Pi-hole v4.2 Available With Shared Memory, New Blocking Modes, And More

jacob.salmela · February 3, 2019, 5:10pm

Originally published at: Pi-hole v4.2 Available With Shared Memory, New Blocking Modes, And More – Pi-hole

We’re always happy when we can release a new version of Pi-hole, so today we’re announcing v4.2 of Pi-hole. Thank you to to our patrons and everyone else who continue to support us. Along with many other things, we’ve merged in the upstream code from dnsmasq v2.80. For anyone who doesn’t know, FTLDNS (pihole-FTL) is our fork of dnsmasq.

Highlights

New Blocking Mode

We’ve added a new blocking mode (NODATA), where blocked requested are replied with a status code of NOERROR and A / AAAA records are empty. It’s unclear if there are advantages to this mode over others, but you’re welcome to experiment with it.

Shared Memory

In preparation of the new API we are working on, FTLDNS will now store its data in a shared-memory space, so that the API can come in and read from that memory to fulfill requests. In short, this means FTLDNS will be even lighter as it doesn’t have to care about sending the statistics to some requester. Instead, it will concentrate on generating the statistics and the API can read FTL’s data directly, resulting in reduced delays in the API.

wpad Vulnerability Fix

We previously mentioned how you could work around a vulnerability regarding wpad entries. This fix is now in place as suggested by dnsmaq.conf.example.

Fixes And Tweaks

We updated SQLite to 3.26.0
We fixed the query status if a forwarded query was partially replied to from the cache
We now prevent multiple static DHCP entries with same IP
And more…

Docker Version Also Updated

We heard your feedback and we made sure to coordinate better to release our traditional install and our Docker install at the same time.

DanSchaper · February 3, 2019, 9:52pm

“NODATA responses have to be algorithmically determined from the response’s contents as there is no RCODE value to indicate NODATA. In some cases to determine with certainty that NODATA is the correct response it can be necessary to send another query.”

DanSchaper · February 3, 2019, 9:54pm

And I think there is some confusion, domain.tld is a domain, sub.domain.tld is also a domain. NXDOMAIN does not stop at the top level, or any level, it is a response that the requested domain does not exist. You can NXDOMAIN my.domain.tld and still have a valid domain.tld query and response.

DanSchaper · February 3, 2019, 9:55pm

dschaper@Mariner:/c/Users/DanSchaper$ dig blue.pi-hole.net

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> blue.pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55207
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;blue.pi-hole.net.              IN      A

;; AUTHORITY SECTION:
pi-hole.net.            3600    IN      SOA     dina.ns.cloudflare.com. dns.cloudflare.com. 2030049905 10000 2400 604800 3600

;; Query time: 22 msec
;; SERVER: 192.168.100.2#53(192.168.100.2)
;; WHEN: Sun Feb 03 13:54:58 STD 2019
;; MSG SIZE  rcvd: 107

dschaper@Mariner:/c/Users/DanSchaper$ dig pi-hole.net

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21280
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi-hole.net.                   IN      A

;; ANSWER SECTION:
pi-hole.net.            300     IN      A       206.189.252.21

;; Query time: 439 msec
;; SERVER: 192.168.100.2#53(192.168.100.2)
;; WHEN: Sun Feb 03 13:55:02 STD 2019
;; MSG SIZE  rcvd: 56

zahni · February 6, 2019, 7:27pm

I switched to "nodata", because the Safari browser on my ipad often stuck in reloading pages (i have to close the current browser session or switch the tab). Nodata looks better to me. And the Safari is faster at all.
The current problem with 4.2: The GUI won't longer log blocked sites correctly...

DL6ER · February 6, 2019, 7:30pm

This is known and will be fixed by FTL v4.2.1 which is about to be released

github.com/pi-hole/FTL

Pi-hole FTL v4.2.1

pi-hole:master ← pi-hole:release/v4.2.1

opened 05:22AM - 05 Feb 19 UTC

DL6ER

+16 -9

Release fixing two issues: - Blocking status display for `NODATA` and `NXDOMA…IN` blocking modes - File permission issues when using shared memory on systems that lack Linux capabilities support It also adds in a new feature: - Report both the user `pihole-FTL` **started** as and the user `pihole-FTL` **crashed** as in case it crashes and generated a crash ticket in `pihole-FTL.log`

mibere · February 7, 2019, 2:08pm

Updated to 4.2.1 today, without obvious problems so far. Thanks for the new version

Short side note: the following reported behavior is unchanged. As soon as the "Use DNSSEC" option is enabled the cache doesn't work anymore.

mibere · March 5, 2019, 7:30pm

A post was split to a new topic: Lighttpd config gets updated