Pi-hole install script and dhcpcd.conf

Roo · July 5, 2021, 2:49pm

The issue I am facing:
After running the install script

curl -sSL https://install.pi-hole.net | bash

my pi-hole host OS cannot do local name resolution of other devices on my network. The pi-hole itself is correctly resolving these.

Symptoms:
sudo gives a non-fatal error: myhost : Jul 4 08:14:10 : www-data : unable to resolve host myhost
nslookup myhost will fail
logs showing myhost : Jul 4 08:14:10 : www-data : problem with defaults entries ; TTY=unknown ; PWD=/var/www/html/admin ; USER=root ;

Related posts

Details about my system:
Rpi4 hardware
Ubuntu 20.04 LTS
Basic install - I specified custom DNS servers
The hostname of my pi-hole is "myhost".

What I have changed since installing Pi-hole:
Plenty - but for the purpose of this question - this can be reproduced by doing the install only

What I think is going on

This line in the install: pi-hole/basic-install.sh at 4736e03108763cc2d5659f48d8a1e8a64d9b2608 · pi-hole/pi-hole · GitHub

is doing a few things

        # we can append these lines to dhcpcd.conf to enable a static IP
        echo "interface ${PIHOLE_INTERFACE}
        static ip_address=${IPV4_ADDRESS}
        static routers=${IPv4gw}
        static domain_name_servers=${PIHOLE_DNS_1} ${PIHOLE_DNS_2}" | tee -a /etc/dhcpcd.conf >/dev/null
        # Then use the ip command to immediately set the new address
        ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
        # Also give a warning that the user may need to reboot their system
        printf "  %b Set IP address to %s\\n" "${TICK}" "${IPV4_ADDRESS%/*}"
        printf "  %b You may need to restart after the install is complete\\n" "${INFO}"

Many base OS installs will have a default configuration which gets the IP address from the network DHCP server. I would expect that most pi-hole installs are running down this logic path and updating the /etc/dhcpcd.conf file to change to a static address.

In this change - the DNS server is being set to what was configured as the PI_HOLE_DNS1 / PI_HOLE_DNS1. This seems wrong - as it will immediately break local resolution.

Maybe this is because I specified custom DNS servers? (vs using google/quad9/etc)

My core question here is why is the install script like this? Sure - I've 'fixed' the problem by modifying /etc/hosts to read

$ cat /etc/hosts

127.0.0.1 localhost myhost

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

By doing this - sudo now can resolve 'myhost' and is happy - and the www-data errors have also gone away.

I suspect many users have installed pi-hole this way - and aside from the web UI being a bit slower - they are unaware as they are not checking any emails going to root@myhost and they aren't watching their logs either.

This is a great community - I value the time and effort people put in to help others here.

deHakkelaar · July 5, 2021, 6:32pm

Above is bit confusing?

Sounds as if something is/was missconfigured in below files which the Pi-hole installer doesnt touch:

/etc/hostname

/etc/hosts

The nslookup tool doesnt read/resolve names in the /etc/hosts file.
Instead it default queries the nameserver(s) defined in below file (which is usualy populated by your installed network manager) if dont specify a DNS server as an extra argument:

/etc/resolv.conf

Above code only applies if the network manager called dhcpcd5 is installed and active (like for the Pi-OS distro).
My Debian laptop uses an entirely different network manager called NetworkManager thus above code would not apply.
And most likely, your Ubuntu distro uses netplan as a network manager.

Not everyone boots up his/her Pi-hole instance as a DHCP client OOTB.
When I setup a Pi-hole host on a Raspi, my Pi will not query DHCP at any stage.
Instead once I've written the Pi-OS image for my Raspi, I mount the SD card partitions on another host and set a static IP manually plus activate sshd before I insert the SD card in the Pi and boot.
Many hypervisors allow to boot up a VM guest already configured with a static IP.

That code snippet clearly states "Do you want to use your current network settings as a static address?".
And "Otherwise, we need to ask the user to input their desired settings.".
So the PI_HOLE_DNS1 & PI_HOLE_DNS2 IP's is/are derived from what you've chosen it to be.
These settings/DNS IP's are unrelated to what you choose as upstream DNS servers for the pihole-FTL daemon during install (or via the GUI).
These are settings that also need to be in place if you were not running Pi-hole on the host just like any OS thats connected and needs DNS settings.

You have to keep in mind that at first, the host is only a DNS client and depends on an external DNS server for resolution.
Once you've installed Pi-hole, the host functions as a DNS client AND server.
And the host can be a client to its own services if you choose so.
But this is not necessary for your other network clients to function properly.
I for example have configured an external PI_HOLE_DNS1 IP (my router) because when tinkering (which I do allot) and break Pi-hole again, I still have DNS available for local running software.

As it feels like your question was based on wrong assumptions, could you rephrase your question again pls?

Roo · July 5, 2021, 6:50pm

Reading your reply - which I appreciate - I think that maybe I wasn't clear. I'm not sure I have wrong assumptions, but let me try again. I want to respond to many parts of your reply but let me try to be concise about the setup and the problem.

My Setup
My Rpi base OS is Ubuntu 20.04
It was initially setup on my network with a DHCP address.
During the execution of the install script
curl -sSL https://install.pi-hole.net | bash I configured custom DNS servers.

Observations
Once the install script was done - my /etc/dhcpcd.conf had been modified to be a static address.
Attempts to use the sudo command - resulted in a non-fatal error. Visiting the web ui also generated non-fatal errors in the logs.

myhost : Jul  4 08:14:10 : www-data : unable to resolve host myhost
myhost : Jul  4 08:14:10 : www-data : problem with defaults entries ; TTY=unknown ; PWD=/var/www/html/admin ; USER=root ;

Investigation
The modification of /etc/dhcpcd.conf is done by this part of the script
pi-hole/automated install/basic-install.sh at 4736e03108763cc2d5659f48d8a1e8a64d9b2608 · pi-hole/pi-hole · GitHub

Here is the section of the script

# we can append these lines to dhcpcd.conf to enable a static IP
        echo "interface ${PIHOLE_INTERFACE}
        static ip_address=${IPV4_ADDRESS}
        static routers=${IPv4gw}
        static domain_name_servers=${PIHOLE_DNS_1} ${PIHOLE_DNS_2}" | tee -a /etc/dhcpcd.conf >/dev/null
        # Then use the ip command to immediately set the new address
        ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
        # Also give a warning that the user may need to reboot their system
        printf "  %b Set IP address to %s\\n" "${TICK}" "${IPV4_ADDRESS%/*}"
        printf "  %b You may need to restart after the install is complete\\n" "${INFO}"

Conclusion
Clearly - the static configuration provided is changing the DNS of the pi-hole from what the DHCP server provided, to the DNS servers that I specified as my custom upstream servers for the pi-hole.

Thus - any local lookups on the pi-hole OS are going to fail - because the DNS does not point at any server that is aware of my local names (like my main router that perform DHCP).

Note - yes, I know how to fix this - but I'm trying to understand if this is a bug in the install script - or something else that I've done wrong. If it is a bug, I can imaging many people hitting this.

Hopefully this is better - you're absolutely right, my initial write up was confusing with extra details.

deHakkelaar · July 5, 2021, 6:59pm

Nope, these are not the same DNS server settings.
As explained before:

If you would install a bare Distro that uses dhcpcd5 without Pi-hole installed, yes at first boot the IP details are obtained via DHCP.
The code snippet either copies over the dynamic IP details received via DHCP (that you've configured in the router) and turns it into static IP details ... or you supply your own details.
But in no way are these settings related to the upstream DNS servers you've configured for the pihole-FTL daemon.

EDIT: snippet is for local software to resolve names,
upstream configured DNS servers is only used by pihole-FTL for client connected hosts to resolve.

Roo · July 5, 2021, 7:19pm

Hmm.. this is where we are in disagreement.

Here is the snippet from my /etc/dhcpcd.conf file. This is what the portion of the install script did to my configuration.

interface eth0
        static ip_address=192.168.0.8/24
        static routers=192.168.0.1
        static domain_name_servers=149.112.121.30 149.112.122.30

Previously - my DHCP configuration would have (pre-pi-hole) given the router (192.168.0.1) as the DNS server on my network.

The two addresses in static domain_name_servers=149.112.121.30 149.112.122.30 are the two custom DNS servers I entered when I ran the setup script.

I'm claiming there is a bug here in the script.

You are only asked once to specify the upstream DNS servers to use for pi-hole. At least when you specify a custom set of servers, the script is re-using those same addresses for the static configuration section.

Hmm.. I'm now doubting myself - maybe I'll setup a VM and test this out again, but reading the script - it really looks like this is wrong for the scenario I call out. PIHOLE_DNS_1 and PIHOLE_DNS_2 are used for both the upstream pi-hole server and for the static configuration (if needed).

deHakkelaar · July 5, 2021, 7:32pm

During install there are two stages that allow you to change DNS settings.
One is to configure upstream DNS servers for the pihole-FTL daemon like the default Google, Quad9 or custom ones.
And the other stage is when your asked about local network settings like your IP and DNS server(s) settings for local processes.

I couldnt find quickly where those PIHOLE_DNS_1 and PIHOLE_DNS_2 variables are populated but to my knowledge, these should not represent the configured upstream DNS servers for pihole-FTL.
Maybe something has changed and a mod or dev could confirm?

yubiuser · July 5, 2021, 8:12pm

This is by design

github.com/pi-hole/pi-hole

Remove resolvconf dependency

pi-hole:release/v5.0 ← pi-hole:tweak/resolvconf

opened 06:50PM - 11 Mar 20 UTC

PromoFaux

+2 -2

**By submitting this pull request, I confirm the following:** - [x] I have r…ead and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template. - [x] I have made only one major change in my proposed changes. - [ ] I have commented my proposed changes within the code. - [x] I have tested my proposed changes, and have included unit tests where possible. - [x] I am willing to help maintain this change if there are issues with it later. - [x] I give this submission freely and claim no ownership. - [x] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) - [x] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) --- **What does this PR aim to accomplish?:** Resolves (lol) #2988

Before the PR, Pi-hole would set 127.0.0.1 as the DNS of the local device. In case Pi-hole breaks, users might have been unable to connect to the internet to repair Pi-hole. Now the Pi device does not depend on Pi-hole anymore.

Roo · July 5, 2021, 8:28pm

I believe when that change was made (removing the static domain_name_servers=127.0.0.1) a bug was introduced.

While I agree that if 127.0.0.1 means that when the pi-hole software is busted things get very bad.. using static domain_name_servers=${PIHOLE_DNS_1} ${PIHOLE_DNS_2} is also bad for local network lookups.

When I went through that part of the setup - I somehow took a patch which bypassed that configuration, or it's not working right, or I made a mistake.

I think Remove resolvconf dependency by PromoFaux · Pull Request #3207 · pi-hole/pi-hole · GitHub introduced problems with the pi-hole base OS being able to look up local machines. (and causes problems with sudo in general - at least on an Ubuntu base)

yubiuser · July 5, 2021, 8:37pm

What do you propose as a solution?

deHakkelaar · July 5, 2021, 8:39pm

Why?
Pi-hole leaves it up to the user what DNS server(s) you want to configure on your host for local services/software.
I dont use my Pihole host as a desktop or anything so the daemons/processes running on it dont need to know my client hostnames (EDIT: and I dont want them to).
And if they do need to know, you could always direct DNS to the localhost IP 127.0.0.1.

Roo · July 5, 2021, 10:45pm

You're missing the point that this default configuration is causing lots of non-fatal errors to appear in the logs.

For whatever reason, when you issue sudo on Ubuntu, it does a name lookup. With the way that pi-hole goes and whacks the DNS when it configures a static IP for you - it breaks the ability to look up the /etc/hostname name. That's messed up.

Someone even posted a problem about this a while back - *** SECURITY information for my-server *** problem with defaults entries - that issue closed because the person didn't continue to participate.

Again, my primary concern is that the install script, in the situation where you have a dynamic IP of the host - is tossing all sorts of error logs. That's not right.

Honestly - it's fine if the pi-hole never uses local lookups - but it should be able to resolve the /etc/hostname name.. (which is why I hacked /etc/hosts to fix it for my configuration)

deHakkelaar · July 5, 2021, 11:44pm

That is an issue with sudo and not Pi-hole.
If setup a Linux host properly without Pi-hole, your suppose to provide the own hostname in both the /etc/hostname & /etc/hosts files anyway like you did.
That would have probably fixed your sudo issue.
The /etc/hosts file has precedence over DNS name resolution meaning a ping, curl or netcat will first look at the hosts file before forwarding an A or AAAA query to a DNS server.

Thats not hacking, thats the only proper way or a variant of it (I use 127.0.1.1 to the same effect):

pi@ph5b:~ $ cat /etc/hosts
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1       ph5b.home.dehakkelaar.nl  ph5b

Roo · July 6, 2021, 1:24am

Hmm, this is a very good point. Let me tell you the story so far..

In my situation I generally rely on my local DNS (on my router) to both do DHCP and manage hostnames.

The initial Ubuntu install comes with a default hostname ubuntu. The normal DHCP process would register that name with the local DNS and everything will work like expected.

When I renamed the machine, I did that by assigning the pi-hole machine a 'static' address in OpenWRT - meaning that while the pi-hole was doing DHCP, the address it got back was always the same (and not from the dynamic pool).

It was at this point that I 'fixed' the /etc/hostname to match what the OpenWRT router was configured to name the machine. (myhost)

All along - the local DNS was answering the correct hostname/IP mapping.

When I installed pi-hole - I lost the connection to the local DNS. This meant that suddenly things that had been working - were busted.

If I'd left it with the default ubuntu name - then the same thing would have happened. The key part was that my setup relied on the local DNS answering back when it was asked for name specified in /etc/hostname

LOL. Yeah - I know. I just meant it in the sense of bashing around until things work. I've been doing computers far too long.

Net - I appreciate the conversation here - and your persistence in (re)educating me. I probably knew this at one point and forgot it, but hopefully my story above helps explain the point of view.. and how it is easy to get mis-led when things 'just work'.

I'm going to mark your above comment as the solution.

Roo · July 6, 2021, 1:48am

I missed this in the discussion.

I think that @deHakkelaar was patient enough with me to bring me around. A properly setup Linux box should have consistency between /etc/hostname and /etc/hosts such that it does not rely on a DNS lookup to resolve its own hostname.

The Ubuntu image doesn't do this.

Earlier, I might have argued that the script should not be using static domain_name_servers=${PIHOLE_DNS_1} ${PIHOLE_DNS_2} but should be taking pain to try to use whatever DNS is being provided by DHCP dynamically.

Of course - with the wrong network setup for redirecting DNS to your pi-hole you're probably more likely to create a DNS recursion loop by accident.

Having this thread exist for others to find may be the best outcome.

Thanks again everyone for such a helpful community.

deHakkelaar · July 6, 2021, 1:36pm

Yeah I suspected somthing like this happening.
When the Pi-hole host would get its IP details via DHCP, it would have advertised its own hostname to the DHCP server (most likely your router).
Your router would have created A, AAAA and PTR records automatically.
But since you moved away from DHCP and configured everything static, the Pi-hole host will not advertise its own hostname to your router anymore via DHCP.
And thus the own hostname would not resolve anymore through your router DNS and solely depends on the hosts file entry that was missing initially.

But if you install Pi-hole, the pihole-FTL daemon will automatically create A, AAAA and PTR records for it own hostname.
So if you direct local DNS to 127.0.0.1, both the hosts file and the pihole-FTL daemon will have a record for the own hostname.

As an example, I configured pihole-FTL to not read the /etc/hosts file (dont need the hosts file anymore since your able to create local DNS records):

pi@ph5b:~ $ cat /etc/dnsmasq.d/11-no-hosts.conf
no-hosts

But still it holds records for the own host:

pi@ph5b:~ $ dig +short @localhost ph5b
10.0.0.4

pi@ph5b:~ $ dig +short @localhost ph5b.home.dehakkelaar.nl
10.0.0.4

EDIT: Below one is even more tricky because it depends on the hosts file entry and the records registered in pihole-FTL:

pi@ph5b:~ $ host ph5b ph5b
Using domain server:
Name: ph5b
Address: 127.0.1.1#53
Aliases:

ph5b has address 10.0.0.4

Glad you got it sorted

system · July 27, 2021, 1:37pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.