Please follow the below template, it will help us to help you!
Expected Behaviour:
Websites should be loading
Actual Behaviour:
Websites are not loading
From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of
nslookup pi.hole
nslookup pi.hole 192.168.1.249
nslookup pi.hole
;; connection timed out; no servers could be reached
nslookup pi.hole 192.168.1.249
Server: 192.168.1.249
Address: 192.168.1.249#53
Name: pi.hole
Address: 192.168.1.249
Name: pi.hole
Address: 2604:2000:1484:6e3:6d90:9bbb:ef78:fea4
From this same client, what is the output of ipconfig /all
This will show us the DHCP and DNS details.
I don't think ipconfig is on linux so I ran ifconfig instead.
ifconfig -a
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.6 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::2206:4607:4c55:3d4c prefixlen 64 scopeid 0x20<link>
inet6 2604:2000:1484:6e3:5527:2b1c:717f:7798 prefixlen 64 scopeid 0x0<global>
inet6 2604:2000:1484:6e3:39f8:3f53:4716:421 prefixlen 64 scopeid 0x0<global>
ether b0:6e:bf:cf:97:67 txqueuelen 1000 (Ethernet)
RX packets 1412173 bytes 1500556684 (1.5 GB)
RX errors 8 dropped 303 overruns 0 frame 4
TX packets 564551 bytes 92155378 (92.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xf7400000-f7420000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 18927 bytes 1706596 (1.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18927 bytes 1706596 (1.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp5s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 40:9f:38:a6:72:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
From the terminal on that Linux client, what are the outputs of the following:
sudo grep -v '#\|^$' /etc/dhcpcd.conf
cat /etc/resolv.conf
sudo grep -v '#\|^$' /etc/dhcpcd.conf
grep: /etc/dhcpcd.conf: No such file or directory
cat /etc/resolv.conf
> # This file is managed by man:systemd-resolved(8). Do not edit.
> #
> # This is a dynamic resolv.conf file for connecting local clients to the
> # internal DNS stub resolver of systemd-resolved. This file lists all
> # configured search domains.
> #
> # Run "resolvectl status" to see details about the uplink DNS servers
> # currently in use.
> #
> # Third party programs must not access this file directly, but only through the
> # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
> # replace this symlink by a static file or a different symlink.
> #
> # See man:systemd-resolved.service(8) for details about the supported modes of
> # operation for /etc/resolv.conf.
>
> nameserver 127.0.0.53
> options edns0
> search home
resolvectl status
?
resolvectl status
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
lines 1-23...skipping...
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (wlp5s0)
Current Scopes: none
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (enp0s31f6)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.1.1
DNS Servers: 192.168.1.1
DNS Domain: ~.
home
~
~
~
nslookup pi.hole 192.168.1.1
?
nslookup pi.hole 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find pi.hole: REFUSED
Thats different from what you initially posted:
Is above the full output ? No "Server" mentioned ?
Has DNS severs changed in meantime ?
Your DNS path through the router doesn't appear to lead to Pi-Hole. When you went straight to Pi-hole the router was out of the loop and it worked.
1 Like
Yeah and above.
The lookup should return the IP of Pi-hole for proper blocking to work:
dehakkelaar@laptop:~$ nslookup pi.hole
Server: 10.0.0.2
Address: 10.0.0.2#53
Name: pi.hole
Address: 10.0.0.2
nslookup pi.hole 192.168.1.249
Connects to Pi-Hole
nslookup pi.hole
Times out
nslookup pi.hole 192.168.1.1
Server cant find Pi-Hole
Your DNS path through the router doesn't appear to lead to Pi-Hole. When you went straight to Pi-hole the router was out of the loop and it worked.
That's weird because I only changed the DNS in my router setting and not for any of my devices individually.
Can you post screenshots of all your router DNS and DHCP settings ?
Can paste directly into discourse here.
Try configure the router properly by handing out the Pi-hole IP as a single DNS server to the clients through the DHCP process:
https://docs.pi-hole.net/main/post-install/
If you dont have those options in your router, you could also let Pi-hole do DHCP for your network intead of your router:
Is that all there is ? No LAN DHCP settings etc ?
Screenshots posted are for the WAN (Internet) side of the router and not the LAN side where Pi-hole and the clients are connected.
EDIT: ow you might want to redact your "Wan IPv6 Address" from screenshot above.
Turn off IPv6 and restart/renew and see if situation improves.
Above and disconnect/reconnect network for that Linux test client to have effect.
And dont configure your router to be an upstream DNS server for Pi-hole or you'll be creating a DNS loop!
You'll be missing out on individual client stats on the web GUI with this setup but for that, you'd really need a router with more options.
