pi hole can't resolve local host names with forward lookup

Expected Behaviour:

pi hole (sparq) should return IP addresses of local hosts when queried

Actual Behaviour:

pi hole returns nxdomain

Debug Token:

https://tricorder.pi-hole.net/4ekee1at1t

Router config:
https://pastebin.com/xLd30Xjt

The router and DHCP server is 10.0.0.1 and acts as the DNS forwarding server for the pi hole, which is 10.0.0.2 and gets DNS from the router. The network is 10.0.0.0/16 and the DHCP range is 10.0.38.0/24. The pi hole returns nxdomain when using forward lookup for any devices on the network including itself and the router, however it can perform reverse lookup if given the IP. I have turned on conditional forwarding (10.0.0.0/16 forward to 10.0.0.1) and turned off DNSSEC and Never forward non-FQDNs / Never forward reverse lookups for private IP ranges as part of troubleshooting, however it still does not work.

Run from a client in your network, what's the full output of:

nslookup pi.hole

PS C:\WINDOWS\system32> nslookup pi.hole
Server: sparq
Address: 10.0.0.2

Name: pi.hole
Address: 10.0.0.2

Good, your WinPC is using Pi-hole as DNS.

Could you provide some nslookup examples for both normal and reverse lookups that don't match your expectations?

EDIT:
Apologies, I just realised that you already had provided those examples as a an externally linked file with your initial post.
As you've found out in the meantime, you can paste textual output and format into this forum directly. The same is true for images, just paste them directly into a post.

Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 56395676
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-F8-30-C6-98-E7-43-90-CF-CD
   DNS Servers . . . . . . . . . . . : 10.0.0.2
                                       10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
PS C:\WINDOWS\system32> nslookup 10.0.0.2
Server:  sparq
Address:  10.0.0.2
 
Name:    sparq
Address:  10.0.0.2
 
PS C:\WINDOWS\system32> nslookup sparq
Server:  sparq
Address:  10.0.0.2
 
*** sparq can't find sparq: Non-existent domain
PS C:\WINDOWS\system32> nslookup 10.0.0.1
Server:  sparq
Address:  10.0.0.2
 
Name:    edgymax
Address:  10.0.0.1
 
PS C:\WINDOWS\system32> nslookup edgymax
Server:  sparq
Address:  10.0.0.2
 
*** sparq can't find edgymax: Non-existent domain```

Where did you define those hostnames, on your router or via Pi-hole?

Run from your Pi-hole machine, what's the output of the following commands:

dig @pi.hole -x 10.0.0.2

dig @pi.hole edgymax

Those are the two hostnames that are defined both in the pi hole /etc/hosts and also on the router. They are also the set hostnames of the devices themselves.

Incidentally, as of this morning both the pi hole, and another pi (with a reserved dhcp address at 10.0.38.2) are able to resolve those two addresses. However they remain unable to resolve any of the other addresses not defined in /etc/hosts

meanwhile, the windows clients on the network remain unable to resolve even those two hosts.

on the pi hole:

pi@sparq:~ $ nslookup sparq
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   sparq
Address: 10.0.0.2

pi@sparq:~ $ nslookup edgymax
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   edgymax
Address: 10.0.0.1

pi@sparq:~ $ dig @pi.hole edgymax

; <<>> DiG 9.10.3-P4-Raspbian <<>> @pi.hole edgymax
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;edgymax.                       IN      A

;; ANSWER SECTION:
edgymax.                2       IN      A       10.0.0.1

;; Query time: 1 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 16:38:12 UTC 2020
;; MSG SIZE  rcvd: 52

pi@sparq:~ $ dig @pi.hole chummer

; <<>> DiG 9.10.3-P4-Raspbian <<>> @pi.hole chummer
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;chummer.                       IN      A

;; Query time: 1 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 16:42:38 UTC 2020
;; MSG SIZE  rcvd: 36

pi@sparq:~ $ dig @pi.hole 10.0.38.2

; <<>> DiG 9.10.3-P4-Raspbian <<>> @pi.hole 10.0.38.2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34268
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;10.0.38.2.                     IN      A

;; AUTHORITY SECTION:
.                       3600    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2020103001 1800 900 604800 86400

;; Query time: 23 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 16:44:16 UTC 2020
;; MSG SIZE  rcvd: 113

pi@sparq:~ $

on the other pi (10.0.38.2)

pi@chummer:~ $ dig sparq

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> sparq
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28727
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sparq.                         IN      A

;; ANSWER SECTION:
sparq.                  2       IN      A       10.0.0.2

;; Query time: 3 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 09:34:21 PDT 2020
;; MSG SIZE  rcvd: 50

pi@chummer:~ $ ^C
pi@chummer:~ $ dig @pi.hole 10.0.0.2

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> @pi.hole 10.0.0.2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43255
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;10.0.0.2.                      IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2020103001 1800 900 604800 86400

;; Query time: 27 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 09:43:12 PDT 2020
;; MSG SIZE  rcvd: 112

pi@chummer:~ $ dig chummer

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> chummer
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42514
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;chummer.                       IN      A

;; Query time: 3 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 09:43:39 PDT 2020
;; MSG SIZE  rcvd: 36

pi@chummer:~ $

on windows:

C:\WINDOWS\system32>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\WINDOWS\system32>nslookup pi.hole
Server:  sparq
Address:  10.0.0.2

Name:    pi.hole
Address:  10.0.0.2


C:\WINDOWS\system32>nslookup sparq
Server:  sparq
Address:  10.0.0.2

*** sparq can't find sparq: Non-existent domain

C:\WINDOWS\system32>nslookup edgymax
Server:  sparq
Address:  10.0.0.2

*** sparq can't find edgymax: Non-existent domain

C:\WINDOWS\system32>nslookup 10.0.0.1
Server:  sparq
Address:  10.0.0.2

Name:    edgymax
Address:  10.0.0.1


C:\WINDOWS\system32>

Please use the commands exactly as I posted them, and post just the output I requested.
You've missed an important -x for the reverse lookups. You may try to avoid errors in retyping by clicking the right-hand copy button to copy them (provided you can paste them to shell on the same machine, of course).

By explicitly digging Pi-hole for plain hostnames, we've confirmed that Pi-hole knows and answers them. I guess that your Pi-hole hostname definitions simply lack the entries for your local search domain. That would explain your observations in parts.
An nslookup from your WinPC would succeed when querying strictly for a plain hostname, e.g.:

nslookup edgymax.

Since your debug log shows you've enabled Conditional Forwarding, we should check whether your router (10.0.0.1) knows about hostnames:

dig @10.0.0.1 -x 10.0.0.2

dig @10.0.0.1 chummer

Sorry about that. See below.

pi@sparq:~ $ dig @pi.hole -x 10.0.0.2

; <<>> DiG 9.10.3-P4-Raspbian <<>> @pi.hole -x 10.0.0.2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4448
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.0.0.10.in-addr.arpa.         IN      PTR

;; ANSWER SECTION:
2.0.0.10.in-addr.arpa.  2       IN      PTR     sparq.

;; Query time: 1 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 21:02:04 UTC 2020
;; MSG SIZE  rcvd: 69

pi@sparq:~ $ dig @pi.hole -x 10.0.38.2

; <<>> DiG 9.10.3-P4-Raspbian <<>> @pi.hole -x 10.0.38.2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25802
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.38.0.10.in-addr.arpa.                IN      PTR

;; Query time: 1 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Oct 30 21:02:18 UTC 2020
;; MSG SIZE  rcvd: 51

pi@sparq:~ $ dig @10.0.0.1 -x 10.0.0.2

; <<>> DiG 9.10.3-P4-Raspbian <<>> @10.0.0.1 -x 10.0.0.2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53095
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;2.0.0.10.in-addr.arpa.         IN      PTR

;; AUTHORITY SECTION:
10.in-addr.arpa.        10800   IN      SOA     localhost. nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 10 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Fri Oct 30 21:02:43 UTC 2020
;; MSG SIZE  rcvd: 109

pi@sparq:~ $ $ dig @10.0.0.1 -x 10.0.0.2
-bash: $: command not found
pi@sparq:~ $ dig @10.0.0.1 chummer

; <<>> DiG 9.10.3-P4-Raspbian <<>> @10.0.0.1 chummer
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53503
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;chummer.                       IN      A

;; AUTHORITY SECTION:
.                       1435    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2020103002 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Fri Oct 30 21:03:24 UTC 2020
;; MSG SIZE  rcvd: 111

pi@sparq:~ $

I can't explain why the router wouldn't know about chummer. It's a reserved address in the DHCP table. I can see all of the hostnames of everything on my network that has one in the router GUI, apart from sparq, for some reason... probably that it's static.

A device may present a hostname for itself during DHCP lease negotiation. It would depend upon the DHCP server whether it injected the respective DNS records to a DNS server.
While a router may store and display those hostnames correctly, that in itself is no guarantee the names are registered with DNS.

A reverse lookup for an IP is the real test.
We did that, and your router has failed that test.

Seeing you are running EdgeOS:
On some Ubqiquiti equipment, you may be able to mitigate this by substituting ISC DHCPD with dnsmasq.

If you decide to add hostnames in Pi-hole instead, make sure you define entries for both the plain as well as the FQDN hostnames.

Thanks for the help and pointing me in the right direction. I got it working with the expand names setting once all of the dhcp leases renewed.

except then it stopped working again and I don't know why.

one thing that I did notice one the pi's end though is that since it is not getting an address via DHCP, is is not inheriting the suffix .home.arpa from the router. It was still self-identifying as sparq.local. Since I didn't know how to set that I tried turning on the dhcp service and setting it there before turning it back off again. It didn't seem to change anything, but as of the next day it now simply identifies as sparq. (with the period)

Is there a way I can set the suffix to home.arpa like the rest, so that when I (hopefully) get the router working again, they will all be consistent?

Check current hostname with:

hostname -f

Set the hostname for the Pi-hole host to a FQDN one like for example sparq.home.arpa:

sudo hostnamectl set-hostname sparq.home.arpa

Check again with:

hostname -f

Edit the file /etc/hosts:

sudo nano /etc/hosts

Make it so that it resembles below:

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1       sparq  sparq.home.arpa

And tell Pi-hole of the change by running below and selecting reconfigure:

pihole -r

Afterwards, you can test with below ones:

host sparq localhost

host sparq.home.arpa localhost

You can either define a DHCP lease reservation for your Pi-hole RPi in your router and have Pi-hole request its IPv4 address via DHCP (by commenting out the static interface definition from your RPi's /etc/dhcpcd.conf).

Or you could add that option to your static network interface definition in /etc/dhcpcd.conf, right below the DNS servers, e.g. to read similar as:

interface eth0
        static ip_address=10.0.0.2/24
        static routers=10.0.0.1
        static domain_name_servers=127.0.0.1 8.8.8.8
        static domain_name=home.arpa

However, that would just make your RPi aware of a search domain.

As mentioned before, you'd still need to define the appropriate DNS records for both the plain as well as the FQDN, i.e. sparq and sparq.home.arpa.

You could either do that by adding multiple Local DNS records or by editing your hosts file as deHakkelaar has described above (EDIT: just be sure to do so for all relevant IPs).

If you want to stick with Pi-hole as DHCP server, you may also consider a related post in Clients unable to resolve Pi-Hole hostname - #9 by Bucking_Horn.

Yeah I noticed my way, the short name wont resolve to proper IP on clients of mine:

C:\>nslookup ph5
Server:  ph5.dehakkelaar.nl
Address:  10.0.0.4

Name:    ph5
Address:  127.0.1.1

They do when I add short name to below file (+ pihole restartdns):

pi@ph5:~ $ cat /etc/pihole/local.list
10.0.0.4 ph5
10.0.0.4 ph5.dehakkelaar.nl
10.0.0.4 pi.hole

Or when create a local DNS record for the short name via the GUI.

EDIT: I went ahead and did it your way which seems nicer:

pi@ph5:~ $ cat /etc/hosts

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1       ph5.dehakkelaar.nl  ph5

pi@ph5:~ $ sudo nano /etc/dhcpcd.conf
[..]
interface eth0
  static ip_address=10.0.0.4/24
  static routers=10.0.0.1
  static domain_name_servers=10.0.0.1
  static domain_name=dehakkelaar.nl

pi@ph5:~ $ sudo systemctl daemon-reload
pi@ph5:~ $

pi@ph5:~ $ sudo service dhcpcd restart
pi@ph5:~ $

pi@ph5:~ $ sudo hostnamectl set-hostname ph5
pi@ph5:~ $

pi@ph5:~ $ hostname
ph5

pi@ph5:~ $ hostname -f
ph5.dehakkelaar.nl

pi@ph5:~ $ pihole -r # Reconfigure
[..]
Installation Complete!

pi@ph5:~ $ host ph5 $(hostname -I)
Using domain server:
Name: 10.0.0.4
Address: 10.0.0.4#53
Aliases:

ph5.dehakkelaar.nl has address 127.0.1.1

pi@ph5:~ $ host ph5.dehakkelaar.nl $(hostname -I)
Using domain server:
Name: 10.0.0.4
Address: 10.0.0.4#53
Aliases:

ph5.dehakkelaar.nl has address 127.0.1.1

But still had to add a DNS record for the FQDN ph5.dehakkelaar.nl:

pi@ph5:~ $ cat /etc/pihole/local.list
10.0.0.4 ph5
10.0.0.4 pi.hole

As without, it resolves to 127.0.1.1 for the clients from the hosts file records:

C:\>nslookup ph5
Server:  ph5
Address:  10.0.0.4

Name:    ph5
Address:  10.0.0.4

C:\>nslookup ph5.dehakkelaar.nl
Server:  ph5
Address:  10.0.0.4

Name:    ph5.dehakkelaar.nl
Address:  127.0.1.1

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.