I expected the internet to work on my desktop, but running without ads
Actual Behaviour:
My desktop is unable to connect to the internet, instead it returns the error code DNS_Probe_Finished_Bad_Config, which is obviously because the Pi isn't setup correctly. I have tried to fix it, but I'm afraid I don't have enough networking experience to do so.
Debug Token:
2gvsrykyzc, although to be fair I doubt you will find anything interesting in that log. It doesn't seem like it's a Pi-related issue.
Additional information:
I am 99% sure I am using a static IP for my router, however the router's Wi-Fi is dynamic IP. I reserved an IP (0.102) for the Pi's MAC address, which hopefully would solve any issue, if I understand the IPs correctly?
I am using TP-Link Archer C5 router, and using the settings page I've put "Primary DNS" as my Raspberry Pi, which is when the problem appears. If I try to use the pi.hole/admin DHCP server, I obviously have to turn off my Archer C5's DHCP first, which results in me having no internet at all.
Also, I'm using a not-public college/university-related ISP for my internet, which means they probably have some DNS-related stuff and relays etc., but I don't know whether that would impact the Pi-Hole more than any other ISP?
The router should always have a static IP address for LAN as routes on the clients are setup once only when connecting to a network.
If IP for the router would change all the time, these routes will break.
You dont have to create a DHCP reservation for Pi-hole on the router as the Pi-hole IP address should already be a static one.
If set a static IP for devices, they wont invoke DHCP to acquire an IP.
Can you post screenshots of these settings ?
Can you post screenshots of the "LAN DHCP server/service", or similar, on router too ?
When you switch DHCP to Pi-hole's one, can you post results from below one on the Windows client in a CMD prompt (I am presuming its Windows) ?
ipconfig /all
Mind after you switched, clients will need to renew their DHCP lease!
You can force this by disconnecting & reconnecting network on the clients or reboot them.
Or wait until the current lease expires which can take a long time.
This is how the DHCP part looks. There's also something with DNS servers under "Network --> WAN", but nothing under "Network --> LAN". As I said, I don't know much about networking in general, but I feel like when it says "DHCP" it should be the right place.
When you switch DHCP to Pi-hole’s one [...]
Well see that's the thing, when I switch the DHCP on my router off, literally all of my wi-fi units change IP and lose internet connection until I turn it back on again. That means I can't actually open the Pi-Hole admin page and turn on their DHCP. I haven't tried with a LAN cable though, as I only just arrived home and tested a few things, but since my Windows desktop still has internet through LAN, that might work. It still leaves me without wi-fi though, which is kinda pointless.
Also I forgot to mention that I can still access my Raspberry Pi with Remote Desktop from Windows despite having no internet connection. Don't know how that works.
DHCP settings are set correct on the screenshot.
That is the only setting on the router that needs changing away from default.
Now you have to check if those settings propagated by running below ipconfig command on the Windows client (in DOS command box):
When on the Windows client, you open that domain "doubleclick.com" in a browser, a blocking page should display resembling below screenshot (might need to clear browser cache):
If all the above are correct, you can be sure that all the ad domains that are on the Pi-hole lists will be blocked.
You can query those lists on Pi-hole with below one or use the web GUI:
Ipconfig in cmd correctly shows the DHCP server and DNS server as what I want.
nslookup pi.hole
This returns
Server: UnKnown
Address: 192.168.0.102
And several
DNS request timed out.
timeout was 2 seconds.
So it would seem like there's no connection to the Pi through my internet, but as I said, somehow remote desktop still works. Could it be a bad install on the Pi? The ad-blocking works fine on it, and it still has internet, but it doesn't work correctly as server. I could also try getting both the desktop and Pi on a LAN cable, but it would take some time for me to do correctly due to logistics.
When I use ifconfig (I'm assuming you mean the Pi Terminal command), it shows (under wlan0): inet 192.168.0.102 netmask 255.255.255.0 broadcast 192.168.0.255
I can indeed reach my Pi from my desktop by pinging it. Ping statistics for 192.168.0.102: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds: Minimum = 4ms, Maximum = 6ms, Average = 5ms
But that is THE ONLY THING I can reach from my desktop. Google doesn't work, neither does Facebook, reddit, or the college-net website I have to log into when I restart my router - I've wondered whether this might have had an influence, but I doubt it since my Pi works fine.
There is one strange thing though - the college net doesn't allow you to log in if you're not connected to one of their networks, and for some reason it doesn't see my Pi as connected to their network. I don't know where it gets internet from if not that (it's connected to my router after all), but it might be because I've changed my DNS manually, which their network doesn't like. According to their website, however, it shouldn't be a problem. They even provided a direct link to the login-page incase you change DNS settings, but as I said it doesn't work because the Pi is seen as an external device.
Well for remote desktop I just used the command apt-get install xrdp
on my Pi, which allowed me to use the built-in Windows tool to run stuff on the Pi. I did this to save time because it's a hassle to switch between my desktop and Pi when I only have 1 mouse and 1 keyboard, and they're in opposite sides of my appartment due to lack of power outlets.
Did you install a desktop (Gnome/KDE) on the Pi-hole machine and why ?
That desktop is eating up precious resources and for what.
Try to do more things using the Pi-hole BASH shell (SSH into it instead of RDP).
Things become more transparent.
EDIT. come to think of it, if that Pi-hole host got desktop and all, probably a firewall has been put up.
What is outcome of below one on Pi-hole ?
This is obviously while the Pi isn't the DNS, because as I said, if it's DNS I have no internet and I'd have to restart my router twice just to post this response. I hope it doesn't make a difference.
Oh sorry, I somehow managed to forget about that just now. I checked out the rebind protection, but I couldn't find anything on my router's admin page. Googling also didn't help, as people just responded that there was no such thing, so I guess either it doesn't do it, or I can't disable it.
I will try using Putty instead, but I'm unsure what it would change, as I'm pretty sure the Pi-Hole didn't work either before I downloaded xrdp.
No bother, the link is probably allot of abracadabra
I am not familiar with NOOBS but you have chosen a version that installs a desktop.
Probably you also had an option to install a minimal Raspbian version which is preferred.
Desptops just take up too many resources like RAM and CPU for a server especially on a Raspberry Pi.
Could you verify on Pi-hole if the dnsmasq daemon is running, the one that supposed to be answering your nslookup queries:
Oh, right. I actually chose the full version because it's (obviously) the first time I've worked with a Raspberry, and I thought it'd be easier to get some insight into how it works and what it'd take to do projects with it if I had a full desktop. Simply having a terminal window seems like it's a steep learning curve.
Either way:
sudo systemctl status dnsmasq -l
Returns Active: active (running) in a fancy green.
sudo netstat -nltup | grep dnsmasq
There's a lot of numbers here. See attached picture, because I wouldn't know what to look for.
There's one thing I come to remember just now, when I installed it, I only installed it for IPV4, and I believe I chose Google on that selection screen with a context I've forgotten (there was also "Custom", but that sounded difficult so I hoped it'd work out). Don't know if that helps at all, but I'm just throwing everything at a wall here.
As your able to ping from client, but cant do nslookups on the client, but can do lookups on pi-hole,
it feels like your router is blocking stuff similar as the rebind thingy.
Only way to find out is to set a static IP address on your client PC, instead of "auto", with the same IP/subnet as displayed when you do "ipconfig /all".
And take the router out of the loop by connecting the client PC straight into Pi-hole with a network cable.
If you do below lookup on the client PC, it shouldnt "timeout" this time:
nslookup pi.hole 192.168.0.102
EDIT: I just realized this is a bit hard when Pi-hole is connected through Wifi but its the only way to figure this one out (so you need to configure Pi-hole to use the ethernet port but first set IP for eth0).
Or maybe one of the developers knows a trick ?
So I know it's been 16 days, but I finally found time among exams to test this out. Yes, it's most definitely my router. I set it up at my parents' place, and it worked instantly with no issues (I did reinstall to non-desktop, only command-line Raspbian). Thank you very much for the troubleshooting. When I get to my own place, I will be checking my router's security options and finding the specific setting causing the issue (there are like a million security settings, I'm assuming it's one of them).
Again, thanks for the help, and sorry about my late, late, late closure to the issue.
