My FritzBox is using DNS over TLS (DoT).
I have configured to use following DNS Servers: Öffentliche DNS-Resolver - Digitale Gesellschaft
For the FritzBox itself and Pi-Hole, internet and DNS is working well.
Pi-Hole uses the FritzBox as Up-Stream - my Pi-Hole can reach every website.
I have to say that my configuration worked for months or even years!
But since today:
No Client (configured to use Pi-Hole as DNS Server) can resolve websites.
As consequence there is no way to use the internet.
I tried to use the FritzBox as DNS Server for my clients and it works.
So the problem has to be at Pi-Hole I guess.
Nevertheless I need to say (maybe it is important to consider):
Yesterday my FritzBox 7590 AX updated to the newest firmware 7.56.
Also my Pi-Hole was updated during pihole -up.
I do updates frequently and never had problems - but I better say it at this point.
Expected Behaviour:
I type some website in my browser and I get my website displayed.
Your debug log reports that your long-term database is corrupted:
[i] Checking integrity of /etc/pihole/pihole-FTL.db ... (this can take several minutes)
[✗] Integrity errors in /etc/pihole/pihole-FTL.db found.
Examples of what can cause this are a power outage, or a poor power supply (if you are using a Pi), or a failing SD card. You can create a clean database, but note that you will lose the ability to easily search your long-term data for any date/time before this. To create a clean database:
thanks for the fast reply and of course for the explanation what can cause this problem.
I will check SD card and Power Supply. In fact I am using a Rpi 3b (maybe + I don't know now).
Well I did the steps you told me to do.
When listing the files in /etc/pihole/ there is a new (much smaller) pihole-FTL.conf.
I just tried one client and it seemes it works fine now.
I will configure the DHCP in the FritzBox to use Pihole as DNS now again.
If there are problems, I will report it here.
But for my curiosity:
What exactly does the pihole-FTL.db do? What is this database for and why pihole doesn't resolves DNS for clients when it is corrupted?
Just checking you meant to write pihole-FTL.db there?
In your Pi-hole when you go to the Query Log page, that shows all the queries coming in to Pi-hole from devices on your network. As well as being displayed there, the data is stored in a database for long-term use. You can query that database from the Long-term Data page.
The file pihole-FTL.db is that database.
By default it stores 365 days of queries. You can change this by adding the MAXDBDAYS parameter to pihole-FTL.conf in that same directory as the database. Eg to store just 30 days you would add:
MAXDBDAYS=30
This database is also used to pre-populate the Query Log page with the most recent 100 queries when the Pi-hole first starts up (after that it's the incoming queries which update both that page and the database).
Just checking you meant to write pihole-FTL.db there?
Yes of course. My fault.
Thanks for the explanation.
Well I guess my problem isn't really gone. When I turned off WLAN on my iPhone and then reconnected to the FritzBox (now using Pihole as DNS Server) my iPhone doesn't find any website.
Even if the database issue is fixed there may be other problems. Can you create another debug log please and post the URL? Use the option to check the database:
Your debug log shows your router is advertising itself as DNS server:
Yes. This is my "workaround" to have internet at my clients.
First: Thanks for the documentation link to the german version (I really appreciate that).
I configured my Pihole to be DNS (192.168.2.70) but when my clients connected they didn't have internet.
So I configured my FritzBox as DNS (else, I couldn't even write now).
Maybe I created the debug log after setting up FritzBox as DNS server again. Sorry.
If it would help, I can do a new debug log tomorrow with Pihole as from the FritzBox advertised DNS server.
But correct me if i'm wrong:
If my FritzBox would advertise my Pihole as DNS server and my clients can not reach the internet (which is indeed the situation), it would be a problem of Pihole, right?
As my clients can reach the internet using my FritzBox as DNS shows us, that the upstream DNS and the FritzBox are working fine.
Update:
As I see, my NAS system still has Pi-Hole as DNS server (static IP and DNS config).
Unfortunally it has no internet at all. Pi-Hole still seems not to work somehow.
Also I have to report that nearly every entry in the "Query Log" in webfrontent has the status: BOGUS (NSEC(3) missing). But there are not many entrys. Only a few clients have Pi-Hole as DNS (static config or no new DHCP config yet).
Maybe it is important?
Some additional question please:
I frequently have (also in the time my Pi-Hole worked) trouble with the /etc/resolv.conf file.
The IP of the FritzBox should be written there. But often when there were "problems" like FritzBox restart or Pi-Hole gets no power (pulled out cable for some reason), the entry changes to 127.0.0.1.
Why does it change automatically to localhast? Is there a way to writeprotect the file?
As I looked now into the file it is set again to 127.0.0.1.
Changing it to 192.168.2.1 (FritzBox) lets Pi-Hole itself reaching the internet. apt-get update for example works fine and pings to several servers in the internet. But still the clients (for example the NAS) don't work at all.
That is by design, i.e. your system is configured to do so.
Quite a few processes may write /etc/resolv.conf - it would depend on your OS and the network management tools in particular.
Your debug log has expired, so I can't tell which OS you are using. Ubuntu e.g. may point to systemd-resolved on 127.0.0.1, which may have to be disabled when Pi-hole runs on the same system.
In order to change your OS's name server, you should find out which tool or tools control /etc/resolv.conf on your system, and then adopt their respective configuration(s).
Usually, you should see a comment which tool currently handles resolv.conf at the top of that file.
To investigate your DNS issues, please share the the output of the following commands, run from a client in your network:
Hi and thanks for trying to help me @Bucking_Horn .
Because I was pretty desperate I did a whole new setup of my Pi (I checked it: 3b+) and Pi-Hole.
Before I had the version 10 of Raspberry Pi OS. Now I am using the version 11 in 64 bit variant.
Well ... it doesn't even work now.
But I guess that also tells us something.
In order to change your OS's name server, you should find out which tool or tools control /etc/resolv.conf on your system, and then adopt their respective configuration(s).
Usually, you should see a comment which tool currently handles resolv.conf at the top of that file.
"# Generated by resolvconf domain fritz.box nameserver 192.168.2.1
(without that starting " in the first line)
Anyway I have done the nslookup and new debug log.
Good morning
I'm actually patient and appreciate your help.
The main thing is that I can use my Pi-Hole again soon .
Unfortunately the debug token is not as patient as I am and disappears after 48 hours.
That's why I just made another diagnosis: https://tricorder.pi-hole.net/z034nzEd/
'# resolv.conf from eth0.dhcp
'# Generated by dhcpcd from eth0.dhcp
domain fritz.box
search fritz.box
nameserver 192.168.2.1
Without the ' at start of the line.
EDIT: Ow whats wrong with having the router IP as upstream for DNS?
I have exactly the same:
pi@ph5b:~ $ cat /etc/resolv.conf
# Generated by resolvconf
domain home.dehakkelaar.nl
nameserver 10.0.0.1
There is nothing wrong with it.
That is what I would like to have "statically" in the resolv.conf (since there is no other upstream DNS in my network).
But sometimes when problems occur (I suspect if the FritzBox is not available when the Pi starts up), the IP is changed to 127.0.0.1 by something.
Then, of course, nothing works anywhere.
Those nslookup results tell us that
a. the client did not use Pi-hole for DNS for that request, but your router
b. your router has not been using Pi-hole as upstream
c. Pi-hole does correctly block domains if queried directly
Those results would be expected if you didn't configure your router to make use of Pi-hole.
You could check how Pi-hole answers allowed domains like google.com as well.
If that returns as expected, reconfigure your router and run all four nslookups again.
pi@ph5b:~ $ man dhcpcd
[..]
DESCRIPTION
dhcpcd is an implementation of the DHCP client specified in RFC
2131. dhcpcd gets the host information (IP address, routes, etc)
from a DHCP server and configures the network interface of the ma‐
chine on which it is running.
Most likely you've not configured the Pi-hole host with a static IP:
Pi-hole needs a static IP address to properly function
Those results would be expected if you didn't configure your router to make use of Pi-hole.
You could check how Pi-hole answers allowed domains like google.com as well.
If that returns as expected, reconfigure your router and run all four nslookups again.
Wait a moment.
I thought (and as I now this was the way it worked for long time) that the Pi-Hole uses the FritzBox as Upstream and the FritzBox uses the Upstream DNS from "Digitale Gesellschaft".
Now you say that the FritzBox should use the Pi-Hole as Upstream.
What Upstream does the Pi-Hole use then?
.
