After 2+ years of working perfectly Pi-Hole stopped working. I'm not completely shore why.
There are no hardware changes recently, same Router (Asus AX88U), modem (ISP) and raspberry pi4 (running Pi-hole).
I just noticed that the ads were not blocked one day (router using secondary DNS server).
And yes it is perfectly possible that de router firmware was updated in that period, it is set to automatic and the raspberry is also getting its updates (i just can't connect the fault to any update).
The symptoms:
-As soon as I set the DNS (WAN) in my router to my pi hole server (with no secondary DNS set) the connection between my router and modem is broken (all devices connected to router are disconnected from the internet). If a secondary DNS is set (that works, like google DNS) than the router defaults to that.
-I have wireguard (VPN) installed on the raspberry and I have been using it as long as I use pi hole.
If I connect a device (within or from outside my network) with wireguard than that device has ad-blocking available and appears in pi hole.
-If I manually change the DNS server of a device (mobile phone) to the pi hole IP than that device has no internet access anymore.
Thing I have tried:
-reinstalled pi hole
-installed unbound (to see if that makes a difference, it doesn't)
-checked and changed my router and modem DNS settings (messing up my modem but managed to restore it)
I get the impression that pi hole is working but is not playing well with my modem or router...
Any suggestions are welcome (except resetting my raspberry )
That's bizarre, are you able to SSH into it?
Does the static IP set in /etc/dhcpcd.conf match what the router says the IP is?
Is some other device occupying that IP?
Is your router handling DHCP or your PiHole?
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
I get the feeling that this is either a routing issue from your Pi-Hole to the internet, or your Pi-Hole does not have a Static IP address. Below I have written some troubleshooting steps that you can do, then tell us the result (or copy paste output) of the troubleshooting so that we can further help you.
First I think it's good to know if the DNS that you set on your router is actually that of your Pi-Hole server. It might've been correct when you set it, but if the IP is not static (consistent) then there is a chance that it changed to something else. Try pinging the Pi-Hole from your PC and see if it responds. If you can SSH to the Pi-Hole, then you know you have the correct IP.
Here are some troubleshooting steps that you can do from your Pi-Hole to see if there is a routing issue:
ping 8.8.8.8 (Google DNS server IP - to test Pi-Hole Internet access)
ping one.one.one.one (to test Pi-Hole Internet access with DNS)
ping dns9.quad9.net (to test Pi-Hole Internet access with DNS)
ping <router-ip> (to test Pi-Hole connectivity to router - usually router IP is 192.168.1.1)
Also if you run route command on your Pi-Hole, you can see the routing table on it.
This is how the routing table looks on my Pi-Hole:
myuser@my_pihole:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.1.1 0.0.0.0 UG 202 0 0 eth0
10.6.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
172.17.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
In my case, the router has IP 172.17.1.1. It is therefore important that I have a route that has Destinationdefault which points to Gateway with router IP [172.17.1.1].
Yes I am able to SSH into it.
My IP address is static for the pi and it has been for 2+ years it is set in the router as well so no other device occupies that IP.
My router handles my DHCP.
I get reply with all of the pings so that works and my router is set as default gateway.
I specified in my other reply I have set a static IP it has not changed in 2+ years (also set on the router) and have no problem with SSH.
Apologies for this inconvenience: There seems to be an issue with Discourse trying to alter the debug token link to its intended target upon inserting it into a post.
Could you please share just the token code?
(e.g. for https://tricorder.pi-hole.net/aCeG0248/, this would be aCeG0248)
Your debug log shows a connectivity issue for your wlan0 interface.
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[?] Failed to resolve d32r41fxmnjynu.cloudfront.net on wlan0 (192.168.0.4)
It also shows that your custom PiVPN configuration is restricting Pi-hole to listen on the wg0 interface:
That would match your observation that your Wireguard clients do work when using Pi-hole, while all your other clients wouldn't - including your router.
Try removing that wg0 interface from 02-pivpn.conf, then restart Pi-hole's DNS resolver via Settings | System, or run pihole restartdns.
You could use the previous nslookup to verify if this works.
If you made those changes in 02-pivpn.conf, that solution may be brittle.
As that file is under control of PiVPN, you may want to verify whether PiVPN would overwrite your changes, and on what occassions and frequencies.
Furthermore, it may conflict with Pi-hole's own related options that can be customised via its Interface listening behaviour and get written to 01-pihole.conf.
Your debug log showed you had set that to "Permit all origins", which results in except-interface=nonexisting.
The recommended way would be to remove interfaces from your 02-pivpn.conf and use either "Permit all origins" or "Allow only local requests".
but managed to restore it)
)