Only ads should be blocked, not everything
No page loads, when I set the dns of my mac to my pi-hole on raspi.
When I set the dns of my mac directly to i.e. 1.1.1.1 everything works (and of course all ads are coming through)
88cvmp5e5p
What interface is ypur pi-hole listening to?
eth0
the raspi is only connected via lan
what is the output of:
cat /etc/os-release
sudo systemctl status dnsmasq
sudo systemctl status pihole-FTL
pihole -v
cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
sudo systemctl status dnsmasq
â—Ź dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset:
Active: active (running) since Tue 2018-05-01 12:19:02 UTC; 4h 36min ago
Process: 8570 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exite
Process: 8636 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code
Process: 8626 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=
Process: 8624 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUC
Main PID: 8635 (dnsmasq)
CPU: 2.135s
CGroup: /system.slice/dnsmasq.service
└─8635 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /r
May 01 12:19:01 raspi2 systemd[1]: Stopped dnsmasq - A lightweight DHCP and cach
May 01 12:19:01 raspi2 systemd[1]: Starting dnsmasq - A lightweight DHCP and cac
May 01 12:19:01 raspi2 dnsmasq[8624]: dnsmasq: syntax check OK.
May 01 12:19:02 raspi2 dnsmasq[8636]: Too few arguments.
May 01 12:19:02 raspi2 systemd[1]: Started dnsmasq - A lightweight DHCP and cach
sudo systemctl status pihole-FTL
â—Ź pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
Active: active (exited) since Sun 2018-04-15 12:36:16 UTC; 2 weeks 2 days ago
Docs: man:systemd-sysv-generator(8)
CPU: 0
CGroup: /system.slice/pihole-FTL.service
Apr 15 12:36:16 raspi2 systemd[1]: Stopped LSB: pihole-FTL daemon.
Apr 15 12:36:16 raspi2 systemd[1]: Starting LSB: pihole-FTL daemon...
Apr 15 12:36:16 raspi2 pihole-FTL[15461]: Not running
Apr 15 12:36:16 raspi2 pihole-FTL[15461]: rm: cannot remove '/var/run/pihole/FTL
Apr 15 12:36:16 raspi2 su[15477]: Successful su for pihole by root
Apr 15 12:36:16 raspi2 su[15477]: + ??? root:pihole
Apr 15 12:36:16 raspi2 su[15477]: pam_unix(su:session): session opened for user
Apr 15 12:36:16 raspi2 pihole-FTL[15461]: FTL started!
Apr 15 12:36:16 raspi2 systemd[1]: Started LSB: pihole-FTL daemon.
pihole -v
Pi-hole version is v3.3.1 (Latest: v3.3.1)
AdminLTE version is v3.3 (Latest: v3.3)
FTL version is v3.0 (Latest: v3.0)
Some information is stripped but from what I see everything should be fine.
can you run this on your raspberry:
dig flurry.com
and this on your mac in terminal:
dig flurry.com @IPOFRASPBERRY -p 53
on raspberry:
dig flurry.com
; <<>> DiG 9.10.3-P4-Raspbian <<>> flurry.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 535
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flurry.com. IN A
;; ANSWER SECTION:
flurry.com. 2 IN A 192.168.2.5
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 01 17:52:20 UTC 2018
;; MSG SIZE rcvd: 55
on Mac:
dig flurry.com @192.168.2.5 -p 53
; <<>> DiG 9.10.6 <<>> flurry.com @192.168.2.5 -p 53
;; global options: +cmd
;; connection timed out; no servers could be reached
Does your router/switch have a feature called DNS Rebinding Protection or something that would block an internal DNS resolver? The Pi-hole device is working okay, but your clients are being blocked, either through rebind or a firewall.
Not that I am aware of resp. never heard that.
Gateway is a unifi security gateway (192.168.2.1) connected to the internet-router (fritzbox 192.168.178.1).
Do you have an idea about these?
Just from quick Google Search on USG DNS Rebind I'm seeing this is a common situation. Can you check the USG and see if you can either enable something called DNS Rebind, or disable DNS Rebind protection?
From a Plex Guide.
DNS Rebinding
Some routers or modems have a feature known as “DNS rebinding protection”, some implementations of which can prevent an app from being able to connect to a Plex Media Server securely on the local network. For most users, this won’t be an issue, but some users of higher-end routers (or those provided by some ISPs) may run into problems.
Similarly, some DNS providers (including some ISPs) may have this feature.
DNS rebinding protection is meant as a security feature, to protect insecurely-designed devices on the local network against attacks. It provides no benefit for devices that are designed and configured correctly.
Did not find a setting quickly, but will investigate that.
Thanks you all very much so far!
usg does not have dns rebind protection
found solution, there was something different from default, I had a yahm-installation.
output from route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 yahmbr0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 yahmbr0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
So changed pi-hole to use yahmbr0 instead of eth0 and now it works
Thanks to all for your help.
PS: The first question was - I think - pointing to the right direction. But my lack of unix-knowledge did not see it.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.