PiHole FTLDNS not reading configuration file (/etc/pihole/pihole-FTL.conf)?

jfb · June 18, 2018, 5:29pm

Expected Behaviour:

On startup, PiHole should read the /etc/pihole/pihole-FTL.conf file and implement those settings

Actual Behaviour:

On startup, PiHole is not reading this file and is using the default settings (I think).

Debug Token: l057m1d0dj

Notes:

I attempted to change the FTLDNS behavior for BLOCKINGMODE to NULL. Created file /etc/pihole/pihole-FTL.conf with the following contents:

AAAA_QUERY_ANALYSIS=no
BLOCKINGMODE=NULL

However, on restart of the Pi which is running PiHole, for some blocked domains it is returning the IP address of the PiHole, rather than NULL. When I attempt to manually load in a web browser a domain that is blocked with a wildcard (example.*), the website blocked interface comes up on my browser (indicative that the IP address of the PiHole is being returned and the web interface is appearing to allow me to whitelist it) and the returned IP address is the address of the PiHole as shown in the pihole.log.

A few lines of the tailed piHole log appear. IP address 135 is the computer requesting the example.net through a browser. IP address 119 is an Amazon Echo device requesting the same domain.

It looks like some of the blocked domains are being returned as 0.0.0.0 though (msmetrics.ws.sonos.com).

Jun 18 12:12:12 dnsmasq[1114]: 867 192.168.0.135/62525 query[A] example.net from 192.168.0.135
Jun 18 12:12:12 dnsmasq[1114]: 867 192.168.0.135/62525 config example.net is 192.168.0.100
Jun 18 12:12:13 dnsmasq[1114]: 868 192.168.0.135/61168 query[A] pi.hole from 192.168.0.135
Jun 18 12:12:13 dnsmasq[1114]: 868 192.168.0.135/61168 /etc/pihole/local.list pi.hole is 192.168.0.100
Jun 18 12:12:15 dnsmasq[1114]: 869 192.168.0.140/50075 query[A] nexus.officeapps.live.com from 192.168.0.140
Jun 18 12:12:15 dnsmasq[1114]: 869 192.168.0.140/50075 /etc/pihole/gravity.list nexus.officeapps.live.com is 0.0.0.0
Jun 18 12:12:20 dnsmasq[1114]: 870 192.168.0.114/40534 query[A] msmetrics.ws.sonos.com from 192.168.0.114
Jun 18 12:12:20 dnsmasq[1114]: 870 192.168.0.114/40534 /etc/pihole/gravity.list msmetrics.ws.sonos.com is 0.0.0.0
Jun 18 12:12:21 dnsmasq[1114]: 871 192.168.0.121/35217 query[A] device-metrics-us.amazon.com from 192.168.0.121
Jun 18 12:12:21 dnsmasq[1114]: 871 192.168.0.121/35217 /etc/pihole/gravity.list device-metrics-us.amazon.com is 0.0.0.0
Jun 18 12:12:24 dnsmasq[1114]: 872 192.168.0.115/38805 query[A] msmetrics.ws.sonos.com from 192.168.0.115
Jun 18 12:12:24 dnsmasq[1114]: 872 192.168.0.115/38805 /etc/pihole/gravity.list msmetrics.ws.sonos.com is 0.0.0.0
Jun 18 12:12:34 dnsmasq[1114]: 873 192.168.0.135/54826 query[SOA] local from 192.168.0.135
Jun 18 12:12:34 dnsmasq[1114]: 873 192.168.0.135/54826 forwarded local to 127.0.0.1
Jun 18 12:12:34 dnsmasq[1114]: 873 192.168.0.135/54826 validation result is SECURE
Jun 18 12:12:34 dnsmasq[1114]: 874 192.168.0.135/52072 query[PTR] b._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.135
Jun 18 12:12:34 dnsmasq[1114]: 874 192.168.0.135/52072 forwarded b._dns-sd._udp.0.0.168.192.in-addr.arpa to 127.0.0.1
Jun 18 12:12:34 dnsmasq[1114]: * 192.168.0.135/52072 dnssec-query[DS] 168.192.in-addr.arpa to 127.0.0.1
Jun 18 12:12:34 dnsmasq[1114]: 875 192.168.0.135/49741 query[PTR] db._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.135
Jun 18 12:12:34 dnsmasq[1114]: 875 192.168.0.135/49741 forwarded db._dns-sd._udp.0.0.168.192.in-addr.arpa to 127.0.0.1
Jun 18 12:12:34 dnsmasq[1114]: * 192.168.0.135/52072 reply 168.192.in-addr.arpa is BOGUS DS
Jun 18 12:12:34 dnsmasq[1114]: 874 192.168.0.135/52072 validation b._dns-sd._udp.0.0.168.192.in-addr.arpa is BOGUS
Jun 18 12:12:34 dnsmasq[1114]: * 192.168.0.135/49741 dnssec-query[DS] 168.192.in-addr.arpa to 127.0.0.1
Jun 18 12:12:34 dnsmasq[1114]: * 192.168.0.135/49741 reply 168.192.in-addr.arpa is BOGUS DS
Jun 18 12:12:34 dnsmasq[1114]: 875 192.168.0.135/49741 validation db._dns-sd._udp.0.0.168.192.in-addr.arpa is BOGUS
Jun 18 12:12:36 dnsmasq[1114]: 876 192.168.0.135/65453 query[SOA] local from 192.168.0.135
Jun 18 12:12:36 dnsmasq[1114]: 876 192.168.0.135/65453 forwarded local to 127.0.0.1
Jun 18 12:12:36 dnsmasq[1114]: 876 192.168.0.135/65453 validation result is SECURE
Jun 18 12:12:40 dnsmasq[1114]: 877 192.168.0.132/55648 query[SOA] local from 192.168.0.132
Jun 18 12:12:40 dnsmasq[1114]: 877 192.168.0.132/55648 forwarded local to 127.0.0.1
Jun 18 12:12:40 dnsmasq[1114]: 877 192.168.0.132/55648 validation result is SECURE
Jun 18 12:12:40 dnsmasq[1114]: 878 192.168.0.135/53816 query[SOA] local from 192.168.0.135
Jun 18 12:12:40 dnsmasq[1114]: 878 192.168.0.135/53816 forwarded local to 127.0.0.1
Jun 18 12:12:40 dnsmasq[1114]: 878 192.168.0.135/53816 validation result is SECURE
Jun 18 12:12:43 dnsmasq[1114]: 879 192.168.0.135/52200 query[SOA] local from 192.168.0.135
Jun 18 12:12:43 dnsmasq[1114]: 879 192.168.0.135/52200 forwarded local to 127.0.0.1
Jun 18 12:12:43 dnsmasq[1114]: 879 192.168.0.135/52200 validation result is SECURE
Jun 18 12:12:43 dnsmasq[1114]: 880 192.168.0.122/33967 query[A] device-metrics-us.amazon.com from 192.168.0.122
Jun 18 12:12:43 dnsmasq[1114]: 880 192.168.0.122/33967 /etc/pihole/gravity.list device-metrics-us.amazon.com is 0.0.0.0
Jun 18 12:12:45 dnsmasq[1114]: 881 192.168.0.131/52780 query[A] metrics.icloud.com from 192.168.0.131
Jun 18 12:12:45 dnsmasq[1114]: 881 192.168.0.131/52780 /etc/pihole/gravity.list metrics.icloud.com is 0.0.0.0
Jun 18 12:12:53 dnsmasq[1114]: 882 192.168.0.119/24644 query[A] www.example.com from 192.168.0.119
Jun 18 12:12:53 dnsmasq[1114]: 882 192.168.0.119/24644 config www.example.com is 192.168.0.100
Jun 18 12:12:53 dnsmasq[1114]: 883 192.168.0.119/37848 query[A] www.example.net from 192.168.0.119
Jun 18 12:12:53 dnsmasq[1114]: 883 192.168.0.119/37848 config www.example.net is 192.168.0.100
Jun 18 12:12:53 dnsmasq[1114]: 884 192.168.0.119/32670 query[A] www.example.org from 192.168.0.119
Jun 18 12:12:53 dnsmasq[1114]: 884 192.168.0.119/32670 config www.example.org is 192.168.0.100

Mcat12 · June 19, 2018, 12:19am

Look in /var/log/pihole-FTL.log for the configuration FTL thinks it has, and share it here.

jfb · June 19, 2018, 2:48am

After I restarted DNS (pihole restartdns), these are the pihole-FTL.log entries. Following that list below are a few lines from the pihole.log. It looks as if some requests are coming back as NULL (0.0.0.0) and others as the IP of the pihole (192.168.0.100). The ones that are coming back with the pihole IP (example.*) are in my wildcard blacklist, the others are not.

[2018-06-18 21:25:08.226] ########## FTL started! ##########
[2018-06-18 21:25:08.226] FTL branch: FTLDNS
[2018-06-18 21:25:08.226] FTL version:
[2018-06-18 21:25:08.226] FTL commit: 5ecab0a
[2018-06-18 21:25:08.226] FTL date: 2018-05-18 10:24:07 +0100
[2018-06-18 21:25:08.226] FTL user: pihole
[2018-06-18 21:25:08.227] Starting config file parsing (/etc/pihole/pihole-FTL.conf)
[2018-06-18 21:25:08.227] SOCKET_LISTENING: only local
[2018-06-18 21:25:08.227] AAAA_QUERY_ANALYSIS: Hide AAAA queries
[2018-06-18 21:25:08.227] MAXDBDAYS: max age for stored queries is 365 days
[2018-06-18 21:25:08.227] RESOLVE_IPV6: Resolve IPv6 addresses
[2018-06-18 21:25:08.227] RESOLVE_IPV4: Resolve IPv4 addresses
[2018-06-18 21:25:08.227] DBINTERVAL: saving to DB file every minute
[2018-06-18 21:25:08.227] DBFILE: Using /etc/pihole/pihole-FTL.db
[2018-06-18 21:25:08.227] MAXLOGAGE: Importing up to 24.0 hours of log data
[2018-06-18 21:25:08.227] PRIVACYLEVEL: Set to 0
[2018-06-18 21:25:08.227] IGNORE_LOCALHOST: Show queries from localhost
[2018-06-18 21:25:08.227] BLOCKINGMODE: Null IPs for blocked domains
[2018-06-18 21:25:08.227] BLOCKINGREGEX: Not set
[2018-06-18 21:25:08.227] Finished config file parsing
[2018-06-18 21:25:08.228] Database successfully initialized
[2018-06-18 21:25:08.229] Notice: Increasing queries struct size from 0 to 10000 (480.15 KB)
[2018-06-18 21:25:08.229] Notice: Increasing domains struct size from 0 to 1000 (500.15 KB)
[2018-06-18 21:25:08.229] Notice: Increasing clients struct size from 0 to 10 (500.42 KB)
[2018-06-18 21:25:08.229] Notice: Increasing overTime struct size from 0 to 100 (506.44 KB)
[2018-06-18 21:25:08.229] New forward server: 127.0.0.1 (0/0)
[2018-06-18 21:25:08.229] Notice: Increasing forwarded struct size from 0 to 4 (506.74 KB)
[2018-06-18 21:25:08.230] Notice: Increasing clients struct size from 10 to 20 (507.24 KB)
[2018-06-18 21:25:08.234] Notice: Increasing clients struct size from 20 to 30 (511.53 KB)
[2018-06-18 21:25:08.288] Notice: Increasing queries struct size from 10000 to 20000 (998.50 KB)
[2018-06-18 21:25:08.343] Notice: Increasing domains struct size from 1000 to 2000 (1.03 MB)
[2018-06-18 21:25:08.371] Notice: Increasing overTime struct size from 100 to 200 (1.05 MB)
[2018-06-18 21:25:08.373] Notice: Increasing queries struct size from 20000 to 30000 (1.53 MB)
[2018-06-18 21:25:08.450] Notice: Increasing domains struct size from 2000 to 3000 (1.56 MB)
[2018-06-18 21:25:08.466] Notice: Increasing queries struct size from 30000 to 40000 (2.04 MB)
[2018-06-18 21:25:08.471] Imported 30603 queries from the long-term database
[2018-06-18 21:25:08.472] -> Total DNS queries: 30603
[2018-06-18 21:25:08.472] -> Cached DNS queries: 3351
[2018-06-18 21:25:08.472] -> Forwarded DNS queries: 4709
[2018-06-18 21:25:08.472] -> Exactly blocked DNS queries: 16331
[2018-06-18 21:25:08.472] -> Wildcard blocked DNS queries: 6200
[2018-06-18 21:25:08.472] -> Unknown DNS queries: 12
[2018-06-18 21:25:08.472] -> Unique domains: 2085
[2018-06-18 21:25:08.472] -> Unique clients: 25
[2018-06-18 21:25:08.472] -> Known forward destinations: 1
[2018-06-18 21:25:08.472] Successfully accessed setupVars.conf
[2018-06-18 21:25:08.478] PID of FTL process: 16929
[2018-06-18 21:25:08.478] Listening on port 4711 for incoming IPv4 telnet connections
[2018-06-18 21:25:08.479] Listening on port 4711 for incoming IPv6 telnet connections
[2018-06-18 21:25:08.479] Listening on Unix socket
[2018-06-18 21:25:08.480] Notice: Increasing wildcards struct size from 0 to 100 (2.04 MB)
[2018-06-18 21:25:08.481] Wildcard blocking list entries: 3
[2018-06-18 21:25:08.481] /etc/pihole/black.list: parsed 2 domains (took 0.0 ms)
[2018-06-18 21:25:13.813] /etc/pihole/gravity.list: parsed 861295 domains (took 5331.8 ms)

A few lines from the pihole log following this restart:

Jun 18 21:41:15 dnsmasq[16929]: 591 192.168.0.135/64487 query[A] metrics.icloud.com from 192.168.0.135
Jun 18 21:41:15 dnsmasq[16929]: 591 192.168.0.135/64487 /etc/pihole/gravity.list metrics.icloud.com is 0.0.0.0
Jun 18 21:41:20 dnsmasq[16929]: 592 192.168.0.123/61037 query[A] fls-na.amazon.com from 192.168.0.123
Jun 18 21:41:20 dnsmasq[16929]: 592 192.168.0.123/61037 /etc/pihole/gravity.list fls-na.amazon.com is 0.0.0.0
Jun 18 21:41:15 dnsmasq[16929]: 591 192.168.0.135/64487 query[A] metrics.icloud.com from 192.168.0.135
Jun 18 21:41:15 dnsmasq[16929]: 591 192.168.0.135/64487 /etc/pihole/gravity.list metrics.icloud.com is 0.0.0.0
Jun 18 21:41:20 dnsmasq[16929]: 592 192.168.0.123/61037 query[A] fls-na.amazon.com from 192.168.0.123
Jun 18 21:41:20 dnsmasq[16929]: 592 192.168.0.123/61037 /etc/pihole/gravity.list fls-na.amazon.com is 0.0.0.0
Jun 18 21:41:30 dnsmasq[16929]: 594 192.168.0.110/36772 query[AAAA] fw-update2.smartthings.com from 192.168.0.110
Jun 18 21:41:30 dnsmasq[16929]: 594 192.168.0.110/36772 cached fw-update2.smartthings.com is NODATA-IPv6
Jun 18 21:41:37 dnsmasq[16929]: 595 192.168.0.122/53416 query[A] device-metrics-us.amazon.com from 192.168.0.122
Jun 18 21:41:37 dnsmasq[16929]: 595 192.168.0.122/53416 /etc/pihole/gravity.list device-metrics-us.amazon.com is 0.0.0.0
Jun 18 21:41:40 dnsmasq[16929]: 596 192.168.0.121/59572 query[A] device-metrics-us.amazon.com from 192.168.0.121
Jun 18 21:41:40 dnsmasq[16929]: 596 192.168.0.121/59572 /etc/pihole/gravity.list device-metrics-us.amazon.com is 0.0.0.0
Jun 18 21:41:40 dnsmasq[16929]: 597 192.168.0.120/40532 query[A] device-metrics-us.amazon.com from 192.168.0.120
Jun 18 21:41:40 dnsmasq[16929]: 597 192.168.0.120/40532 /etc/pihole/gravity.list device-metrics-us.amazon.com is 0.0.0.0
Jun 18 21:41:45 dnsmasq[16929]: 598 192.168.0.118/50770 query[A] www.example.com from 192.168.0.118
Jun 18 21:41:45 dnsmasq[16929]: 598 192.168.0.118/50770 config www.example.com is 192.168.0.100

jfb · June 19, 2018, 9:30pm

It seems that the problem is not that PiHole is not reading the configuration files correctly, the problem appears to be that domains on my local blacklist are not being reported as null.

I ran "dig" on two domains (results below), one known to be on a blocklist and one on my local blacklist.

Then, I cleared "example.com" from my blacklist, and "dig example.com" returned the IP address 93.184.216.34 as expected. Then I put "example.com" back in the local wildcard blacklist, and it returned the IP address of the PiHole.

From MacOS terminal (the PiHole is listed as my DNS):

"dig flurry.com" returns NULL - this domain is on one of the blocklists
; <<>> DiG 9.10.6 <<>> flurry.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flurry.com. IN A

;; ANSWER SECTION:
flurry.com. 2 IN A 0.0.0.0

;; Query time: 62 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Tue Jun 19 16:17:11 CDT 2018
;; MSG SIZE rcvd: 55

"dig example.com" returns IP address of PiHole - this domain is on a local wildcard blacklist
; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36958
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
example.com. 2 IN A 192.168.0.100

;; Query time: 57 msec
;; SERVER: 192.168.0.100#53(192.168.0.100)
;; WHEN: Tue Jun 19 16:20:50 CDT 2018
;; MSG SIZE rcvd: 45

Mcat12 · June 20, 2018, 12:15am

So, the wildcard blacklist actually is generated using the IP address of the Pi-hole, and is not updated when you change the blocking mode. However, in development and soon to be in the FTLDNS branch is regex blocking, which replaces wildcard blocking and will adhere to the block mode.

jfb · June 20, 2018, 3:04am

Thanks. I'll look forward to that version.

jfb · June 22, 2018, 3:07pm

If I read this post correctly (Blocking via regex now available in FTLDNS) this feature is on the beta now, and I'm on that branch (Pi-hole Version vDev (FTLDNS, v3.3-181-ga7e7680) Web Interface Version vDev (FTLDNS, v3.2.1-195-g4355bde2) FTL Version vDev (FTLDNS, vDev-5ecab0a).

I haven't done regular expressions and grep in about 30 years. What would be the correct BLOCKINGREGEX command to block these domains - www.example.com, www.example.org, www.example.net?

Would this do it (would block "www.example" followed by any domain)? I couldn't figure out how to narrow the domains to .com, .net and .org.

BLOCKINGREGEX=^www.example.*$

Mcat12 · June 23, 2018, 2:33am

See here for some regex information: Redirecting...

That documentation references the development version, which has improved support for regex filtering, such as moving from the BLOCKINGREGEX setting to a regex list file: /etc/pihole/regex.list

system · July 14, 2018, 2:33am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.