Please follow the below template, it will help us to help you!
If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.
Expected Behaviour:
My Raspberry Pi 3 Model B running Raspbian/Raspberry Pi OS 10 (buster) was operating as expected this morning on version 5.8.1. After reading the changelog and running pihole -up to update to 5.9, all devices on my network were unable to resolve any DNS queries. Since updating the Pi-hole was the only change I made, and bypassing it by adding 1.1.1.1 to my router's DNS list restored my internet access, I believe it to be the Pi-hole that is causing issues. Oddly, when reverting to 5.8.1, the issue persists and I am now completely unable to get my Pi-hole to work after searching other posts, reinstalling pi-hole, and rebooting router/pi-hole/clients.
Looking at the pi-hole admin page, I can see the exact moment where once I finished updating, queries dropped off and now the only ones that appear to show are from localhost.
My installation is pretty basic, as I used all the defaults and simply set my router to have the Raspberry Pi on a static IP, and then set it as the only DNS server for my other devices.
Actual Behaviour:
Pi-hole should be functioning the same as it did before the update.
Your debug log shows that the Pi is not answering on the ethernet port:
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] ads.cc is 0.0.0.0 on lo (127.0.0.1)
[✗] Failed to resolve ads.cc on eth0 (192.168.1.124)
[✓] ads.cc is 0.0.0.0 on wg0 (10.6.0.1)
[✓] doubleclick.com is 142.251.35.174 via a remote, public DNS server (8.8.8.8)
*** [ DIAGNOSING ]: Setup variables
BLOCKING_ENABLED=true
DNSSEC=false
REV_SERVER=false
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.1.124/24
...
DNSMASQ_LISTENING=local
Change your interface listening behavior (Settings > DNS) to Respond only on interface eth0 and see if this resolves the issue.
That did it! I was afraid to toggle that option due to the warnings. Is their any particular reason why I would have to do that now? I didn't see anything in the patch notes that made me think it would be a problem, and I am quite certain I didn't have it selected pre-patch.
Also, is their any specific documentation on how to "Make sure your Pi-hole is properly firewalled!" Beyond Interfaces - Pi-hole documentation, I couldn't find anything that told me what exactly I needed to do to ensure I could run my Pi-hole in this way safely. I did a quick port scan and 53 UDP is shown as Open|filtered (53 TCP is blocked), and the Firewall rules regarding DNS on my router are listed below:
Rule
Index Description
Action
Count
Type
3001
allow DNS packets to external name servers
Accept
TCP and UDP
Guest In
3001
allow DNS
Accept
TCP and UDP
Guest Local
3004
allow DNS
Accept
UDP
Guest v6 Local
Thank you so much by the way! I've been troubleshooting this all day!
EDIT: To clarify, I have not forwarded port 53 in my router, those rules are just some default ones created by my router for allowing certain guest traffic. I just don't know if not having forwarded port 53 is all I have to do to make sure that toggling that on is safe.