Pihole in Ubuntu 18.04 VirtualBox VM on Windows 10 Host unable to reach Internet

Jorgsmash · March 29, 2019, 3:41pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

_[

Ping and nslookup from the VM and the host should work. Ubuntu VM should be able to resolve host names and get to Internet for OS updates and Pihole Blocklist updates.

]_

Actual Behaviour:

_[Ubuntu VM ping and nslookup not working. Pihole update not working. DNS resolution fails.

Windows 10 Host machine - Ping is working, but nslookup fails:

nslookup google.com
Server: hogwarts-pihole
Address: 192.168.0.5

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to hogwarts-pihole timed-out

C:\Users\user>ping google.com

Pinging google.com [172.217.12.206] with 32 bytes of data:
Reply from 172.217.12.206: bytes=32 time=42ms TTL=53
Reply from 172.217.12.206: bytes=32 time=42ms TTL=53
Reply from 172.217.12.206: bytes=32 time=38ms TTL=53
Reply from 172.217.12.206: bytes=32 time=38ms TTL=53

Ping statistics for 172.217.12.206:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 42ms, Average = 40ms

Pinging the vm from the host works:

ping hogwarts-pihole

Pinging hogwarts-pihole [192.168.0.5] with 32 bytes of data:
Reply from 192.168.0.5: bytes=32 time<1ms TTL=64
Reply from 192.168.0.5: bytes=32 time<1ms TTL=64
Reply from 192.168.0.5: bytes=32 time<1ms TTL=64
Reply from 192.168.0.5: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.0.5:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Router is set up to use the pihole (192.168.0.5) as primary DNS, and AdGuard DNS as secondary and tertiary DNS. I took a look at the debug log and I see that the Gateway is not responding. I don't know if that's the issue here but I'm not sure why the gateway wouldn't be responding. The VM is in bridged mode.

Internet connectivity is working on all devices and the pihole seems to be blocking domains on the blacklist by checking the log. Pihole Admin Console is working and is showing stats that indicate it is blocking requests. 32% of total queries blocked. If I got to a website that is on the blocklist, it gets piholed and I can see it in the log e.g. www.alexa.com

Pihole debug is unable to upload the debug log because it can't get out to the Internet.
]_

Debug Token:

[ nknxnume38! ]

jfb · March 29, 2019, 3:50pm

From your debug log - there is a connection issue between the Pi-Hole host and the router:

[i] Default IPv4 gateway: 192.168.0.1
   * Pinging 192.168.0.1...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)

[i] Default IPv6 gateway: fe80::425d:82ff:fed3:149a
fe80::425d:82ff:fed3:149a
   * Pinging fe80::425d:82ff:fed3:149a
fe80::425d:82ff:fed3:149a...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)

In the previous 24 hours from your local time shown below, there were 10 clients connected to the Pi-Hole and queries as follows:

   [2019-03-29 01:09:01.299 1441] Imported 10170 queries from the long-term database
   [2019-03-29 01:09:01.300 1441]  -> Total DNS queries: 10170
   [2019-03-29 01:09:01.300 1441]  -> Cached DNS queries: 115
   [2019-03-29 01:09:01.300 1441]  -> Forwarded DNS queries: 5561
   [2019-03-29 01:09:01.300 1441]  -> Exactly blocked DNS queries: 4494
   [2019-03-29 01:09:01.300 1441]  -> Unknown DNS queries: 0
   [2019-03-29 01:09:01.300 1441]  -> Unique domains: 435
   [2019-03-29 01:09:01.300 1441]  -> Unique clients: 10
   [2019-03-29 01:09:01.300 1441]  -> Known forward destinations: 1

This is a problem. With AdGuard available, some of your network traffic will bypass Pi-Hole. Pi-Hole should be the only DNS offered.

Jorgsmash · March 29, 2019, 4:14pm

Well I have the secondary and tertiary DNS set up for redundancy. The pihole is running on my laptop and I'm not always at home. Other people need to use the Internet and if anything ever goes wrong with the Pihole VM or my host then there would be no Internet connectivity at all.

jfb · March 29, 2019, 4:19pm

This somewhat defeats the purpose of the Pi-Hole. Clients will use whatever DNS is available. When you leave and take your laptop/Pi-Hole with you, the other clients all move to the other DNS. When you come back with your Pi-Hole, there is nothing driving them back to the Pi-Hole. Some of the traffic may find it's way there, but not all.

You are putting a band-aid on the reliabilty problem of your existing Pi-Hole.

My recommendation would be to pick up an inexpensive Pi Zero or Zero W and put Pi-Hole on that. That Pi-Hole instance would serve the home full-time, whether you are there or not. Make that the only DNS and you're set.

Jorgsmash · March 29, 2019, 4:42pm

Sorry I didn't clarify, I leave my laptop at home. I rarely take it anywhere but once in a blue moon I will take it somewhere. I have had issues in the past though where if I set the DNS as the pihole IP and don't set up a secondary that the Internet breaks if my laptop goes offline. I'm also constantly connecting the Host OS (Windows 10) to various VPN servers so that will sometimes throw things off. I think the Pi Zero is a good idea. But what do you think is happening that the pihole seems to be working, clients have internet, but DNS resolution fails and I can't update the Ubuntu VM OS or Pihole?

$ sudo apt update
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Temporary failure resolving 'archive.ubuntu.com'
0% [Working]

jfb · March 29, 2019, 4:48pm

If the VM is using Pi-Hole as DNS, if Pi-Hole is down then the VM can't reach the internet. What are the contents of /etc/resolv.conf on the VM?

Jorgsmash · March 29, 2019, 5:27pm

The VM is Ubuntu and PiHole is installed on it. But Pi-hole isn't down it's up and running.

$ cat /etc/resolv.conf
Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
   DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
127.0.0.53 is the systemd-resolved stub resolver.
run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.1
options edns0

=============
~$ pihole status

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
=============

Jorgsmash · March 31, 2019, 5:26pm

I have been trying to get my VM to be able to reach out to the Internet today. I have made various changes to the VM settings and am still unable to get out to the Internet. Here are some of my configurations. Changing the upstream DNS servers hasn't helped. Can anyone see anything wrong with my config? I would like to change the system DNS settings just to see if this resolves the issue. I am running Ubuntu 18.04 so I have changed the DNS settings using netplan:

$ cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        enp0s3:
            addresses: [192.168.0.5/24]
            gateway4: 192.168.0.1
            nameservers:
               addresses: [8.8.8.8, 8.8.4.4]
#               addresses: [1.1.1.1, 1.0.0.1]
            dhcp4: no
    version: 2

However these changes don't seem to be working. The above request for the contents of /etc/resolv.conf show dns set to loopback:

jorg@hogwarts-pihole:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.1
options edns0
jorg@hogwarts-pihole:~$

$ pihole status
[sudo] password for jorg:
  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
jorg@hogwarts-pihole:~$ cat /etc/dnsmasq.d/01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
###############################################################################

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list


localise-queries


no-resolv



cache-size=10000

log-queries
log-facility=/var/log/pihole.log

local-ttl=2

log-async

# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
server=176.103.130.130#53
server=176.103.130.131#53
domain-needed
bogus-priv
interface=enp0s3
server=/Hogwarts.academy/192.168.0.1
server=/0.168.192.in-addr.arpa/192.168.0.1
jorg@hogwarts-pihole:~$ cat /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=enp0s3
IPV4_ADDRESS=192.168.0.5/24
IPV6_ADDRESS=2601:c6:c880:608:a00:27ff:fee1:d026
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
TEMPERATUREUNIT=F
WEBUIBOXEDLAYOUT=boxed
BLOCKING_ENABLED=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=176.103.130.130#53
PIHOLE_DNS_2=176.103.130.131#53
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=true
CONDITIONAL_FORWARDING_IP=192.168.0.1
CONDITIONAL_FORWARDING_DOMAIN=Hogwarts.academy
CONDITIONAL_FORWARDING_REVERSE=0.168.192.in-addr.arpa

system · April 21, 2019, 5:26pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.