I have followed this guide, and while it was working once upon a time, it no longer is working after using unbound
I followed this thread but no luck.
Both opnsense and pihole are running on on Proxmox and also it should be noted, I am running Pialert which also is not resolving hostnames
Also I added my logs here which may be helpful
https://tricorder.pi-hole.net/4AFypiLj/
I was able to get it working for now with enabling conditional formatting, but I feel like it should work without that
Your debug log looks normal.
Is your router's DNS server at 10.12.23.1 really answering on port 5353, though?
It probably shouldn't listen on that port - 5353 is reserved for the mDNS protocol.
Hmm, your debug log shows Conditional Forwarding to be disabled?
Oh good to know on the port, maybe that is part of the problem, I will switch it to 5335 and give that a shot, conditional formatting was disabled when doing the log report
Ok so I have changed to port 5335 on unbound but that is not doing anything for me.
I have updated the pihole debug file located here: https://tricorder.pi-hole.net/3RQ9ssDF/
I have also taken screenshots of all of the relevant settings I think within opnsense, if you need me to verify anything else let me know
How do you have unbound configured to listen for traffic? On the loopback interface, or via an external IP?
Pi-hole is configured to communicate with unbound as follows:
PIHOLE_DNS_1=10.12.23.1#5335
Is unbound running at that IP and configured to listen for traffic on that port?
Unbound is running with opnsense so it should be the same IP as opnsense I believe, and I have set the listen port to 5335
I can confirm it is working though, I can see that as I browse the web the Unbound queries continue to go up, so I would assume it is working, I can see individual requests which are correct for my browsing activity
Pi-hole does not have any knowledge about your local hostnames - it has to acquire that somehow, either by configuring respective DNS records, or by querying a DNS server that has that knowlegde.
So your Pi-hole is forwarding all non-blocked traffic to unbound, including requests for those local hostnames that it doesn't know about (e.g. via Local DNS records).
How does unbound learn about local hostnames then?
Since you state that Conditional Forwarding would work, that would suggest that your router's DHCP server is registering local hostnames at least with its local DNS resolver (assuming that CF targets your router's IP).
Enabling CF would be one correct way to have local hostname resolution in that case.
Alternatively, you could also consider to have Pi-hole use 10.12.23.1#53 (assuming that your router's local DNS resolver would also use unbound as its upstream).
Yet another way would involve configuring unbound on your router to forward queries for your local zone to your router's local DNS resolver, but you'd have to be careful to avoid a DNS loop with that configuration.
I have DNSmasq setup on port 53 currently, and I setup the edns0.conf file which successfully worked prior to having unbound setup. Once I added unbound to the equation hostnames stop coming across to pihole altogether.
I would normally just enable Conditional Fowarding and call it a day, but the issue I have is more with OPNsense than PiHole in that, hostnames are not coming across anywhere so I am trying to solve this issue because I think it will solve my other issues since those were also working prior to using unbound.
If I were to do this how would I go about that?
Very likely, that's because you have been using 10.12.23.1#53 as your Pi-hole's sole upstream then.
Configuring your router for EDNS0 ECS (Extended Client Subnet) would allow your router to expand its DNS requests with client IP address information. In turn, that would allow Pi-hole to attribute DNS requests to individual client IPs even if those clients are using your router for DNS.
Pi-hole still would have to acquire knowledge about client hostnames as explained.
That's a question for unbound.
If you are not familiar with unbound yet, it would probably be easiest to enable CF or go back to use your router as Pi-hole's upstream.
Note that either would work only if your router still knows about local hostnames.
That may not be the case if unbound has completely replaced your router's previous DNS resolver and your router's DHCP server would not inject DNS records for clients into unbound.
I have decided that it makes the most amount of sense to disable unbound, so I have done that and obviously changed the DNS settings to use couldflare as the upstream DNS service. I then enabled conditional formatting to get the correct hostnames, and it does work again now. Does not in other services obviously but that seems to be an opensense issue not anything to do with pihole.
The one issue I am now having is, I keep getting this error in pihole
DNSMASQ_WARN Maximum number of concurrent DNS queries reached (max: 150)
How can I solve this?
Please, generate a new debug log.
I tried
Error message: curl: (6) Could not resolve host: tricorder.pi-hole.net
I am having all kinds of internet issues atm though
So I am not sure where the problem lies, but I have bypassed pihole altogether now, its so unbelievably slow compared to just using opnsense, i may just have to look for alternative solutions to pihole for now
Your debug log shows that your Pi-hole machine has upstream connectivity issues:
*** [ DIAGNOSING ]: Operating system
[i] Distro: Debian
[i] Version: 11
[✗] dig return code: 9
[✗] dig response: ;; connection timed out; no servers could be reached
[✗] Error: dig command failed - Unable to check OS
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] s.anticrsss1-ep.xyz is 0.0.0.0 on lo (127.0.0.1)
[✓] s.anticrsss1-ep.xyz is 0.0.0.0 on eth0 (10.12.23.2)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)
That may be related to your observation:
That warning would indicate a client excessively requesting DNS resolution, or your Pi-hole lacking any upstream connectivity, or a DNS loop of sorts.
From your Pi-hole machine, what's the output of:
echo ">stats >quit" | nc localhost 4711
echo ">top-clients>quit" | nc localhost 4711
echo ">top-domains >quit" | nc localhost 4711
echo ">top-ads >quit" | nc localhost 4711
Since your debug log indeed shows upstream issues for your Pi-hole host machine:
Are you blocking DNS access on your OPNsense, probably allowing it only for a selected few DNS resolvers?
Are those resolvers part of Pi-hole's configured upstreams?
Did you perhaps deploy other rules in your OPNsense firewall hat would affect DNS?
And likely unrelated to that warning, your debug log also shows quite a few issues for your PiAlert installation hosted on the same machine:
*** [ DIAGNOSING ]: contents of /var/log/lighttpd
-rw-r--r-- 1 www-data www-data 78K May 12 01:20 /var/log/lighttpd/error-pihole.log
-----head of error-pihole.log------
2023-05-07 05:51:40: server.c.1513) server started (lighttpd/1.4.59)
2023-05-07 06:19:20: server.c.1976) server stopped by UID = 0 PID = 1
2023-05-07 06:19:20: server.c.1513) server started (lighttpd/1.4.59)
2023-05-07 06:19:39: server.c.949) [note] graceful shutdown started
2023-05-07 06:19:39: server.c.1976) server stopped by UID = 0 PID = 23429
2023-05-07 06:19:39: server.c.1513) server started (lighttpd/1.4.59)
2023-05-07 06:20:25: server.c.1976) server stopped by UID = 0 PID = 1
2023-05-07 06:20:26: server.c.1513) server started (lighttpd/1.4.59)
2023-05-07 06:20:47: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined index: SubmitConfigFileEditor in /root/pialert/front/index.php on line 17
2023-05-07 06:20:47: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined index: action in /root/pialert/front/index.php on line 30
2023-05-07 06:20:47: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/index.php on line 48
2023-05-07 06:20:48: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Trying to access array offset on value of type bool in /root/pialert/front/php/server/parameters.php on line 49
2023-05-07 06:20:48: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Trying to access array offset on value of type bool in /root/pialert/front/php/server/parameters.php on line 49
2023-05-07 06:20:48: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-07 06:20:48: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-07 06:21:15: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-black-light): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-black): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-blue-light): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-blue): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-green-light): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-green): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-purple-light): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
2023-05-07 06:21:23: mod_fastcgi.c.487) FastCGI-stderr:PHP Warning: unlink(../../../db//setting_skin-purple): No such file or directory in /root/pialert/front/php/server/devices.php on line 899
-----tail of error-pihole.log------
2023-05-12 00:55:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 00:56:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 00:57:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 00:58:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 00:59:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:00:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:01:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:02:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:03:39: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:04:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:05:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:06:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:07:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:08:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:09:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:10:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:11:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:12:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:13:40: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:14:41: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:15:42: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:17:08: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:18:25: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:19:30: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
2023-05-12 01:20:31: mod_fastcgi.c.487) FastCGI-stderr:PHP Notice: Undefined variable: pia_lang_selected in /root/pialert/front/php/server/devices.php on line 17
OK, so I had done some research and I had read a few people who have had trouble running pihole on proxmox so instead of installing it manually I used an automated LXC installer for proxmox which honestly so far does seem better, not perfect but better.
I also tried a test out, I have another instance of Pihole on my network, I previously ran Pihole on my unraid server via a docker container however this has been my attempt at moving Pihole off of my unraid server so that when I take my Unraid offline I then do not lose internet completely (also trying to minimize the number of docker containers that machine has running). However when I use this Pihole setup things run much smoother, albeit I am manually telling my mac machine to use it as DNS rather than the opnsense firewall to use it, so that might have some weight, not sure.
So I have created a fresh new LXC container for Pihole, only have PiHole running on it for now, no PiAlert. I copied all of my settings from my unraid Pihole, setup the same adlists and whitelists etc. And things seem to be running better, for example it is now pulling hostnames without conditional forwarding enabled which is a start.
But it does sort of do this thing where the DNS resolution seems like it's on an on off switch, it either works or it doesn't
For example when running the whitelist script from github, I got this output
[✗] DNS resolution is currently unavailable
[✓] DNS resolution is now available
which sat there for about a min or two, and then ran fine.
I have updated my logs, which can be found here
https://tricorder.pi-hole.net/a9ERpdsc/
Also here is the results of the questions you were asking -
echo ">stats >quit" | nc localhost 4711
domains_being_blocked 1278254
dns_queries_today 2219
ads_blocked_today 164
ads_percentage_today 7.390717
unique_domains 422
queries_forwarded 1629
queries_cached 169
clients_ever_seen 11
unique_clients 11
dns_queries_all_types 2219
reply_UNKNOWN 956
reply_NODATA 255
reply_NXDOMAIN 39
reply_CNAME 400
reply_IP 487
reply_DOMAIN 9
reply_RRNAME 0
reply_SERVFAIL 0
reply_REFUSED 0
reply_NOTIMP 0
reply_OTHER 0
reply_DNSSEC 0
reply_NONE 0
reply_BLOB 73
dns_queries_all_replies 2219
privacy_level 0
status enabled
echo ">top-clients>quit" | nc localhost 4711
0 1983 10.12.23.13 Champs-Magic-Mac-Pro.champ
1 86 127.0.0.1 localhost
2 54 10.12.23.46 Nest-Cam1.champ
3 44 10.12.23.6 NETGEAR-AP02.champ
4 33 10.12.23.43 LG-Air-Conditioner.champ
5 32 10.12.23.11 Beltzer.champ
6 20 10.12.23.41 Ikea-Home-Hub.champ
7 8 10.12.23.21 Octopi.champ
8 3 10.12.23.2 pihole.local
9 3 10.12.23.42 LG-Refrigerator.champ
echo ">top-domains >quit" | nc localhost 4711
0 64 api.spotify.com
1 63 signaler-pa.clients6.google.com
2 57 github.com
3 57 ssl.gstatic.com
4 55 clients2.google.com
5 52 google.com
6 50 www.google.com
7 49 play.google.com
8 46 discord.com
9 43 beacons.gcp.gvt2.com
echo ">top-ads >quit" | nc localhost 4711
0 28 dealer.spotify.com
1 17 webhook.logentries.com
2 11 beacons.gcp.gvt2.com
3 10 beacons.gvt2.com
4 10 adservice.google.com
5 10 beacons3.gvt2.com
6 10 beacons2.gvt2.com
7 10 beacons4.gvt2.com
8 10 beacons5.gvt2.com
9 10 beacons5.gvt3.com
Not that I am away of, I had thought about creating a firewall rule to do this, but never did due to so many issues
Well that didn't last long
Pihole web ui has become inaccessable again
Here is the updated debug log: https://tricorder.pi-hole.net/B1cgu3fI/
Quickly scrolling through it I saw the error that the gateway was inaccessable, I have no idea why that would be
Well I have figured out that the pihole is not accessible if the pihole is set as the DNS provider for DHCP (This is the only place I am telling OPNsense to use pihole) if I use 9.9.9.9 as my DNS provider, then pihole is accessible but not if its the ip of my pihole, I hope this makes sense
Your results show that over half of the requests that your Pi-hole has sent upstream never receiced an answer:
Also, your most recent debug log again shows your Pi-hole is having upstream connectivity issues:
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
(...)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)
*** [ DIAGNOSING ]: Operating system
[i] Distro: Debian
[i] Version: 11
[✗] dig return code: 10
[✗] dig response: dig: couldn't get address for 'ns1.pi-hole.net': failure
[✗] Error: dig command failed - Unable to check OS
This would reaffirm my previous suspicion that something is blocking outbound DNS for your Pi-hole.
Run from the machine hosting your Pi-hole, what is the result of the following commands:
nslookup ns1.pi-hole.net 9.9.9.9
nslookup ns1.pi-hole.net 149.112.112.112
nslookup ns1.pi-hole.net 1.1.1.1
nslookup ns1.pi-hole.net 1.0.0.1