as long as my server running pi-hole is on, my complete network crashes. I can connect to the router, but my phone says: "no connection to the internet."
Debug Token:
I uninstalled pi-hole as that was crashing my network so I couldn't get the token. When I removed pi-hole, 10 minutes later the network worked again. In the logs of my router, there is the following:
'192.168.2.15' is my server running pihole. The message with '19:28:19' appeared about 20 times, where '83.24.110.185, 6881' is different every time. My pihole crashed my router or something. But the router worked, but access to the internet didn't work.
Disabling the pihole didn't work. Completely uninstalling pihole did. This has never happened before. Two days ago I updated to the newest version of pihole (I don't know the versionnumbers because I don't have pihole installed so I can't see but it's the newest version available on the date 25 December 2020), and now I have the problem. Disabling pihole didn't work and not having the servers ip-adress in the dns settings of my router also didn't work. Completely uninstalling pihole did.
Can this be fixed because I love pihole, but I can't use it if it crashes my network.
It can be a hardware problem if you are sure is not pihole. Maybe your network part of Pi is not working properly because of PSU and blocks entire LAN. I saw it with my eyes with a dreambox with not the original PSU. There are more factors you must see in a PSU, voltage, power,ripple and high freq noise.
Have you port forwarded a UDP port in your router from WAN to LAN that can be used by outsiders for reflection DDoS attacks ?
If so, disable that port forwarding for diagnosing or better yet, dont port forward anything UDP related to your LAN.
Also make sure you haven't created a "DNS forwarding loop" somewhere in which case DNS queries get trapped in an endless loop between router and Pi-hole.
For example your router is configured to use Pi-hole upstream in the router WAN/Internet settings and Pi-hole is configured to use the router upstream either via the "conditional forwarding" option in Pi-hole.
Usually you'll see thousands of the same queries on the web GUI, unusually high load on the host and time-outs on clients.
Upload a debug log and post the resulting token here for the mods/devs to have a glance ... as was requested ?
The only udp port that is port forwarded is 1194 for my pivpn. There isn't a dns loop as there wasn't a domain on the web interface that was thousands of times blocked. When I have the time and nobody accept me is on the network, I'll install pihole and make a debug log👍.
Hey deHakkelaar,
Here is my debug token: https://tricorder.pi-hole.net/78wmfipni5
I reinstalled pihole, and did nothing. Not adding domainlists. Not whitelisting. Nothing. Just a fresh basic install, and changing the dns server to 192.168.2.15 in my router settings. About a minute later, my complete network didn't have access to the internet. After switching it back to 1.1.1.1, it worked after a minute. Again, a fresh clean simple standard install.
Edit: now, pihole is only blocking internet access when 192.168.2.15 is setup in the routers settings. Otherwise (pihole installed and enabled, but not doing anything because it isn't setup so other devices use it) it doesn't block access to the internet. This is different from previously, when it blocked internet access as long as it was installed. Now it only blocks internet access when it is setup to be used in the router settings.
Try default your router settings (remove any DNS servers you might have manually configured in the WAN/Internet section) and try configure the router, using DHCP, to push the Pi-hole IP to the clients for DNS.
Linked in below doc:
When I setup dns1 as 192.168.2.15 and dns2&3 as 0.0.0.0, I don't have access to the internet. If I change dns1 to 1.1.1.1, I do have access. So pihole is definetely doing something wrong. On the dashboard, it doesn't show any incoming 'requests'. So when dns1 is set to 192.168.2.15, all the requests don't even come in at pihole, because the dashboard doesn't show them. Maybe my firewall is blocking incoming requests...
Your debug log from yesterday shows that Pi-hole is working.
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] www.exitopolska.com is 0.0.0.0 via localhost (127.0.0.1)
[✓] www.exitopolska.com is 0.0.0.0 via Pi-hole (192.168.2.15)
[✓] doubleclick.com is 216.58.208.110 via a remote, public DNS server (8.8.8.8)
This does appear to be the case. Pi-hole is not receiving any DNS queries, thus is not acting on any of them.
From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of
in the debug log that I made, I found the following:
*** [ DIAGNOSING ]: Pi-hole-FTL full status
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated)
Active: active (exited) since Mon 2020-12-28 18:42:08 CET; 8min ago
Docs: man:systemd-sysv-generator(8)
Process: 317071 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
dec 28 18:42:07 Waveserver systemd[1]: Starting LSB: pihole-FTL daemon...
dec 28 18:42:08 Waveserver pihole-FTL[317071]: Not running
dec 28 18:42:08 Waveserver su[317092]: (to pihole) root on none
dec 28 18:42:08 Waveserver su[317092]: pam_unix(su:session): session opened for user pihole by (uid=0)
dec 28 18:42:08 Waveserver su[317092]: pam_unix(su:session): session closed for user pihole
dec 28 18:42:08 Waveserver systemd[1]: Started LSB: pihole-FTL daemon.
Is this the problem? It says "(exited)" and "Not running".
And thanks jfb for helping. I'm going to do the nslookup thing today or tomorrow. Again thanks for helping.
EDIT: which port should I allow in my firewall? And should I allow it incoming, outgoing or both?
Not Running means that it wasn't running when asked to start so it's safe to start and not restart. Which the init script then proceeded to do. Hence Started LSB: pihole-FTL daemon.
Edit: And we know it's running since the output JFB posted shows that it's up and answering queries as it should.
You don't want to open any ports in your router, if that's the firewall you are referring to. No ports need to be (or should be) opened in your router for Pi-hole to operate. In particular, port 53 should NOT be open on your router, or this will expose your Pi-hole to the internet and you will have an open resolver.
Port 53 traffic is for DNS, and this needs to be open within your LAN to allow devices to communicate with each other on the LAN. This is how DNS queries get to Pi-hole from other network clients. If you have a firewall running that is stopping port 53 traffic within your LAN, this could cause the problem you see.
So I allowed port 53 on my server running pihole... And it seems to be working. In ufw (on my pihole) I allowed port 53 in and out. Then I manually set the dns server on my phone to the pihole (and dns2,3 to 0.0.0.0) and googled a bit. It worked and on the dashboard it showed my ip address and requests from my phone. So it seems to be working now. And for fjb, see the following (this is after changing the firewall settings):
dont you?