to run a recursive resolver, named may have gotten you halfway there.
But as both named as well as Pi-hole must claim port 53, only one of them would be able to actually do so.
If you prefer to run Pi-hole, you should disable and/or uninstall named, or move it to a different port.
The latter may allow you to run named as Pi-hole's only upstream DNS server, allowing you to combine Pi-hole's filtering with running a recursive resolver yourself (provided named would be configured as recursive resolver).
But you must have somehow made a wrong turn during the installation of Ubuntu.
I believe it doesnt default install bind9.
Only if you explicitly selected it during the install process.
With above hack, chances are that when you reboot, netplan.io will try to boot up named anyway:
$ apt show netplan.io
[..]
Description: YAML network configuration abstraction for various backends
netplan reads YAML network configuration files which are written
by administrators, installers, cloud image instantiations, or other OS
deployments. During early boot it then generates backend specific
configuration files in /run to hand off control of devices to a particular
networking daemon.
.
Currently supported backends are networkd and NetworkManager.
Let's say i get the correct configuration and continue with this process. which i have done. What would be the settings i need to adjust on my tp link to allow this to show any logs blocked or allowed?
Do you have Pi-hole FTL running now if query with below in a shell/Putty session after a reboot?
pihole status
If so, have a look if you can use below TP-Link guide:
Above guide forgets to mention that all your network clients would need to renew their DHCP lease for the changed settings to take effect.
For that you can power cycle router, switches and WiFi AP's.
As soon as the clients detect that network is restored, they will request a new DHCP lease.
You can test if its blocking if run below nslookup on one of your clients.
Can be a Windows, MacOS or a Linux client.
It should reply with 0.0.0.0 as an answer:
Also that guide only covers the IPv4 bit and not for IPv6!
For starters, you could disable IPv6 support entirely on the TP-link router to prevent DNS queries from bypassing Pi-hole via IPv6 DNS.
If you copy/paste screenshots for all IPv6 related settings on the TP-Link router to here, we can have a look if its possible to also have IPv6 configured properly on your LAN?
Get this part working first before you proceed to install and configure the recursive Unbound resolver as a dessert like in that YT video you linked before.
And follow below official guide this time
and my Pi status i'll copy and paste below
[✓] FTL is listening on port 53
[✓] UDP (IPv4)
[✓] TCP (IPv4)
[✗] UDP (IPv6)
[✗] TCP (IPv6)
[✓] Pi-hole blocking is enabled
and nslookup did reply with 0.0.0.0
Now i am wondering what else I could accomplish with learning this little bit I have learned from this experience. I'll copy and paste screenshots of Routers config as of right now
EDIT: I restarted DNS resolver and just have the rate limit showing but i now have a reverse DNS every second on my logs for 192.168.0.3 and I would love to get this fixed
I dont know what those devices are.
Those IP's and MAC's in the "Network overview" are sourced from the OS ARP cache/table via neighbor discovery:
$ arp -n
Address HWtype HWaddress Flags Mask Iface
10.0.0.5 ether 00:16:3e:XX:XX:XX C eth0
10.0.0.131 ether 00:16:3e:XX:XX:XX C eth0
10.0.0.11 ether 00:1e:0b:XX:XX:XX C eth0
[..]
$ ip neighbor
10.0.0.5 dev eth0 lladdr 00:16:3e:XX:XX:XX STALE
10.0.0.131 dev eth0 lladdr 00:16:3e:XX:XX:XX STALE
10.0.0.11 dev eth0 lladdr 00:1e:0b:XX:XX:XX DELAY
[..]
You could try ping each address on the Ubuntu host with below and depending if it replies, start switching off devices to see when the replies stop
$ ping 10.0.0.5
PING 10.0.0.5 (10.0.0.5) 56(84) bytes of data.
64 bytes from 10.0.0.5: icmp_seq=1 ttl=64 time=1.63 ms
64 bytes from 10.0.0.5: icmp_seq=2 ttl=64 time=1.56 ms
[..]
About the warning "ignoring query from non-local ...", keep an eye if any new warnings appear?
Do you have by any chance port forwarded/NATed DNS traffic on the router to the Pi-hole host IP to allow access from the Internet to your Pi-hole at home?
Bc thats not recommended as Pi-hole is not designed for that, security wise, and you could unwillingly participate in DNS DDoS reflection/amplification attacks against others if run an "open resolver"!
Also you wont get support here if run an open resolver.
About the "RATE_LIMIT" warning, did you change any other settings on the TP-Link router?
Those settings in the TP-Link guide are the only settings you need to change for Pi-hole blocking and no others!
From that rate limiting warning, it seems as if you have the Pi-hole IP configured in the TP-Link WAN/Internet DNS settings?
Leave those WAN/Internet DNS settings on the router on OOTB defaults!
Something like "receive automatically".
If not, you'll likely close a partial DNS loop if also have Pi-hole "Conditional Forwarding" configured and enabled which will also trigger rate limiting.
Well being that i am not trying to be an accomplice in any ddos attacks I really do not know if my configuration is attributing to such so I will post Router screenshots and mark out my dynamic IP if that is even necessary.
Port forwarding has been left alone on the router admin page I do have MAC binded IP's and upon further investigation through trial and error if I set DNS to the IP of my pi which is 192.168.0.3 under DHCP settings, my advanced settings as seen in the first picture below, or in the DoT tab I am clearly doing something wrong. My TP Link will eventually get the orange light and I have to undo the changes and the IP renews again. Ideally would like to know if that issue was resolved if my adblock tester score would increase because it is currently at a 39/100.
"Internet settings" in the first screenshot looks good.
Those DNS servers appear to be from your ISP and not the Pi-hole IP which could potentially close a DNS loop:
I dont understand above bit???
Why is the Pi-hole IP not configured for DNS in the "DHCP Server" settings but instead those of Google's (8.8.8.8 and 8.8.4.4)?
I also dont know what an orange led on the router means.
Check your router manual for that.
There is no mention of changing DoT or DoH settings in the official TP-Link guide.
So try revert those settings back to OOTB factory defaults.
Have more recent "ignoring query from non-local ..." warning messages appeared since last time?
That flood of 3.0.168.192.in-addr.arpa PTR queries (reverse lookups) coming from the router IP @192.168.0.1 is evidence that something on the router is/was configured to make use of the Pi-hole IP for DNS resolution.
DHCP server DNS settings has nothing to do with that as these are advertised to the clients only.
Add that rate limiting was triggered, this is usually caused by a misconfiguration somewhere closing a DNS loop or partial DNS loop.
DNS queries bouncing back and forth between router and the Pi-hole host bc none of them can answer so they forwards the query to the other until rate limiting kicks in or resources are depleted (# concurrent connections, RAM, storage etc).
Are you still currently experiencing those floods?
No no more flood of the reverse DNS and every time I configure the DNS of my Pi's IP the devices do not work or the internet search i try as a test run will never load and time out
Its the DHCP server DNS settings that needs changing from 8.8.8.8 and 8.8.4.4 into the Pi-hole IP 192.168.0.3.
For both DNS fields (primary & secondary) if the router allows.
Below settings:
In a nutshell, you only have to make it so that your router advertises the Pi-hole IP for DNS to the clients via its own DHCP service.
Or multiple times which is the default for Pi-hole's own DHCP service in the upcoming v6 release:
$ sudo pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
[..]
dns-server: 10.0.0.2
dns-server: 10.0.0.2
dns-server: 10.0.0.2
No other settings needs changing on the router except for creating a static DHCP reservation based on MAC if the Pi-hole host isn't configured with a true static IP (not one acquired via DHCP but one set manualy on the host itself).
My bad i must’ve misunderstood here, so that needs to be back to its original settings. i’m getting the notion to factory reset the router itself so i don’t miss anything.
I never chose the IP of the pi but i did static it once it was given the 192.168.0.3 should i just aim to static that same IP after the router boots back up and then set that DNS?
Also found a hidden camera in my house that i was unaware of that’s what one of the ip’s i had earlier and another was just my smart tv in the living room i thought i had unplugged but someone clearly didn’t like it unplugged and took that upon themselves to plug it back in at some point
