Dnsmasq logs go to /var/log/pihole.log
It looks like stubby conflicts on some ports with FTL.
Dnsmasq logs go to /var/log/pihole.log
It looks like stubby conflicts on some ports with FTL.
And maybe cloudflared, too.
Nope.
netstat
shows cloudflared
listening on port 5053 which is not conflicting with pihole-FTL
.
stubby
though is conflicting on DNS port 53 UDP:
I gave stubby 127.0.0.2 on all of my three setups,
while dnsmasq/pihole remain on 127.0.0.1:53.
Still pihole-FTL does not autostart after reboot, when using
conventional unit files. If the autostart is delayed, pihole-FTL
starts as expected.
Also, on one pihole with cloudflared (EDIT: 127.0.0.1:5053, sorry for the typo) pihole-FTL
does not autostart.
To me, netstat monitoring can give hints during runtime.
But it does not show what happens at boot time.
Is there a way to monitor this?
On the system that runs pihole-FTL, stubby and cloudflared I checked netstat some days ago allready.
There is no obvious conflict concerning the listening address. Each of the three services uses its own set of ip address and port.
sudo grep -v '^#\|^$' -R /etc/dnsmasq.*
?
Might want to edit out some details!
Could try ad below directive in seperate new config file /etc/dnsmasq.d/99-my-settings.conf
:
bind-interfaces
pihole-FTL
might skip trying to bind to that 127.0.0.2 ip and hopefully start.
Or else you need to configure pihole-FTL
to only listen on particular IP's.
And same with stubby
... need to tell it to only listen on 127.0.0.2.
EDIT:
Ah, thank you for this supplement
Is there anything I can do now?
Can we expect further investigation of this issue from dnsmasq developers?
Or should I contact them myself?
This bit is not true I believe.
With default configuration of Pi-hole, the pihole-FTL
daemon tries to bind to all IP's 0.0.0.0
So to prevent, you need to force pihole-FTL
to listen/bind only on particular IP's.
Nothing wrong with Pi-hole and I dont believe the devs can do allot about it.
I now tried bind-interfaces, and listen-address,
and both options together in /etc/dnsmasq.d/99-my-settings.conf, like here:
listen-address=::1,127.0.0.1,192.168.73.121
bind-interfaces
It doesnt change anything concerning the autostart of pihole -- it does not start at boot time.
It starts only on runtime, if stubby is configured to autostart, too.
Stubby is still listening on its own interface 127.0.0.2.
On the second of three systems I use, I configured stubby for 127.0.0.11.
It should not and it does not make a difference, pihole does not autostart.
If you get pihole-FTL
to run, how does a netstat
look like now ?
Does it only listen now to the IP's you configured in 99-my-settings.conf
?
EDIT: Ohw and this bit:
To me, after a reboot an manually starting pihole-FTL everything looks as it should.
What I did before these monitoring commands:
rebooted the system
logged in and checked, if pihole was running
systemctl status pihole-FTL
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; static; vendor preset: enabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
systemctl restart pihole-FTL
netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 655/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 887/pihole-FTL
tcp 0 0 127.0.0.2:10053 0.0.0.0:* LISTEN 553/stubby
tcp6 0 0 :::80 :::* LISTEN 655/lighttpd
tcp6 0 0 :::53 :::* LISTEN 887/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 887/pihole-FTL
udp 0 0 0.0.0.0:67 0.0.0.0:* 887/pihole-FTL
udp 0 0 127.0.0.2:10053 0.0.0.0:* 553/stubby
udp6 0 0 :::53 :::* 887/pihole-FTL
grep -v '^#|^$' -R /etc/dnsmasq.*
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/99-my-settings.conf:listen-address=::1,127.0.0.1,192.168.73.121
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:wpad-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:wpad-ignore
/etc/dnsmasq.d/01-pihole.conf:server=1.1.1.1
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:dnssec
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
/etc/dnsmasq.d/01-pihole.conf:local-service
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-authoritative
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=192.168.222.201,192.168.222.251,24h
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option:router,192.168.222.1
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-leasefile=/etc/pihole/dhcp.leases
/etc/dnsmasq.d/02-pihole-dhcp.conf:domain=lan
And just for the record, before starting pihole-FTL manually, it does not listen on port 53 (on port 5353 Avahi is listening):
netstat -an|grep 53
tcp 0 0 127.0.0.2:10053 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.2:10053 0.0.0.0:*
udp6 0 0 :::5353 :::*
unix 2 [ ] DGRAM 8536
unix 3 [ ] STREAM VERBUNDEN 13553
root@cube:/home/pi# netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 655/lighttpd
tcp 0 0 127.0.0.2:10053 0.0.0.0:* LISTEN 553/stubby
tcp6 0 0 :::80 :::* LISTEN 655/lighttpd
udp 0 0 127.0.0.2:10053 0.0.0.0:* 553/stubby
pihole-FTL
is still trying to bind to all 0.0.0.0
I miss the bind-interfaces
directive in the 99-my-settings.conf
file ?
And it seems stubby
port has changed to 10053 ?
I have set up several systems with pihole.
This one has got stubby (127.0.0.2:10053) and cloudflared (127.0.0.1:5053, but deactivated).
Since you insisted, cloudflared would not interfere whith pihole-FTL, I am talking all the time about this particular system. Yes, currently bind-interfaces is disabled. I have checked whith, and without this option.
cat /etc/dnsmasq.d/99-my-settings.conf
listen-address=::1,127.0.0.1,192.168.73.121
#bind-interfaces
Give me a few minutes to repeat with bind-interfaces enabled again.
The changes to the listening behaviour of pihole-FTL
are only necessary on the system that runs stubby
on conflicting port 53 !
I dont have any system running stubby on port 127.0.0.1:53.
I have one system whith only pihole and stubby (127.0.0.2:53).
And there is this one, where I use 127.0.0.2:10053 for stubby.
This is the output with bind-interfaces after reboot; pihole-FTL was not started manually:
cat /etc/dnsmasq.d/99-my-settings.conf
listen-address=::1,127.0.0.1,192.168.73.121
bind-interfaces
grep -v '^#\|^$' -R /etc/dnsmasq.*
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/99-my-settings.conf:listen-address=::1,127.0.0.1,192.168.73.121
/etc/dnsmasq.d/99-my-settings.conf:bind-interfaces
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:wpad-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:wpad-ignore
/etc/dnsmasq.d/01-pihole.conf:server=1.1.1.1
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:dnssec
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
/etc/dnsmasq.d/01-pihole.conf:local-service
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-authoritative
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=192.168.222.201,192.168.222.251,24h
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option:router,192.168.222.1
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-leasefile=/etc/pihole/dhcp.leases
/etc/dnsmasq.d/02-pihole-dhcp.conf:domain=lan
netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 635/lighttpd
tcp 0 0 127.0.0.2:10053 0.0.0.0:* LISTEN 561/stubby
tcp6 0 0 :::80 :::* LISTEN 635/lighttpd
udp 0 0 127.0.0.2:10053 0.0.0.0:* 561/stubby
netstat -an|grep 53
tcp 0 0 127.0.0.2:10053 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.2:10053 0.0.0.0:*
udp6 0 0 :::5353 :::*
unix 3 [ ] STREAM VERBUNDEN 11453 /run/systemd/journal/stdout
unix 3 [ ] STREAM VERBUNDEN 11853 /run/systemd/journal/stdout
unix 3 [ ] STREAM VERBUNDEN 12539 /run/systemd/journal/stdout
And this is the output after systemctl restart pihole-FTL
:
netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|10053'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 635/lighttpd
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 839/pihole-FTL
tcp 0 0 192.168.73.121:53 0.0.0.0:* LISTEN 839/pihole-FTL
tcp 0 0 127.0.0.2:10053 0.0.0.0:* LISTEN 561/stubby
tcp6 0 0 :::80 :::* LISTEN 635/lighttpd
tcp6 0 0 ::1:53 :::* LISTEN 839/pihole-FTL
udp 0 0 127.0.0.1:53 0.0.0.0:* 839/pihole-FTL
udp 0 0 192.168.73.121:53 0.0.0.0:* 839/pihole-FTL
udp 0 0 0.0.0.0:67 0.0.0.0:* 839/pihole-FTL
udp 0 0 127.0.0.2:10053 0.0.0.0:* 561/stubby
udp6 0 0 ::1:53 :::* 839/pihole-FTL
netstat -an|grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 192.168.73.121:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.2:10053 0.0.0.0:* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 192.168.73.121:53 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 127.0.0.2:10053 0.0.0.0:*
udp6 0 0 ::1:53 :::*
udp6 0 0 :::5353 :::*
unix 3 [ ] STREAM VERBUNDEN 11453 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 16537
unix 3 [ ] STREAM VERBUNDEN 16530
unix 2 [ ] DGRAM 16534
unix 3 [ ] STREAM VERBUNDEN 11853 /run/systemd/journal/stdout
unix 3 [ ] STREAM VERBUNDEN 12539 /run/systemd/journal/stdout
This is the one going to conflict with pihole-FTL
as it will try to bind to 0.0.0.0
wich also includes 127.0.0.2:53
from stubby
.
Config looks OK and if try to get pihole-FTL
to run again, how does a netstat
look like ?
EDIT: our postings crossed
Okay
I will change 127.0.0.2:53 to 127.0.0.2:10053 on that system, too and report back in a few minutes.
Ok its a bit confusing you having 2 systems and I am trying to help out the conflicting one.
But you might experience a compound problem.
Maye DNSSEC.
Is time/date correct ?
date
After a fresh reboot post outcome for below ones again please:
sudo systemctl status pihole-FTL -l
sudo journalctl -u pihole-FTL
EDIT: Ohw ps. netstat
looks good this time.
Ohw2 and if want to have proper netstat
output including 4711:
sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:4711 \|:10053 '