Pi-Hole won't resolve DNS requests

Help
,
1

Debug-Token: 2ynu0r1b2a

I hope someone can help me with my problem with pihole.

I finally made it that everything is shown under pihole -d "green".

Unfortunately I can't access any websites. "Connection refused"

What should my "host" look like?
So properly adjusted?
/etc/hosts:
127.0.0.1 localhost
127.0.1.1 DietPi

127.0.0.1 pi.hole
192.168.172.18 DietPi
192.168.172.18 pi.hole

my pihole-FTL.conf:
SOCKET_LISTENING=localonly
QUERY_DISPLAY=yes
AAAA_QUERY_ANALYSIS=yes
RESOLVE_IPV6=no
RESOLVE_IPV4=yes
MAXBDAYS=365
DBINTERVAL=1.0
DBFILE=/etc/pihole/pihole-FTL.db
MAXLOGAGE=24
FTLPORT=4711
PRIVACYLEVEL=0
IGNORE_LOCALHOST=no
BLOCKINGMODE=NULL
REGEX_DEBUGMODE=false

please look over it, I don't know what I set wrong.

As soon as I click on "/var/run/resolvconf/resolv. conf"
set the nameserver to "9. 9. 9. 9
I can call websites, but unfortunately the blocking of the pihole doesn't work. If I set it back to "127. 0. 0. 1", everything is blocked and no page can open.

Thanks in advance!
Greetings!

Debug-Token: 2ynu0r1b2a

2

Can you try running on the device hosting Pi-hole?

dig pi-hole.net

and paste the results here?

See if editing SOCKET_LISTENING=localonly to SOCKET_LISTENING=all helps.

What is the content of /etc/dnsmasq.d/01-pihole.conf ?

3

I changed back to,
with ns 127.0.0.1 in: “/var/run/resolvconf/resolv. conf”
and
switch from "localonly to all @ pihole-FTL.conf"

dig pi-hole.net: (Result)
; <<>> DiG 9.10.3-P4-Debian <<>> pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 5737
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;pi-hole.net. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 09 03:57:07 BST 2018
;; MSG SIZE rcvd: 29

my settings in: "/etc/dnsmasq.d/01-pihole.conf"

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list

localise-queries

no-resolv

cache-size=10000

log-queries=extra
log-facility=/var/log/pihole.log

local-ttl=2

log-async

server=84.200.69.80
server=84.200.70.40
domain-needed
bogus-priv
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

interface=eth0
4

i type in browser a webpage, error shows:

Hmm. We’re having trouble finding that site.

We can’t connect to the server at www.reddit.com.
If that address is correct, here are three other things you can try:
Try again later.
Check your network connection.
If you are connected but behind a firewall, check that Firefox has permission to access the Web.

under Pihole Query Log shows:

www.reddit.com localhost Unknown N/A

5

Try disabling DNSSEC under Settings/DNS or use the recommended Upstream DNS servers.

The ones you use might not provide DNSSEC.

6

I use UpstreamDNS-Server default from Pihole AdminMenu: DNS.WATCH

I disabled: DNSSEC...

DNS-resolving isn't working with it and without it :frowning:

my SetupVars.conf:

WEBPASSWORD=hidden
DHCP_ACTIVE=false
DHCP_START=192.168.172.20
DHCP_END=192.168.172.23
DHCP_ROUTER=192.168.178.1
DHCP_LEASETIME=24
PIHOLE_DOMAIN=local
DHCP_IPv6=false
TEMPERATUREUNIT=C
WEBUIBOXEDLAYOUT=boxed
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.172.18/24
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
API_EXCLUDE_DOMAINS=
API_EXCLUDE_CLIENTS=localhost
API_QUERY_LOG_SHOW=all
API_PRIVACY_MODE=false
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=84.200.69.80
PIHOLE_DNS_2=84.200.70.40
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false

I use DHCP Server from my Router. In my Router at DHCP-Settings:
Local-DNS-Server: pi-hole IP address

DNS1+DNS2 Server at Router: pi-hole IP address

Wrong settings?

7

systemd-resolved is enabled:

output of status:

Process: 4392 ExecStartPost=/bin/sh -c [ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd
-resolved (code=exited, status=0/SUCCESS)
Main PID: 4391 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 4915)
CGroup: /system.slice/systemd-resolved.service
└─4391 /lib/systemd/systemd-resolved

Aug 09 04:20:25 DietPi systemd[1]: Starting Network Name Resolution...
Aug 09 04:20:25 DietPi systemd-resolved[4391]: Positive Trust Anchors:
Aug 09 04:20:25 DietPi systemd-resolved[4391]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Aug 09 04:20:25 DietPi systemd-resolved[4391]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Aug 09 04:20:25 DietPi systemd-resolved[4391]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.
arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.ar
pa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arp
a d.f.ip6.arpa corp home internal intranet lan local private test
Aug 09 04:20:25 DietPi systemd-resolved[4391]: Using system hostname 'DietPi'.
Aug 09 04:20:26 DietPi systemd[1]: Started Network Name Resolution.

maybee this is wrong?
echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd

8

Run a pihole -r and repair.

Port 53 is needed for FTLDNS to work. If the port is occupied by something else, the FTLDNS service will not start and name resolution will fail.

9

I added pi.hole at "stop-DNS-rebind_Protection" on my Router.

i changed nameserver to 9.9.9.9 in "/var/run/resolv.conf"

now my pihole shows all DNS.watch ns in www.dnsleaktest.com

in admin-panel Query Logs "working"

do I need also disable systemd-resolved.service?

10

not working anymore...

(Output of:)
lsof -i -P -n

dhclient 544 root 6u IPv4 1695 0t0 UDP *:68
pihole-FT 640 pihole 4u IPv4 13436 0t0 UDP *:53
pihole-FT 640 pihole 5u IPv4 13437 0t0 TCP *:53 (LISTEN)
pihole-FT 640 pihole 9u IPv4 1887 0t0 TCP *:4711 (LISTEN)
lighttpd 661 www-data 4u IPv4 13602 0t0 TCP *:80 (LISTEN)
firefox 3995 evil 91u IPv4 19330 0t0 TCP 192.168.178.22:47388->167.99.26.239:443 (ESTABLISHED)
firefox 3995 evil 108u IPv4 52247 0t0 TCP 192.168.178.22:46606->185.232.20.90:443 (ESTABLISHED)
firefox 3995 evil 122u IPv4 54543 0t0 TCP 192.168.178.22:37644->23.239.16.110:443 (ESTABLISHED)
systemd-r 5060 systemd-resolve 11u IPv4 52106 0t0 UDP *:5355
systemd-r 5060 systemd-resolve 14u IPv4 52785 0t0 TCP *:5355 (LISTEN)

11

Please generate a debug log for your current configuration, upload it and paste token here. Thanks.

12

debug token is: y6xg6tjc1r

@ jfb

with dns 127.0.0.1 name-resolution not work.
with 9.9.9.9 it worked @ /var/run/resolvconf/resolved.conf

output of these files @ /var/run/resolvconf/interfaces:

"eth0.dhclient"
domain fritz.box
nameserver 192.168.178.22

"lo.piholeFTL"
nameserver 127.0.0.1

"systemd-resolved"
nameserver 127.0.0.1

wrong settings?

13

I'll try with nameserver 9.9.9.9 on resolv.conf:

evil@DietPi:~$ dig pi-hole.net
^Cevil@DietPi:~$
evil@DietPi:~$ dig pi-hole.net

; <<>> DiG 9.10.3-P4-Debian <<>> pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11585
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi-hole.net. IN A

;; ANSWER SECTION:
pi-hole.net. 43200 IN A 206.189.252.21

;; Query time: 19 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Thu Aug 09 06:14:18 BST 2018
;; MSG SIZE rcvd: 56

then with 127.0.0.1 at resolv.conf:
dig pi-hole.net

; <<>> DiG 9.10.3-P4-Debian <<>> pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 62751
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;pi-hole.net. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 09 06:15:39 BST 2018
;; MSG SIZE rcvd: 29

hmm... PIHOLE Query Log shows:
2018-08-09
06:16:42 A www.dnsleaktest.com.fritz.box localhost Unknown N/A

15

There is no reason to be changing this file. That's just masking a problem. Give us a bit to look through your debug log and see what might be going on.

16

What was the original problem that got you looking at the non-green items in your debug log. Was some feature of Pi-Hole not working properly? If so, what was not working?

17

when set in resolv.conf to 127.0.0.1 (nameserver) then I can't visit websites

error-message:
Hmm. We’re having trouble finding that site.

We can’t connect to the server at duckduckgo.com.

when set to 9.9.9.9 in resolv.conf then I can visit websites.

with 127.0.0.1 as nameserver DNS-resolution isn't working.

I don't know anymore how can I fix it? Maybee disable systemd-resolved.service? Thanks for your time to help!

19

What platform are you running your Pi-Hole on?

20

Debian Stretch "DietPi" in VM Mode (VirtualBox)

21

when I use 9.9.9.9 in resolv.conf

dnsleaktest.com shows me all nameservers that I have set in pihole.

IP Hostname ISP Country
94.198.63.178 res210.ams.rrdns.pch.net The Unbelievable Machine Company GmbH Germany
74.63.25.249 res300.ams.rrdns.pch.net WoodyNet United States
74.63.25.244 res110.ams.rrdns.pch.net WoodyNet United States
74.63.25.248 res200.ams.rrdns.pch.net WoodyNet United States
74.63.25.243 none WoodyNet United States

22

Is your router or Pi-Hole providing DHCP services? If it's the router, were you previously doing this with Pi-Hole?