Pihole is not working - Help

Please follow the below template, it will help us to help you!

Hi,
I have PiVPN installed on my Pi 2 and I am running 4 instances of PiVPN on TCP/UDP ports 80 and 443. I have these ports open to the world so I can connect to my home net on the move.
I recently installed pi-hole and followed the instructions but when I check pihole status, it comes up with an error DNS is not running. I have no firewall on the Pi and all the iptables are at default settings except under /etc/iptables/rules.v4 where under postrouting I have the following lines for my pivpn traffic.

-A POSTROUTING -s 10.7.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE

Also, is it possible that I can utilise pihole DHCP rather than BT Smarthub DHCP in my case once pihole starts to work?

Also, does pihole works on ipv6 as I have that running on my network? if yes, how can this be achieved?

Recently I installed Pi-Hole and followed all the instructions. I also have BT Smarthub 6 which does not allow custom DNS settings. What I would like to do is to run the pihole alongside pivpn so I can use pihole on LAN and over the PiVPN. I am happy to provide any other logs etc. as required and even happy to utilise port 80 for pihole if the need be. I have not opened any other ports on my router just FYI.

Expected Behaviour:

After pi-hole installation, I was expecting it to run at least on my LAN first however that is not the case. Admin page would not load and if I check pihole status it comes up with an error DNS is not working.

Actual Behaviour:

pihole is not working.

Debug Token:

32g8c4fl1p

You can start, stop the dnsmasq DNS service with below two:

sudo service dnsmasq start

sudo service dnsmasq stop

And below one will display status:

sudo service dnsmasq status

Below one confirms relevant Pi-hole daemons running:

$ sudo netstat -nltup | grep 'Proto\|lighttpd\|dnsmasq\|pihole-FTL'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      481/pihole-FTL
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      790/lighttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      24640/dnsmasq
tcp6       0      0 :::80                   :::*                    LISTEN      790/lighttpd
tcp6       0      0 :::53                   :::*                    LISTEN      24640/dnsmasq
udp        0      0 0.0.0.0:53              0.0.0.0:*                           24640/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           24640/dnsmasq
udp6       0      0 :::53                   :::*                                24640/dnsmasq

Ps. Pi-hole uses port 80 TCP for redirecting ads to the local running lighttpd web daemon returning semi blank page (plus lighttpd provides the admin page).

Forgot to mention, lighttpd provides the admin page on port 80 TCP.
Whats running now on the relevant ports ?

sudo netstat -nltup | grep ':4711 \|:80 \|:53 \|:67 '

Hi Thanks for getting back to me so quickly.

This is what I get when using the start command.
$ sudo service dnsmasq start
Job for dnsmasq.service failed. See 'systemctl status dnsmasq.service' and 'journalctl -xn' for details.

sudo netstat -nltup | grep ':4711 |:80 |:53 |:u67 shows nothing....

What is displayed if you follow the instructions ?

Typo ?
Thats not same as my line and am missing port 80 from your PiVPN.
What if you just do without grep:

sudo netstat -nltup

Here is the output from the above two commands:

$ sudo netstat -nltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 693/openvpn
tcp 0 0 0.0.0.0:51413 0.0.0.0:* LISTEN 878/transmission-da
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 698/openvpn
tcp 0 0 0.0.0.0:2300 0.0.0.0:* LISTEN 874/sshd
tcp 0 0 0.0.0.0:9091 0.0.0.0:* LISTEN 878/transmission-da
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN 1085/minidlnad
tcp6 0 0 :::51413 :::* LISTEN 878/transmission-da
tcp6 0 0 :::21 :::* LISTEN 904/vsftpd
tcp6 0 0 :::2300 :::* LISTEN 874/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 872/dhcpcd
udp 0 0 0.0.0.0:80 0.0.0.0:* 699/openvpn
udp 0 0 192.168.1.86:44625 0.0.0.0:* 1085/minidlnad
udp 0 0 0.0.0.0:56946 0.0.0.0:* 648/avahi-daemon: r
udp 0 0 192.168.1.86:123 0.0.0.0:* 1017/ntpd
udp 0 0 10.9.0.1:123 0.0.0.0:* 1017/ntpd
udp 0 0 10.8.0.1:123 0.0.0.0:* 1017/ntpd
udp 0 0 10.7.0.1:123 0.0.0.0:* 1017/ntpd
udp 0 0 10.10.0.1:123 0.0.0.0:* 1017/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1017/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1017/ntpd
udp 0 0 10.10.0.1:58557 0.0.0.0:* 1085/minidlnad
udp 0 0 0.0.0.0:51413 0.0.0.0:* 878/transmission-da
udp 0 0 0.0.0.0:5353 0.0.0.0:* 648/avahi-daemon: r
udp 0 0 10.8.0.1:55546 0.0.0.0:* 1085/minidlnad
udp 0 0 0.0.0.0:1900 0.0.0.0:* 1085/minidlnad
udp 0 0 0.0.0.0:1900 0.0.0.0:* 978/minissdpd
udp 0 0 0.0.0.0:443 0.0.0.0:* 702/openvpn
udp 0 0 10.7.0.1:54243 0.0.0.0:* 1085/minidlnad
udp6 0 0 :::47629 :::* 648/avahi-daemon: r
udp6 0 0 fe11::ga:cg63:c2t3::123 :::* 1017/ntpd
udp6 0 0 fe11::c74f:289c:5a8:123 :::* 1017/ntpd
udp6 0 0 fe11::aeae:9ddd:698:123 :::* 1017/ntpd
udp6 0 0 fe11::201b:cc79:2n3:123 :::* 1017/ntpd
udp6 0 0 ::1:123 :::* 1017/ntpd
udp6 0 0 :::123 :::* 1017/ntpd
udp6 0 0 :::5353 :::* 648/avahi-daemon: r

sudo netstat -nltup | grep ' :4711 |:80 |:53 |:67 ' shows

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 693/openvpn
udp 0 0 0.0.0.0:80 0.0.0.0:* 699/openvpn

And below bit ?
Might need to drop sudo before the commands.

Realize that if you run openvpn on port 80 TCP, the lighttpd daemon wont start and you wont be able to see the admin or blocking web pages.

systemctl status dnsmasq.servic
● dnsmasq.servic.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)

systemctl status dnsmasq.service
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
Drop-In: /run/systemd/generator/dnsmasq.service.d
└─50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
Active: failed (Result: exit-code) since Wed 2017-08-23 22:39:43 BST; 20s ago
Process: 8505 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=1/FAILURE)

$ journalctl -xn
No journal files were found.

I will try the option on port share on the pivpn config file where it allows the openvpn traffic to come to pivpn and other http traffic to go to whichever service is listening....not sure if it would work....if it doesn't I will switch off pivpn instances for tcp/udp at port 80 and reconfigure the pihole to see if it works.....

Just tested, if put "sudo" in front of first status command, it will show bit more info ?
But did the installer finish at all or did it encounter errors as nothing is running, no dnsmasq, no lighttpd and no FTL ?

hi, Sorry been busy with work. The installer showed no errors at all. I don't know if its helpful but I am running a headless pi with raspbian lite. I will post the errors by using sudo...shortly.

This is what the commands show...I have already done two installations but I have not yet turned off openvpn port 80 which I am planning to do this weekend. May be I will uninstall and reinstall pihole once i have made openpvn port 80 available.
In the meantime if you have any suggestions, please do let me know.

pi@hugo_server:~ $ pihole status
::: DNS service is NOT running
pi@hugo_server:~ $ pihole enable
::: Blocking has been enabled!
Job for dnsmasq.service failed. See 'systemctl status dnsmasq.service' and 'journalctl -xn' for details.
pi@hugo_server:~ $ sudo systemctl status dnsmasq.service
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
Drop-In: /run/systemd/generator/dnsmasq.service.d
└─50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
Active: failed (Result: exit-code) since Fri 2017-08-25 10:37:02 BST; 38s ago
Process: 13247 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=1/FAILURE)

Aug 25 10:37:02 hugo_server dnsmasq[13247]: dnsmasq: illegal repeated keyword at...fAug 25 10:37:02 hugo_server systemd[1]: dnsmasq.service: control process exited...=1Aug 25 10:37:02 hugo_server systemd[1]: Failed to start dnsmasq - A lightweight...r.Aug 25 10:37:02 hugo_server systemd[1]: Unit dnsmasq.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
pi@hugo_server:~ $ sudo journalctl -xn
-- Logs begin at Wed 2017-08-23 15:41:33 BST, end at Fri 2017-08-25 10:38:15 BST. --Aug 25 10:37:02 hugo_server systemd[1]: Failed to start dnsmasq - A lightweight DHCP-- Subject: Unit dnsmasq.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Unit dnsmasq.service has failed.

-- The result is failed.
Aug 25 10:37:02 hugo_server systemd[1]: Dependency failed for Host and Network Name -- Subject: Unit nss-lookup.target has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Unit nss-lookup.target has failed.

-- The result is dependency.
Aug 25 10:37:02 hugo_server sudo[13236]: pam_unix(sudo:session): session closed for Aug 25 10:37:02 hugo_server systemd[1]: Unit dnsmasq.service entered failed state.
Aug 25 10:37:41 hugo_server sudo[13253]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ;Aug 25 10:37:41 hugo_server sudo[13253]: pam_unix(sudo:session): session opened for Aug 25 10:37:41 hugo_server sudo[13253]: pam_unix(sudo:session): session closed for Aug 25 10:38:15 hugo_server sudo[13262]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ;Aug 25 10:38:15 hugo_server sudo[13262]: pam_unix(sudo:session): session opened for lines 1-24/24 (END)...skipping...
-- Logs begin at Wed 2017-08-23 15:41:33 BST, end at Fri 2017-08-25 10:38:15 BST. --Aug 25 10:37:02 hugo_server systemd[1]: Failed to start dnsmasq - A lightweight DHCP-- Subject: Unit dnsmasq.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Logs begin at Wed 2017-08-23 15:41:33 BST, end at Fri 2017-08-25 10:38:15 BST. --Aug 25 10:37:02 hugo_server systemd[1]: Failed to start dnsmasq - A lightweight DHCP-- Subject: Unit dnsmasq.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
-- Unit dnsmasq.service has failed.

-- The result is failed.
Aug 25 10:37:02 hugo_server systemd[1]: Dependency failed for Host and Network Name -- Subject: Unit nss-lookup.target has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
-- Unit nss-lookup.target has failed. -- -- The result is dependency. Aug 25 10:37:02 hugo_server sudo[13236]: pam_unix(sudo:session): session closed for Aug 25 10:37:02 hugo_server systemd[1]: Unit dnsmasq.service entered failed state. Aug 25 10:37:41 hugo_server sudo[13253]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ;Aug 25 10:37:41 hugo_server sudo[13253]: pam_unix(sudo:session): session opened for Aug 25 10:37:41 hugo_server sudo[13253]: pam_unix(sudo:session): session closed for Aug 25 10:38:15 hugo_server sudo[13262]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ;Aug 25 10:38:15 hugo_server sudo[13262]: pam_unix(sudo:session): session opened for ~
~
~
~
-- Logs begin at Wed 2017-08-23 15:41:33 BST, end at Fri 2017-08-25 10:38:15 BST. --Aug 25 10:37:02 hugo_server systemd[1]: Failed to start dnsmasq - A lightweight DHCP-- Subject: Unit dnsmasq.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Unit dnsmasq.service has failed.
-- -- The result is failed. Aug 25 10:37:02 hugo_server systemd[1]: Dependency failed for Host and Network Name -- Subject: Unit nss-lookup.target has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Unit nss-lookup.target has failed.

-- The result is dependency. Aug 25 10:37:02 hugo_server sudo[13236]: pam_unix(sudo:session): session closed for Aug 25 10:37:02 hugo_server systemd[1]: Unit dnsmasq.service entered failed state.
Aug 25 10:37:41 hugo_server sudo[13253]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ;Aug 25 10:37:41 hugo_server sudo[13253]: pam_unix(sudo:session): session opened for Aug 25 10:37:41 hugo_server sudo[13253]: pam_unix(sudo:session): session closed for Aug 25 10:38:15 hugo_server sudo[13262]: pi : TTY=pts/0 ; PWD=/home/pi ; USER=root ;Aug 25 10:38:15 hugo_server sudo[13262]: pam_unix(sudo:session): session opened for

Not sure if its worth much but ill chuck in my minimal experience...

I don't understand why you need any port other than one for the VPN open?
By default I think its 1194?

I have Pi-hole and OpenVPN (installed via PiVPN) running on my Model B 1+ and it works great.
Can connect to home when away and have full network access. Along with adverts blocked when on public WiFi or mobile data.

I think I had to edit /etc/openvpn/server.conf to make sure VPN connections are routed through the pihole.

Can you up the log level to debug for systemd:

echo "LogLevel=debug" | sudo tee -a /etc/systemd/system.conf

Reboot:

sudo reboot

And post results from below one again (with -l option added):

sudo systemctl status dnsmasq.service -l

And please use the code tags (preformated text) when posting the output here as your posting above is very hard to read!

:::I have turned off openvpn on port 80 and reconfigured pihole. following is the log when i did the reconfig and it looks like FTL Engine is not installed.
::: You are root.
::: Reconfigure option selected
::: Verifying free disk space...
:::
::: Updating local cache of available packages... done!
:::
::: Checking apt-get for upgraded packages.... done!
:::
::: There are 63 updates available for your system!
::: We recommend you update your OS after installing Pi-hole!
:::
::: Checking for apt-utils... installed!
::: Checking for dialog... installed!
::: Checking for debconf... installed!
::: Checking for dhcpcd5... installed!
::: Checking for git... installed!
::: Checking for iproute2... installed!
::: Checking for whiptail... installed!
:::
::: Stopping dnsmasq service... done.
:::
::: Stopping lighttpd service... done.
::: Using interface: eth0
::: Using Google DNS servers.
::: Static IP already configured
::: Found IPv6 GUA address, using it for blocking IPv6 ads
::: IPv4 address: 192.168.1.86/24
::: IPv6 address: 2a22:23c7:202:4e00:ab78:4e76:dd66:c53a
::: Web Interface On.
::: Logging On.
::: --reconfigure passed to install script. Resetting changes to local repos
::: Resetting repo in /etc/.pihole... done!
::: Resetting repo in /var/www/html/admin... done!
::: Checking for bc... installed!
::: Checking for cron... installed!
::: Checking for curl... installed!
::: Checking for dnsmasq... installed!
::: Checking for dnsutils... installed!
::: Checking for iputils-ping... installed!
::: Checking for lsof... installed!
::: Checking for netcat... installed!
::: Checking for sudo... installed!
::: Checking for unzip... installed!
::: Checking for wget... installed!
::: Checking for lighttpd... installed!
::: Checking for php5-common... installed!
::: Checking for php5-cgi... installed!
::: Checking if user 'pihole' exists...
::: User 'pihole' already exists
:::
::: Installing scripts from /etc/.pihole... done.
:::
::: Installing configs from /etc/.pihole...
::: Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
::: Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf... done.
:::
::: Creating log file and changing owner to dnsmasq... already exists!
:::
::: Installing pihole custom index page...
::: Existing index.php detected, not overwriting
::: Existing index.js detected, not overwriting
::: Existing blockingpage.css detected, not overwriting
:::
::: Installing sudoer file... done!
:::
::: Installing latest Cron script... done!
:::
::: Installing latest logrotate script... done!
:::
::: Downloading latest version of FTL...
::: Detected ARM-hf architecture (armv7+)
::: Installing FTL... failed (error in getting latest release location from GitHub)
::: FTL Engine not installed.
:::
::: Skipping firewall configuration.
::: Restarting services...
:::
::: Starting dnsmasq service...pi@hugo_server:~ $ apt-get install FTL
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package FTL

This is the log from your command.

pi@hugo_server:~ $ sudo systemctl status dnsmasq.service -l
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled)
Drop-In: /run/systemd/generator/dnsmasq.service.d
└─50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
Active: failed (Result: exit-code) since Sat 2017-08-26 10:12:54 BST; 52s ago
Process: 873 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=1/FAILURE)

Aug 26 10:12:53 hugo_server systemd[1]: dnsmasq.service changed dead -> start-pre
Aug 26 10:12:54 hugo_server systemd[1]: Child 873 belongs to dnsmasq.service
Aug 26 10:12:54 hugo_server systemd[1]: dnsmasq.service: control process exited, code=exited status=1
Aug 26 10:12:54 hugo_server systemd[1]: dnsmasq.service got final SIGCHLD for state start-pre
Aug 26 10:12:54 hugo_server systemd[1]: dnsmasq.service changed start-pre -> failed
Aug 26 10:12:54 hugo_server systemd[1]: Job dnsmasq.service/start finished, result=failed
Aug 26 10:12:54 hugo_server systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Aug 26 10:12:54 hugo_server systemd[1]: Unit dnsmasq.service entered failed state.
Aug 26 10:12:54 hugo_server systemd[1]: dnsmasq.service: cgroup is empty
Aug 26 10:12:54 hugo_server dnsmasq[873]: dnsmasq: illegal repeated keyword at line 40 of /etc/dnsmasq.d/01-pihole.conf

Valiceemo,

I use port 80 or 443 when I am behind restricted firewalls which do not allow UDP or vpn unless its hidden within TCP port. 80 and 443 are used by most websites/servers hence they are always open on any firewall.

Just an update:

  1. I stopped port 80
  2. reinstalled pihole
  3. it wasn't working something was wrong with dnsmasq
  4. don't know what I did with dnsmasq but now my pihole is working. Hurray!

Thank you for your help. I am going to enable DHCP on pihole and then work on making it work via pivpn. Will be back shortly if I get stuck. Please don't close this yet!

So I have got the pihole running and I have made the following changes in the following files:

  1. So I made a few copies of this file /etc/dnsmasq.d/01-pihole.conf and gave them newname.conf and changed the interface to tun0 and tun1 in two separate files.
  2. I went to respective openvpn config files here /etc/openvpn/server.conf and changed the push "dhcp-option DNS [192.168.1.86]" **This is the static ip of the raspberry pi and
    push "redirect-gateway def1"
    Question: do I need to state 192.168.1.86 or 10.8.0.1 here?
  3. Then I updated /etc/dnsmasq.conf with
    listen-address=127.0.0.1, 192.168.0.13, 10.8.0.1, 10.9.0.1
  4. Then I went and updated *I can't remember the file name but I uncommented a line to say it should look at all *.conf files in the /etc/dnsmasq.d/ directory.

Now when I restart the dnsmasq service it throws an error saying there is illegal entry in 02-pihole.conf and 03-pihole.conf. I have looked through the files but I cannot see what is illegal as they are the exact copies of 01-pihole.conf.

If I remove the 02 and 03.conf files, pihole and dns start to work again but If I don't delete these files it keeps popping the above error.

Can you please help as I would really like to run the pivpn in conjunction with pihole for my mobiles.

BTW I am running pihole's DHCP server.

Thanks in advance.

If you first get Pi-hole to work, you can change the listening behaviour on the admin web page:

image

Default, dnsmasq does that already with the "conf-dir=/etc/dnsmasq.d" directive in the file "/etc/dnsmasq.conf".

What is the exact error ?

sudo systemctl status dnsmasq -l

Those 3 configuration files belong to Pi-hole and should not be altered manually (next time Pi-hole runs an update, alterations will be gone again).
And they for certain should not be exact copies of the "01-pihole.conf" file.
If they are exact copies now, you could try restore the files with below one and choose reconfigure:

pihole -r

Brilliant stuff.
just by turning on listening on all ports it seems to work on vpn.

Thank you.