Pi Hole showing off line

Help
1

Seeing these errors:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
dig: '' is not a legal name (unexpected end of input)
[✗] Failed to resolve  via localhost (127.0.0.1)
dig: '' is not a legal name (unexpected end of input)
[✗] Failed to resolve  via Pi-hole (10.141.165.247)
[✓] doubleclick.com is 172.217.7.14 via a remote, public DNS server (8.8.8.8)

46%20PM

debug token is: https://tricorder.pi-hole.net/2sijb578th

I did add to /etc/hosts:

|10.141.165.247|raspberrypi connectivitycheck.gstatic.com|
|10.141.165.1|arrisatom.cable.rcn.com arrisatom|

I did get this tip to work, i.e., to block connectivitycheck.gstatic.com

And this iptables:

iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       udp  --  8.8.4.4              0.0.0.0/0            udp dpt:53 to:10.141.165.1
DNAT       udp  --  8.8.8.8              0.0.0.0/0            udp dpt:53 to:10.141.165.1
DNAT       tcp  --  192.168.1.100        0.0.0.0/0            tcp dpt:53 to:10.141.165.1
DNAT       udp  --  0.0.0.0/0            8.8.8.8              udp dpt:53 to:10.141.165.1
DNAT       udp  --  0.0.0.0/0            8.8.4.4              udp dpt:53 to:10.141.165.1

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0           
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0

My Arris router doesn't have much flexibility so I disabled UDP port 53, in order to let the Pi Hole take over. I set the Pi Hole as DNS via the Arris, the WAN and Local IP Network:
45%20PM 33%20PM18%20PM

2

Your gravity list is empty, as shown in your debug log. Run pihole -g to rebuild; or better yet, run pihole -r and select repair. This will repair Pi -Hole and rebuild gravity.

3

Will any of the logs show why this may have happened?

Also why does this error show:

[✗] Backing up index.lighttpd.html
      No default index.lighttpd.html file found... not backing up

Isn't is just lighthttpd.html? And then:

[✗] Pi-hole blocking is Disabled

* Using openssl for transmission.
/opt/pihole/piholeDebug.sh: line 1144: warning: command substitution: ignored null byte in input

Still showing Offline in Status. New debug token is p0msautiqq. pinhole.log is still logging:

Mar  1 00:05:33 dnsmasq[5992]: reply d3p8zr0ffa9t17.cloudfront.net is 52.85.93.24
Mar  1 00:05:33 dnsmasq[5992]: reply d3p8zr0ffa9t17.cloudfront.net is 52.85.93.152
Mar  1 00:05:33 dnsmasq[5992]: reply d3p8zr0ffa9t17.cloudfront.net is 52.85.93.162

Some other errors in the debug:

   2019-02-21 22:03:26: (server.c.1295) WARNING: unknown config-key: alias.url (ignored) 
   2019-02-21 22:17:12: (log.c.217) server started 
   2019-02-21 22:17:12: (server.c.1295) WARNING: unknown config-key: alias.url (ignored) 
   2019-02-21 23:17:13: (log.c.217) server started 
   2019-02-21 23:17:13: (server.c.1295) WARNING: unknown config-key: alias.url (ignored) 
   2019-02-21 23:21:13: (mod_fastcgi.c.2543) FastCGI-stderr: PHP Notice:  Undefined variable: api in /var/www/html/admin/scripts/pi-hole/php/add.php on line 14
   2019-02-21 23:21:20: (mod_fastcgi.c.2543) FastCGI-stderr: PHP Notice:  Undefined variable: api in /var/www/html/admin/scripts/pi-hole/php/add.php on line 14
   2019-02-22 01:17:14: (log.c.217) server started
4

Anyone have any idea what my Pi Hole is disabled from the logs I posted?

5

This is not an error. If the file is not present (as is frequently the case), it isn't backed up. This is just a notification.

What are the outputs of these commands from the Pi terminal:

sudo service pihole-FTL status

dig flurry.com

dig pi-hole.net

6

See below. Did the logs not help? I also re-enabled DNS on the Arris and added routes to block Google DNS:

8.8.4.4         10.141.165.247  255.255.255.255 UGH   0      0        0 eth0
8.8.8.8         10.141.165.247  255.255.255.255 UGH   0      0        0 eth0

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
cFrom 10.141.165.247 icmp_seq=1 Destination Host Unreachable

sudo service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2019-03-01 10:04:28 EST; 42min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1669 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 1719 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/pihole-FTL.service

Mar 01 10:04:26 raspberrypi systemd[1]: Starting LSB: pihole-FTL daemon...
Mar 01 10:04:27 raspberrypi pihole-FTL[1719]: Not running
Mar 01 10:04:27 raspberrypi su[1761]: Successful su for pihole by root
Mar 01 10:04:27 raspberrypi su[1761]: + ??? root:pihole
Mar 01 10:04:27 raspberrypi su[1761]: pam_unix(su:session): session opened for user pihole by (uid=0)
Mar 01 10:04:28 raspberrypi pihole-FTL[1719]: FTL started!
Mar 01 10:04:28 raspberrypi systemd[1]: Started LSB: pihole-FTL daemon.    
dig flurry.com
    ; <<>> DiG 9.10.3-P4-Raspbian <<>> flurry.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22716
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;flurry.com.			IN	A

;; ANSWER SECTION:
flurry.com.		300	IN	A	212.82.100.153
flurry.com.		300	IN	A	74.6.136.153
flurry.com.		300	IN	A	98.136.103.26

;; Query time: 54 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Mar 01 10:47:19 EST 2019
;; MSG SIZE  rcvd: 87

pi@raspberrypi:~ $ 
pi@raspberrypi:~ $ dig pi-hole.net

; <<>> DiG 9.10.3-P4-Raspbian <<>> pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5832
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;pi-hole.net.			IN	A

;; ANSWER SECTION:
pi-hole.net.		47	IN	A	206.189.252.21

;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Mar 01 10:47:24 EST 2019
;; MSG SIZE  rcvd: 56
7

These ouptuts show that pihole-FTL is running (for the last 42 minutes), pihole is resolving DNS queries (but not properly blocking flurry.com, which is found on the standard blocklists).

Did you rebuild gravity? If not, then Pi-Hole will not block anything, as the gravity list is the master list of domains to be blocked.

8

I ran pihole -r. Is there another way? It was working for a couple days then just stopped.

9

Gravity is normally rebuilt from either the web GUI > tools > rebuild gravity, or from the command line with pihole -g.

It may not complete, as there may be other problems. But, if we can get this rebuilt and problems still remain, we have eliminated at least one problem.

10

No luck, updated log c7izeogec6 token:

 [i] Pi-hole blocking is disabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: No changes detected

  [i] Target: sysctl.org (hosts)
  [✓] Status: No changes detected

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: No changes detected

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: No changes detected

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 135325
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 112862
  [i] Number of whitelisted domains: 2
  [i] Number of blacklisted domains: 2
  [i] Number of regex filters: 1
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter
  [✓] DNS service is running
  [✗] Pi-hole blocking is Disabled

Any clues here?

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
dig: '' is not a legal name (unexpected end of input)
[✗] Failed to resolve  via localhost (127.0.0.1)
dig: '' is not a legal name (unexpected end of input)
[✗] Failed to resolve  via Pi-hole (10.141.165.247)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)
11

What is the output of the following. Let's figure out why FTL is not running:

sudo service pihole-FTL status (I know this is a repeat)

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'

tail -n50 /var/log/pihole-FTL.log

12

What is the purpose of these entries in your black list?

-rw-r--r-- 1 root root 16 Feb 24 01:45 /etc/pihole/blacklist.txt
   8.8.8.8
   8.8.4.4
13 
   sudo service pihole-FTL status
    ● pihole-FTL.service - LSB: pihole-FTL daemon
       Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
       Active: active (exited) since Fri 2019-03-01 10:04:28 EST; 8h ago
         Docs: man:systemd-sysv-generator(8)
      Process: 1669 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
      Process: 1719 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
       CGroup: /system.slice/pihole-FTL.service

Mar 01 10:04:26 raspberrypi systemd[1]: Starting LSB: pihole-FTL daemon...
Mar 01 10:04:27 raspberrypi pihole-FTL[1719]: Not running
Mar 01 10:04:27 raspberrypi su[1761]: Successful su for pihole by root
Mar 01 10:04:27 raspberrypi su[1761]: + ??? root:pihole
Mar 01 10:04:27 raspberrypi su[1761]: pam_unix(su:session): session opened for user pihole by (uid=0)
Mar 01 10:04:28 raspberrypi pihole-FTL[1719]: FTL started!
Mar 01 10:04:28 raspberrypi systemd[1]: Started LSB: pihole-FTL daemon.

 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1104/lighttpd       
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1776/pihole-FTL     
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      1776/pihole-FTL     
tcp6       0      0 :::80                   :::*                    LISTEN      1104/lighttpd       
tcp6       0      0 :::53                   :::*                    LISTEN      1776/pihole-FTL     
tcp6       0      0 ::1:4711                :::*                    LISTEN      1776/pihole-FTL     
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1776/pihole-FTL     
udp6       0      0 :::53                   :::*                                1776/pihole-FTL     

[2019-03-01 10:04:27.951 1774]    PORTFILE: Using /var/run/pihole-FTL.port
[2019-03-01 10:04:27.951 1774]    SOCKETFILE: Using /var/run/pihole/FTL.sock
[2019-03-01 10:04:27.951 1774]    WHITELISTFILE: Using /etc/pihole/whitelist.txt
[2019-03-01 10:04:27.952 1774]    BLACKLISTFILE: Using /etc/pihole/black.list
[2019-03-01 10:04:27.952 1774]    GRAVITYFILE: Using /etc/pihole/gravity.list
[2019-03-01 10:04:27.952 1774]    REGEXLISTFILE: Using /etc/pihole/regex.list
[2019-03-01 10:04:27.952 1774]    SETUPVARSFILE: Using /etc/pihole/setupVars.conf
[2019-03-01 10:04:27.952 1774]    AUDITLISTFILE: Using /etc/pihole/auditlog.list
[2019-03-01 10:04:27.952 1774] Finished config file parsing
[2019-03-01 10:04:27.955 1774] Database successfully initialized
[2019-03-01 10:04:27.957 1774] New forward server: 1.0.0.1 (0/4096)
[2019-03-01 10:04:27.958 1774] New forward server: 10.141.165.1 (1/4096)
[2019-03-01 10:04:27.961 1774] New forward server: 208.67.220.220 (2/4096)
[2019-03-01 10:04:27.967 1774] Resizing "/FTL-strings" from 4096 to 8192
[2019-03-01 10:04:27.969 1774] New forward server: 1.1.1.1 (3/4096)
[2019-03-01 10:04:27.973 1774] New forward server: 208.67.222.222 (4/4096)
[2019-03-01 10:04:27.990 1774] Resizing "/FTL-strings" from 8192 to 12288
[2019-03-01 10:04:28.003 1774] Resizing "/FTL-strings" from 12288 to 16384
[2019-03-01 10:04:28.033 1774] Resizing "/FTL-strings" from 16384 to 20480
[2019-03-01 10:04:28.081 1774] Resizing "/FTL-strings" from 20480 to 24576
[2019-03-01 10:04:28.104 1774] Resizing "/FTL-strings" from 24576 to 28672
[2019-03-01 10:04:28.109 1774] Resizing "/FTL-queries" from 229376 to 458752
[2019-03-01 10:04:28.166 1774] Resizing "/FTL-strings" from 28672 to 32768
[2019-03-01 10:04:28.201 1774] Resizing "/FTL-strings" from 32768 to 36864
[2019-03-01 10:04:28.291 1774] Resizing "/FTL-strings" from 36864 to 40960
[2019-03-01 10:04:28.323 1774] Resizing "/FTL-queries" from 458752 to 688128
[2019-03-01 10:04:28.588 1774] Imported 10619 queries from the long-term database
[2019-03-01 10:04:28.589 1774]  -> Total DNS queries: 10619
[2019-03-01 10:04:28.589 1774]  -> Cached DNS queries: 1209
[2019-03-01 10:04:28.590 1774]  -> Forwarded DNS queries: 9410
[2019-03-01 10:04:28.590 1774]  -> Exactly blocked DNS queries: 0
[2019-03-01 10:04:28.590 1774]  -> Unknown DNS queries: 0
[2019-03-01 10:04:28.590 1774]  -> Unique domains: 1686
[2019-03-01 10:04:28.590 1774]  -> Unique clients: 9
[2019-03-01 10:04:28.590 1774]  -> Known forward destinations: 5
[2019-03-01 10:04:28.590 1774] Successfully accessed setupVars.conf
[2019-03-01 10:04:28.600 1776] PID of FTL process: 1776
[2019-03-01 10:04:28.601 1776] Listening on port 4711 for incoming IPv4 telnet connections
[2019-03-01 10:04:28.602 1776] Listening on port 4711 for incoming IPv6 telnet connections
[2019-03-01 10:04:28.602 1776] Listening on Unix socket
[2019-03-01 10:04:28.606 1776] Compiled 1 Regex filters and 2 whitelisted domains in 0.6 msec (0 errors)
[2019-03-01 10:04:28.608 1776] /etc/pihole/black.list: parsed 0 domains (took 0.2 ms)
[2019-03-01 10:04:28.608 1776] /etc/pihole/gravity.list: parsed 0 domains (took 0.2 ms)
[2019-03-01 13:00:00.754 1776] Resizing "/FTL-strings" from 40960 to 45056
[2019-03-01 18:32:29.691 1776] Compiled 1 Regex filters and 2 whitelisted domains in 0.4 msec (0 errors)
[2019-03-01 18:32:29.692 1776] /etc/pihole/black.list: parsed 0 domains (took 0.2 ms)
[2019-03-01 18:32:29.693 1776] /etc/pihole/gravity.list: parsed 0 domains (took 0.2 ms)
[2019-03-01 18:33:03.041 1776] Compiled 1 Regex filters and 2 whitelisted domains in 0.4 msec (0 errors)
[2019-03-01 18:33:03.043 1776] /etc/pihole/black.list: parsed 0 domains (took 0.2 ms)
[2019-03-01 18:33:03.043 1776] /etc/pihole/gravity.list: parsed 0 domains (took 0.2 ms)

I was seeing if it would block the Chromecast from "phoning home", should I remove it?

14

These aren't domain names, so they won't be requested from Pi-Hole. if the client already has the IP address, they just ask the router to connect them to that address.

I would remove them.

15

Done; I see the instructions now, I removed, re-ran pihole -r, still [✗] Pi-hole blocking is Disabled

16

Outputs of the following, please?

pihole status

Also, let's reset the nameserver for the Pi to ensure it can get to the internet, then update Pi-Hole. You are one version behind and the previous version had a few crash issues that should now be resolved. The update will also fix your gravity list.

sudo nano /etc/resolv.conf

edit nameserver 127.0.0.1 to nameserver 9.9.9.9 or your preferred third party DNS service, save and exit

Run pihole -up

17 
  [✓] DNS service is running
  [✗] Pi-hole blocking is Disabled

Which will get written over on reboot? Just changed it to 1.1.1.1.

18

Stop. The problem is in your configuration, which I missed in your debug log but see in this output. You have disabled blocking, thus the empty gravity list, Status of offline, etc.

From your debug log:
*** [ DIAGNOSING ]: Setup variables
   ....
    BLOCKING_ENABLED=false

pihole enable will fix this.

19

Success. Is there a way to see what may have caused this? I sure don't recall running pihole stop or anything of the like.

But thanks so much for your help. This is such a great tool. I'm using it as well to write a paper in my IOT course, as a part of my M.S. in Cybersecurity.

20

There is no pihole stop command, but you might have accidentally done this from the web gui - it only takes a click on the web GUI:

image

Since you are one version out of date, I would update your Pi-Hole to the latest when you have a few minutes.

Where are you getting your degree?