Pi-hole working for devices, but RPi can't connect to internet

Help Community Help
1

The issue I am facing:
So I think I can tell what's wrong with my setup but I don't know why it's happening or how to fix it.

So Pi-hole is working great for my devices. I've manually set my router to direct DNS to my RPi (192.168.0.21) and have reserved that static IP for my RPi. All my network traffic is being sent to Pi-hole which I have confirmed on the admin webpage.

When I try to download packets from the internet (like PiVPN) or go to a webpage I get ERR_ADDRESS_UNREACHABLE. When I try to ping the gateway (192.168.0.1), it seems to redirect the ping back to the IP of the RPi (192.168.0.21).

pi@raspberrypi:~ $ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
From 192.168.0.21 icmp_seq=1 Destination Host Unreachable
From 192.168.0.21 icmp_seq=2 Destination Host Unreachable
From 192.168.0.21 icmp_seq=3 Destination Host Unreachable

So presumably the way my router is sending everything back to the RPi is also applying to the RPi's traffic (or at least I think, I'm a beginner). I've seen plenty of posts about devices not being able to connect to the internet, but I haven't found this error online.

EDIT: I believe the issue is that the RPi's DNS is not resolving, even though it works perfectly for other devices. I'm able to access Google.com and Youtube.com, but anything else is ERR_ADDRESS_UNREACHABLE. So I'm connected to the internet, just can't figure out how to fix my DNS settings.

Details about my system:
Raspberry Pi 4 B
Pi-hole v5.2.1-0-g0d8ece1
NetGear C6300
Debug Log: JustPaste.it - Share Text & Images the Easy Way

What I have changed since installing Pi-hole:
Since getting Pi-hole up and running, I have enabled the VNC and been connecting to my RPi with VNC Viewer.

2

Pi-hole is handling DNS only.
All other network traffic apart from DNS will still travel from and to your clients through your default gateway.

ping is using the ICMP protocol and thus is ill suited for analysing DNS issues.
Use nslookup or dig instead.

No, ping is telling you that 192.168.0.21 is unable to send any data to its destination 192.168.0.1 since that IP is unreachable, i.e. no ping has ever left your Pi-hole machine.

We've seen a similar report for such intermittent failures with a Netgear C6300 before, but no conclusive explanation could be found then.

However, what ping reports is not necessarily related to your DNS issues.

Do I read you correctly:
Your clients resolve DNS via Pi-hole ok, but accessing the internet from your RPi running Pi-hole fails, apart from Youtube and Google?

Let's see what your Pi-hole RPi is using for DNS:
Run from your RPi, what's the output of the following command:

dig pi.hole
3

Thank you for your response! I'm using this as a learning experience so if my terminology or understanding aren't quite accurate, I appreciate your patience.

And yes you read me correctly, all clients on my network are able to browse the internet without hiccup. Even sites that haven't been cached already. I believe the reason my RPi can access Youtube/Google is that I had accessed them prior to getting Pi-hole set up.

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> pi.hole
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59138
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;pi.hole.			IN	A

;; AUTHORITY SECTION:
.			754	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020121201 1800 900 604800 86400

;; Query time: 264 msec
;; SERVER: 2607:f428:ffff:ffff::1#53(2607:f428:ffff:ffff::1)
;; WHEN: Sat Dec 12 14:17:53 PST 2020
;; MSG SIZE  rcvd: 111

This is what it returned after entering dig pi.hole

4

Your RPi that runs Pi-hole may well use a DNS server separate from Pi-hole.
Yours indeed uses a public IPv6 address (as visible from SERVER: above), though I assume that would be your router. Also, since Pi-hole is the only DNS server that knows how to resolve pi.hole by default, your router's NXDOMAIN status reply is correct.

It's not uncommon for your Pi-hole machine to use the router for DNS, but if that introduces additonal issues (as obviously with your router's IPv4 address), we may try to reconfigure that.

Let's take a look at your Pi-hole's IP configuration next:

grep -v '^#\|^$' /etc/dhcpcd.conf
5 
hostname
clientid
persistent
option rapid_commit
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
option interface_mtu
require dhcp_server_identifier
slaac private
interface wlan0
        static ip_address=192.168.0.21/24
        static routers=192.168.0.1
        static domain_name_servers=1.1.1.1 1.0.0.1

My dhcpcd.conf and Pi-hole were originally set up for OpenDNS, but during my troubleshooting, I switched it to Cloudfare to see if that would resolve anything.

6

That looks ok for IPv4.
You've configured your RPi's wlan0 interface with a static IPv4 and pointed it to some public DNS servers.

Does your RPi have a second (eth0?) network interface?

dig will use DNS servers as provided by resolv.conf by default, so that's our next check:

 cat /etc/resolv.conf
7

I have set Pi-hole to wlan0 only; I haven't set up anything for eth0 and do not have a wired connection.
image

# Generated by resolvconf
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 2607:f428:ffff:ffff::1
nameserver 2607:f428:ffff:ffff::2

I recognize the first two as Cloudfare's IPv4.

8

I was wrong about that IPv6 address beloging to your router:
Those are Charter's / Spectrum's IPv6 DNS servers (rns01.charter.com).

Your router is offering them via IPv6, which also means any other device on your network may pick them up and bypass Pi-hole.

You may be able to override those on your RPi (e.g. by adding Pi-hole's IPv6 localhost address ::1 to domain_name_servers), but you should really configure your router to offer Pi-hole's IPv6 address instead.

9

Unfortunately, it's starting to appear that my router (C6300) is becoming the limiting factor in this setup. It doesn't allow me to set an IPv6 DNS myself, so it will always default to the ISP's.

By your last comment, do you mean setting it up like so:

interface wlan0
        static ip_address=192.168.0.21/24
        static routers=192.168.0.1
        static domain_name_servers=1.1.1.1 1.0.0.1 ::1

If so, that did not solve the issue. Would setting up the RPi as the DHCP server potentially allow me to keep the router from setting the IPv6 or at least avoid it altogether? Or am I going to need a different router entirely?

10

DHCP for IPv4 and DHCPv6 for IPv6 are different protocols, and IPv6 offers another and far more common way for client address allocation via SLAAC.
Pi-hole can take all those roles, but it would depend on your router whether switching off DHCP would also disable DHCPv6 along with RAs for DNS (specifically RDNSS).

Since your router does not allow to configure a DNS server for IPv6, you'd have to test whether switching off DHCP would also switch off related protocols for IPv6.

If it doesn't, you could then still consider switching off IPv6 altogether, provided your router supports that.

As for the workaround I suggested, that edit would take a rebind or reboot of your RPi to become active, and it would of course just affect your RPi.
It won't stop your router from advertising IPv6 DNS servers. It's just giving your RPi another IPv6 DNS server address it may prefer over the ISP ones. You could also try to stop IPv6 DNS server allocation in resolv.conf altogether, but that's also really a workaround for your RPi only.

Your other machines can still use IPv6 to bypass Pi-hole as long as your router is offering them.

11

Thanks for the help! I simply wasn't able to get it to work. I think I'll need to upgrade to a better router/modem in the future and try again.

12

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.