pihole-FTL failed to create listening socket for port 53

Dnsmasq logs go to /var/log/pihole.log

It looks like stubby conflicts on some ports with FTL.

And maybe cloudflared, too.

Nope.
netstat shows cloudflared listening on port 5053 which is not conflicting with pihole-FTL.
stubby though is conflicting on DNS port 53 UDP:

I gave stubby 127.0.0.2 on all of my three setups,
while dnsmasq/pihole remain on 127.0.0.1:53.
Still pihole-FTL does not autostart after reboot, when using
conventional unit files. If the autostart is delayed, pihole-FTL
starts as expected.

Also, on one pihole with cloudflared (EDIT: 127.0.0.1:5053, sorry for the typo) pihole-FTL
does not autostart.

To me, netstat monitoring can give hints during runtime.
But it does not show what happens at boot time.
Is there a way to monitor this?

On the system that runs pihole-FTL, stubby and cloudflared I checked netstat some days ago allready.
There is no obvious conflict concerning the listening address. Each of the three services uses its own set of ip address and port.

sudo grep -v '^#\|^$' -R /etc/dnsmasq.*

?
Might want to edit out some details!

Could try ad below directive in seperate new config file /etc/dnsmasq.d/99-my-settings.conf:

bind-interfaces

pihole-FTL might skip trying to bind to that 127.0.0.2 ip and hopefully start.
Or else you need to configure pihole-FTL to only listen on particular IP's.
And same with stubby ... need to tell it to only listen on 127.0.0.2.

EDIT:

Ah, thank you for this supplement :slight_smile:

Is there anything I can do now?
Can we expect further investigation of this issue from dnsmasq developers?
Or should I contact them myself?

This bit is not true I believe.
With default configuration of Pi-hole, the pihole-FTL daemon tries to bind to all IP's 0.0.0.0
So to prevent, you need to force pihole-FTL to listen/bind only on particular IP's.
Nothing wrong with Pi-hole and I dont believe the devs can do allot about it.

1 Like

I now tried bind-interfaces, and listen-address,
and both options together in /etc/dnsmasq.d/99-my-settings.conf, like here:

listen-address=::1,127.0.0.1,192.168.73.121
bind-interfaces

It doesnt change anything concerning the autostart of pihole -- it does not start at boot time.
It starts only on runtime, if stubby is configured to autostart, too.

Stubby is still listening on its own interface 127.0.0.2.
On the second of three systems I use, I configured stubby for 127.0.0.11.
It should not and it does not make a difference, pihole does not autostart.

If you get pihole-FTL to run, how does a netstat look like now ?
Does it only listen now to the IP's you configured in 99-my-settings.conf ?

EDIT: Ohw and this bit:

To me, after a reboot an manually starting pihole-FTL everything looks as it should.

What I did before these monitoring commands:

  • rebooted the system

  • logged in and checked, if pihole was running

  • systemctl status pihole-FTL
    

    ● pihole-FTL.service - LSB: pihole-FTL daemon
    Loaded: loaded (/etc/init.d/pihole-FTL; static; vendor preset: enabled)
    Active: inactive (dead)
    Docs: man:systemd-sysv-generator(8)

  • systemctl restart pihole-FTL

      netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
      Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
      tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      655/lighttpd        
      tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      887/pihole-FTL      
      tcp        0      0 127.0.0.2:10053         0.0.0.0:*               LISTEN      553/stubby          
      tcp6       0      0 :::80                   :::*                    LISTEN      655/lighttpd        
      tcp6       0      0 :::53                   :::*                    LISTEN      887/pihole-FTL      
      udp        0      0 0.0.0.0:53              0.0.0.0:*                           887/pihole-FTL      
      udp        0      0 0.0.0.0:67              0.0.0.0:*                           887/pihole-FTL      
      udp        0      0 127.0.0.2:10053         0.0.0.0:*                           553/stubby          
      udp6       0      0 :::53                   :::*                                887/pihole-FTL      
    

    grep -v '^#|^$' -R /etc/dnsmasq.*

    /etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
    /etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
    /etc/dnsmasq.d/99-my-settings.conf:listen-address=::1,127.0.0.1,192.168.73.121
    /etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
    /etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
    /etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
    /etc/dnsmasq.d/01-pihole.conf:localise-queries
    /etc/dnsmasq.d/01-pihole.conf:no-resolv
    /etc/dnsmasq.d/01-pihole.conf:cache-size=10000
    /etc/dnsmasq.d/01-pihole.conf:log-queries
    /etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
    /etc/dnsmasq.d/01-pihole.conf:local-ttl=2
    /etc/dnsmasq.d/01-pihole.conf:log-async
    /etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:wpad-ignore,wpad
    /etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:wpad-ignore
    /etc/dnsmasq.d/01-pihole.conf:server=1.1.1.1
    /etc/dnsmasq.d/01-pihole.conf:domain-needed
    /etc/dnsmasq.d/01-pihole.conf:bogus-priv
    /etc/dnsmasq.d/01-pihole.conf:dnssec
    /etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
    /etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
    /etc/dnsmasq.d/01-pihole.conf:local-service
    /etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-authoritative
    /etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=192.168.222.201,192.168.222.251,24h
    /etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option:router,192.168.222.1
    /etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-leasefile=/etc/pihole/dhcp.leases
    /etc/dnsmasq.d/02-pihole-dhcp.conf:domain=lan

And just for the record, before starting pihole-FTL manually, it does not listen on port 53 (on port 5353 Avahi is listening):

netstat -an|grep 53
tcp        0      0 127.0.0.2:10053         0.0.0.0:*               LISTEN     
udp        0      0 0.0.0.0:5353            0.0.0.0:*                          
udp        0      0 127.0.0.2:10053         0.0.0.0:*                          
udp6       0      0 :::5353                 :::*                               
unix  2      [ ]         DGRAM                    8536     
unix  3      [ ]         STREAM     VERBUNDEN     13553    

root@cube:/home/pi# netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      655/lighttpd        
tcp        0      0 127.0.0.2:10053         0.0.0.0:*               LISTEN      553/stubby          
tcp6       0      0 :::80                   :::*                    LISTEN      655/lighttpd        
udp        0      0 127.0.0.2:10053         0.0.0.0:*                           553/stubby

pihole-FTL is still trying to bind to all 0.0.0.0

I miss the bind-interfaces directive in the 99-my-settings.conf file ?

And it seems stubby port has changed to 10053 ?

1 Like

I have set up several systems with pihole.
This one has got stubby (127.0.0.2:10053) and cloudflared (127.0.0.1:5053, but deactivated).
Since you insisted, cloudflared would not interfere whith pihole-FTL, I am talking all the time about this particular system. Yes, currently bind-interfaces is disabled. I have checked whith, and without this option.

cat /etc/dnsmasq.d/99-my-settings.conf
listen-address=::1,127.0.0.1,192.168.73.121
#bind-interfaces

Give me a few minutes to repeat with bind-interfaces enabled again.

The changes to the listening behaviour of pihole-FTL are only necessary on the system that runs stubby on conflicting port 53 !

I dont have any system running stubby on port 127.0.0.1:53.

I have one system whith only pihole and stubby (127.0.0.2:53).
And there is this one, where I use 127.0.0.2:10053 for stubby.

This is the output with bind-interfaces after reboot; pihole-FTL was not started manually:

cat /etc/dnsmasq.d/99-my-settings.conf
listen-address=::1,127.0.0.1,192.168.73.121
bind-interfaces


grep -v '^#\|^$' -R /etc/dnsmasq.*
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/99-my-settings.conf:listen-address=::1,127.0.0.1,192.168.73.121
/etc/dnsmasq.d/99-my-settings.conf:bind-interfaces
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:wpad-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:wpad-ignore
/etc/dnsmasq.d/01-pihole.conf:server=1.1.1.1
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:dnssec
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
/etc/dnsmasq.d/01-pihole.conf:local-service
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-authoritative
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=192.168.222.201,192.168.222.251,24h
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option:router,192.168.222.1
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-leasefile=/etc/pihole/dhcp.leases
/etc/dnsmasq.d/02-pihole-dhcp.conf:domain=lan

netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      635/lighttpd        
tcp        0      0 127.0.0.2:10053         0.0.0.0:*               LISTEN      561/stubby          
tcp6       0      0 :::80                   :::*                    LISTEN      635/lighttpd        
udp        0      0 127.0.0.2:10053         0.0.0.0:*                           561/stubby

netstat -an|grep 53
tcp        0      0 127.0.0.2:10053         0.0.0.0:*               LISTEN     
udp        0      0 0.0.0.0:5353            0.0.0.0:*                          
udp        0      0 127.0.0.2:10053         0.0.0.0:*                          
udp6       0      0 :::5353                 :::*                               
unix  3      [ ]         STREAM     VERBUNDEN     11453    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     VERBUNDEN     11853    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     VERBUNDEN     12539    /run/systemd/journal/stdout

And this is the output after systemctl restart pihole-FTL:

netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      635/lighttpd        
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      839/pihole-FTL      
tcp        0      0 192.168.73.121:53       0.0.0.0:*               LISTEN      839/pihole-FTL      
tcp        0      0 127.0.0.2:10053         0.0.0.0:*               LISTEN      561/stubby          
tcp6       0      0 :::80                   :::*                    LISTEN      635/lighttpd        
tcp6       0      0 ::1:53                  :::*                    LISTEN      839/pihole-FTL      
udp        0      0 127.0.0.1:53            0.0.0.0:*                           839/pihole-FTL      
udp        0      0 192.168.73.121:53       0.0.0.0:*                           839/pihole-FTL      
udp        0      0 0.0.0.0:67              0.0.0.0:*                           839/pihole-FTL      
udp        0      0 127.0.0.2:10053         0.0.0.0:*                           561/stubby          
udp6       0      0 ::1:53                  :::*                                839/pihole-FTL

netstat -an|grep 53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 192.168.73.121:53       0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.2:10053         0.0.0.0:*               LISTEN     
tcp6       0      0 ::1:53                  :::*                    LISTEN     
udp        0      0 127.0.0.1:53            0.0.0.0:*                          
udp        0      0 192.168.73.121:53       0.0.0.0:*                          
udp        0      0 0.0.0.0:5353            0.0.0.0:*                          
udp        0      0 127.0.0.2:10053         0.0.0.0:*                          
udp6       0      0 ::1:53                  :::*                               
udp6       0      0 :::5353                 :::*                               
unix  3      [ ]         STREAM     VERBUNDEN     11453    /run/systemd/journal/stdout
unix  2      [ ]         DGRAM                    16537    
unix  3      [ ]         STREAM     VERBUNDEN     16530    
unix  2      [ ]         DGRAM                    16534    
unix  3      [ ]         STREAM     VERBUNDEN     11853    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     VERBUNDEN     12539    /run/systemd/journal/stdout

This is the one going to conflict with pihole-FTL as it will try to bind to 0.0.0.0 wich also includes 127.0.0.2:53 from stubby.

Config looks OK and if try to get pihole-FTL to run again, how does a netstat look like ?

EDIT: our postings crossed

Okay :slight_smile:

I will change 127.0.0.2:53 to 127.0.0.2:10053 on that system, too and report back in a few minutes.

Ok its a bit confusing you having 2 systems and I am trying to help out the conflicting one.
But you might experience a compound problem.
Maye DNSSEC.
Is time/date correct ?

date

After a fresh reboot post outcome for below ones again please:

sudo systemctl status pihole-FTL -l

sudo journalctl -u pihole-FTL

EDIT: Ohw ps. netstat looks good this time.

Ohw2 and if want to have proper netstat output including 4711:

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:4711 \|:10053 '