Expected Behaviour:
Pi-hole to show client requests and filter
Actual Behaviour:
So I've installed pi-hole without any issues and it seems to work for all requests originating on the PI itself. But it seems to get completely bypassed when a DNS lookup is done from another client on the network.
Interface listening behavior is set to listen all, permit all, but the following lookup does not register in the query log (pi-hole's static IP is 192.168.0.111):
`nslookup google.com 192.168.0.111
Server: 192.168.0.111
Address: 192.168.0.111#53
Non-authoritative answer:
Name: google.com
Address: 216.58.214.110`
No blacklisted domains are blocked when looked up from a client with the DNS server set to 192.168.0.111
Any help is appreciated.
Debug Token:
d2cbrfyz4o
I remember something similar before:
Expected Behaviour:
Pi-hole should be blocking ads.
Actual Behaviour:
Pi-hole has not received any DNS queries, even though both my router and my devices have been set to the pi-hole IP. No queries present in log at all.
Debug Token:
nyhh2cfj0y
Well, I have no named running in parallel (which seems to have been the solution there):
pi@raspberrypi:~ $ sudo netstat -nltup | grep ":53 "
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 535/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 535/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 535/dnsmasq
udp6 0 0 :::53 :::* 535/dnsmasq
and dig reports from a client:
dig apple.com @192.168.0.111
; <<>> DiG 9.10.3-P4-Ubuntu <<>> apple.com @192.168.0.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60378
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;apple.com. IN A
;; ANSWER SECTION:
apple.com. 1776 IN A 17.178.96.59
apple.com. 1776 IN A 17.142.160.59
apple.com. 1776 IN A 17.172.224.47
;; Query time: 13 msec
;; SERVER: 192.168.0.111#53(192.168.0.111)
;; WHEN: Tue May 15 16:01:20 CEST 2018
;; MSG SIZE rcvd: 86
which looks ok, i.e. it asks the pi-hole box.
dnsmasq version is also ok:
pi@raspberrypi:~ $ dnsmasq -v
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
I do have an old Fritzbox 7170 as default gateway, but since dig reports that my pi-hole answers the DNS request, that can't have any influence
can it?
arminus:
can it?
The router is not blocking DNS queries on the local LAN as the dig
command gets a reply.
First tail the Pi-hole logs like so:
tailf /var/log/pihole.log
Or even grep
for a client IP:
tailf /var/log/pihole.log | grep <CLIENT_IP_ADDRESS>
Now when on the client PC, you do the same dig
, can you see the query appearing in the logs?
If not, whats outcome for below ones on Pi-hole?
grep QUERY_LOGGING /etc/pihole/setupVars.conf
grep "log-queries\|log-facility" -R /etc/dnsmasq.d/
And on the client PC, whats in:
cat /etc/resolv.conf
EDIT: I changed one of the greps a bit.
Nothing in that log while I dig.
QUERY_LOGGING=true
/etc/dnsmasq.d/01-pihole.conf:log-queries=extra
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 127.0.0.53
(I have the same problem when testing this from a Windows client where I manually set the DNS server in the network settings - the requests apparently go to my pi-hole but don't "trigger")
Disk full maybe ?
df -h
I have no idea.
Wait for one of the devs to have a look at the token or someone else???
So if you run pihole -t
and make a query from a client, nothing shows up? (try making a query which has not been cached). If something does show up, share the output.
right, nothing shows up, I just ran dig on a domain which I never queried before:
dig walmart.com @192.168.0.111
; <<>> DiG 9.10.3-P4-Ubuntu <<>> walmart.com @192.168.0.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41353
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;walmart.com. IN A
;; ANSWER SECTION:
walmart.com. 120 IN A 161.170.239.170
walmart.com. 120 IN A 161.170.232.170
walmart.com. 120 IN A 161.170.230.170
;; Query time: 136 msec
;; SERVER: 192.168.0.111#53(192.168.0.111)
;; WHEN: Tue May 15 20:21:44 CEST 2018
;; MSG SIZE rcvd: 88
Mcat12
May 16, 2018, 2:38pm
10
You might be running into a version of this issue:
opened 09:22AM - 14 May 18 UTC
closed 01:33PM - 31 May 18 UTC
Bug: Confirmed
Fixed in next release
Investigating
triage: Issue
**In raising this issue, I confirm the following:** `{please fill the checkboxes… , e.g: [X]}`
- [X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md).
- [X] The issue I am reporting can be *replicated*.
- [X] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pi-hole/pi-hole/wiki/FAQs), [closed issues](https://github.com/pi-hole/pi-hole/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), and [open issues](https://github.com/pi-hole/pi-hole/issues)).
**How familiar are you with the the source code relevant to this issue?:**
1
---
**Expected behaviour:**
Working pihole
**Actual behaviour:**
Install on (l)ubuntu 18.04 fails to activate DNS resolution. Installation fails on:
`[✗] DNS resolution is currently unavailable`
Need to manually change the nameserver in `/etc/resolv.conf` to 127.0.0.53 to regain DNS resolution.
This allows for normal internet on the machine, but the pihole DNS resolution still doesn't work and cannot be started.
**Steps to reproduce:**
Standard/default installation options.
**Debug token provided by [uploading `pihole -d` log](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738#debug):**
`62rwn2e69i`
**Troubleshooting undertaken, and/or other relevant information:**
You mean client-side, right? At any rate, running the same dig command from a Ubuntu 14 VM also yields no trace on the pi-hole.
Mcat12
May 16, 2018, 2:51pm
12
I mean that you may have the systemd stub resolver running instead of Pi-hole's Dnsmasq. What is the output of sudo service dnsmasq status -l
DL6ER
May 16, 2018, 2:54pm
13
Also, what is the output of dig chaos txt version.bind +short
?
pi@raspberrypi:~ $ sudo service dnsmasq status -l
â— dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-05-16 16:51:06 CEST; 12min ago
Process: 538 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 519 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 507 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 537 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─537 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-d
May 16 16:51:02 raspberrypi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
May 16 16:51:02 raspberrypi dnsmasq[507]: dnsmasq: syntax check OK.
May 16 16:51:06 raspberrypi dnsmasq[538]: Too few arguments.
May 16 16:51:06 raspberrypi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
pi@raspberrypi:~ $ dig chaos txt version.bind +short
"dnsmasq-2.76"
DL6ER
May 17, 2018, 6:39am
15
Do the files /etc/dnsmasq.conf
and /etc/dnsmasq.d/01-pihole.conf
exist? What are their contents?
They do, see here (can't upload here...)
I cant seem to open or download the files on dropbox without creating an account.
Could you please cat
the files and paste content here or on Pastebin (and post resulting link here) ?
Or better yet, post output for:
sudo grep -v '^#\|^$' -R /etc/dnsmasq*
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries=extra
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:server=208.67.222.222
/etc/dnsmasq.d/01-pihole.conf:server=208.67.220.220
/etc/dnsmasq.d/01-pihole.conf:except-interface=nonexisting
And maybe that DropBox Link now works...
Only difference compared to my setup are these ones that seem to be lacking on yours:
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
And I dont have below one in my config:
/etc/dnsmasq.d/01-pihole.conf:except-interface=nonexisting
On my Pi:
pi@noads:~ $ grep -v '^#\|^$' -R /etc/dnsmasq*
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:server=10.0.0.1
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
But that could be related to different Pi-hole versions and some minor differences in the settings configured on the web GUI.
Try opening up entirely by configuring "Listen on all interfaces, permit all origins
" and remove the tags for forwarding queries: