PiHole out of the box NOT WORKING

Please follow the below template, it will help us to help you!

Expected Behaviour:

After installing PiHole on a freshly installed Rasbian Buster Lite image it should work right out of the box.

Actual Behaviour:

Installation ends with "DNS Resolution is not available".

Note that this is a fresh installed OS on a RPi 3. Directly after installing the OS, Pi-Hole is installed and this fails. So I think that there is a major problem with the installation!!!

I fixed my install by updating DNS 127.0.0.1 in resolv.conf and dhcpcd.conf to my routers ip. Then I started pihole update. Update runs, sees an updated core, downloads it, starts installing it but the update also fails with "DNS Resolution is not available". Update has changed back the DNS changes that I mode.

...

[βœ“] Installing latest logrotate script
[i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old
[βœ“] man pages installed and database updated
[i] Testing if systemd-resolved is enabled
[i] Systemd-resolved is not enabled
[βœ“] Restarting lighttpd service...
[βœ“] Enabling lighttpd service to start on reboot...
[i] Restarting services...
[βœ“] Enabling pihole-FTL service to start on reboot...
[βœ“] Restarting pihole-FTL service...
[βœ“] Deleting existing list cache
[i] Pi-hole blocking is enabled
[βœ—] DNS resolution is currently unavailable
[βœ—] DNS resolution is not available

I really think that the current version of Pi-Hole is broken!!!

Are you able to provide us with a debug token please? pihole -d to generate one. If it does not allow you to upload it, you can temporarily add a known working upstream server (such as 8.8.8.8) to your /etc/resolv.conf file and try again.

Not right now because Im at work so that will take a couple of hours. But I still found it important to make this post because it is a fresh install on a fresh Pi3. So I guess this is a problem for all new installs.... easy to try: take a Pi3, burn a Rasbian Buster Lite image to SD, boot it and install Pi-Hole.... it just does not work!

In your experience, perhaps, but we certainly would have heard something by now if it was a widespread problem.

When we released 4.4 last night, I installed on a fresh pi with no issues, so... sample size of one saying there is an issue is not enough to cause panic just yet. Not saying there isn't an issue, but we'll need some more details about your particular system to fully diagnose :slight_smile:

Ok, here is the debug token output (thanks to my wife who was able to turn on my PC at home). Indeed I had to modify resolv.conf to my routers IP before I could upload.

Debug token:
https://tricorder.pi-hole.net/pon5rz3x6j

I would be amazed if this problem is related to anything I did because I did nothing except install a fresh OS (Rasbian buster lite) and then directly install pi-hole....

There are a few items of note in your debug log.

  1. Your gravity list is empty (nothing will be blocked).
*** [ DIAGNOSING ]: Gravity list

   -----head of gravity.list------

   -----tail of gravity.list------
  1. You have a significant number of queries being processed by Pi-Hole from localhost (the Pi platform itself). This is unusual.
   [2020-02-26 08:25:09.034 11081] Imported 30233 queries from the long-term database
   [2020-02-26 08:25:09.035 11081]  -> Total DNS queries: 30233
   [2020-02-26 08:25:09.035 11081]  -> Cached DNS queries: 0
   [2020-02-26 08:25:09.035 11081]  -> Forwarded DNS queries: 30233
   [2020-02-26 08:25:09.035 11081]  -> Exactly blocked DNS queries: 0
   [2020-02-26 08:25:09.035 11081]  -> Unknown DNS queries: 0
   [2020-02-26 08:25:09.035 11081]  -> Unique domains: 15
   [2020-02-26 08:25:09.035 11081]  -> Unique clients: 1
   [2020-02-26 08:25:09.035 11081]  -> Known forward destinations: 1
  1. The queries from localhost are for ntp time servers, with no reply from your upstream DNS servers. The queries repeat for lack of reply.
   -----head of pihole.log------
   Feb 26 00:00:04 dnsmasq[685]: query[A] 2.debian.pool.ntp.org from 127.0.0.1
   Feb 26 00:00:04 dnsmasq[685]: forwarded 2.debian.pool.ntp.org to 8.8.4.4
   Feb 26 00:00:04 dnsmasq[685]: forwarded 2.debian.pool.ntp.org to 8.8.8.8
   Feb 26 00:00:04 dnsmasq[685]: query[AAAA] 2.debian.pool.ntp.org from 127.0.0.1
   Feb 26 00:00:04 dnsmasq[685]: forwarded 2.debian.pool.ntp.org to 8.8.4.4
   Feb 26 00:00:04 dnsmasq[685]: forwarded 2.debian.pool.ntp.org to 8.8.8.8
   ....

When you set up your Pi and installed the OS, did you set the locale/timezone to your current location? Is the time on the Pi set correctly? (check with the date command).

Do you have any firewall rules that block outgoing port 53 traffic and would prevent Pi-Hole from communicating with your upstream servers?

What are the outputs of the following from the Pi terminal:

pihole status

ping -c3 8.8.8.8

ping -c3 dns.google.com

@Hasse
FWIW. I have "clean" installed Raspbian Buster Lite on four Raspberry Pi 3B+ & one Pi 0 wireless devices within the last two weeks. Then did a fresh install of Pi-hole and have not come across any issues doing so. They all worked "out-of-the-box" for me. In my case, my UniFi router is handling DHCP with the Pi's handling DNS.

Further, I have an all Ubiquiti UniFi network and it is configured with multiple VLANs. None of the network clients, on any of those VLANs, have had any issues accessing these Pi-holes.

I wanted to try out beta v5 on an old Pi 2 collecting dust.
No issues currently getting v4 installed:

dehakkelaar@laptop:~$ wget https://downloads.raspberrypi.org/raspbian_lite_latest -O raspbian_lite_latest.zip
[..]
2020-02-26 21:26:25 (3.05 MB/s) - β€˜raspbian_lite_latest.zip’ saved [454047405/454047405]

dehakkelaar@laptop:~$ zipinfo raspbian_lite_latest.zip
Archive:  raspbian_lite_latest.zip
Zip file size: 454047405 bytes, number of entries: 1
-rw-r--r--  3.0 unx 1849688064 bx defN 20-Feb-13 17:10 2020-02-13-raspbian-buster-lite.img
1 file, 1849688064 bytes uncompressed, 454047185 bytes compressed:  75.5%

dehakkelaar@laptop:~$ unzip raspbian_lite_latest.zip
Archive:  raspbian_lite_latest.zip
  inflating: 2020-02-13-raspbian-buster-lite.img

dehakkelaar@laptop:~$ lsblk
[..]
sdb                            8:16   1  14.9G  0 disk
β”œβ”€sdb1                         8:17   1    34M  0 part
β”œβ”€sdb2                         8:18   1  14.5G  0 part
└─sdb3                         8:19   1 245.5M  0 part

dehakkelaar@laptop:~$ sudo dd bs=4M if=2020-02-13-raspbian-buster-lite.img of=/dev/sdb conv=fsync
441+0 records in
441+0 records out
1849688064 bytes (1.8 GB, 1.7 GiB) copied, 154.401 s, 12.0 MB/s

dehakkelaar@laptop:~$ sync
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ rm 2020-02-13-raspbian-buster-lite.img
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ lsblk
[..]
sdb                            8:16   1  14.9G  0 disk
β”œβ”€sdb1                         8:17   1   256M  0 part
└─sdb2                         8:18   1  14.6G  0 part

dehakkelaar@laptop:~$ sudo mount /dev/sdb1 /mnt
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ sudo touch /mnt/ssh
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ sudo umount /mnt
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ sudo mount /dev/sdb2 /mnt
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ sudo tee -a /mnt/etc/dhcpcd.conf <<< $'interface eth0\n  static ip_address=10.0.0.4/24\n  static routers=10.0.0.1\n  static domain_name_servers=8.8.8.8'
interface eth0
  static ip_address=10.0.0.4/24
  static routers=10.0.0.1
  static domain_name_servers=8.8.8.8

dehakkelaar@laptop:~$ sudo umount /mnt
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ sync
dehakkelaar@laptop:~$

dehakkelaar@laptop:~$ ping 10.0.0.4
[..]
From 10.0.0.220 icmp_seq=17 Destination Host Unreachable
From 10.0.0.220 icmp_seq=18 Destination Host Unreachable
64 bytes from 10.0.0.4: icmp_seq=19 ttl=64 time=3377 ms
64 bytes from 10.0.0.4: icmp_seq=20 ttl=64 time=2353 ms

dehakkelaar@laptop:~$ ssh pi@10.0.0.4
[..]
pi@raspberrypi:~ $

pi@raspberrypi:~ $ sudo dpkg-reconfigure tzdata

Current default time zone: 'Europe/Amsterdam'
Local time is now:      Wed Feb 26 22:39:41 CET 2020.
Universal Time is now:  Wed Feb 26 21:39:41 UTC 2020.

pi@raspberrypi:~ $ sudo hostnamectl set-hostname phb5.dehakkelaar.nl
pi@raspberrypi:~ $

pi@raspberrypi:~ $ sudo sed 's/raspberrypi/phb5.dehakkelaar.nl/' -i /etc/hosts
sudo: unable to resolve host phb5.dehakkelaar.nl: Name or service not known

pi@raspberrypi:~ $ cat /etc/hosts
[..]
127.0.1.1               phb5.dehakkelaar.nl

pi@raspberrypi:~ $ sudo apt update && sudo apt upgrade
[..]
Processing triggers for dbus (1.12.16-1) ...
Processing triggers for libc-bin (2.28-10+rpi1) ...
Processing triggers for initramfs-tools (0.133+deb10u1) ...
pi@raspberrypi:~ $

pi@raspberrypi:~ $ sudo reboot
Connection to 10.0.0.4 closed by remote host.
Connection to 10.0.0.4 closed.

dehakkelaar@laptop:~$ ssh pi@10.0.0.4
[..]
pi@phb5:~ $

pi@phb5:~ $ hostnamectl
   Static hostname: phb5.dehakkelaar.nl
         Icon name: computer
        Machine ID: bf6xxxxxxxxxxxxxxxxxxxxxxxxxx25d
           Boot ID: a57xxxxxxxxxxxxxxxxxxxxxxxxxx25e
  Operating System: Raspbian GNU/Linux 10 (buster)
            Kernel: Linux 4.19.97-v7+
      Architecture: arm

pi@phb5:~ $ timedatectl
               Local time: Wed 2020-02-26 22:58:04 CET
           Universal time: Wed 2020-02-26 21:58:04 UTC
                 RTC time: n/a
                Time zone: Europe/Amsterdam (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

pi@phb5:~ $ curl -sSL https://install.pi-hole.net | bash
[..]
  [i] The install log is located at: /etc/pihole/install.log
Installation Complete!

pi@phb5:~ $ pihole -a -p
Enter New Password (Blank for no password):
  [βœ“] Password Removed

pi@phb5:~ $ pihole status
  [βœ“] DNS service is running
  [βœ“] Pi-hole blocking is Enabled

pi@phb5:~ $ pihole -v
  Pi-hole version is v4.4 (Latest: v4.4)
  AdminLTE version is v4.3.3 (Latest: v4.3.3)
  FTL version is v4.3.1 (Latest: v4.3.1)

pi@phb5:~ $ host pi.hole $(hostname -i)
Using domain server:
Name: 127.0.1.1
Address: 127.0.1.1#53
Aliases:

pi.hole has address 10.0.0.4

pi@phb5:~ $ host pi.hole $(hostname -I)
Using domain server:
Name: 10.0.0.4
Address: 10.0.0.4#53
Aliases:

pi.hole has address 10.0.0.4

pi@phb5:~ $ host doubleclick.com
doubleclick.com has address 0.0.0.0
doubleclick.com has IPv6 address ::
[..]

pi@phb5:~ $ host pi-hole.net
pi-hole.net has address 206.189.252.21
pi-hole.net has IPv6 address 2604:a880:400:d0::1071:1
[..]

pi@phb5:~ $ curl -I http://10.0.0.4/admin/
HTTP/1.1 200 OK
Set-Cookie: PHPSESSID=105xxxxxxxxxx104; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-type: text/html; charset=UTF-8
X-Pi-hole: The Pi-hole Web interface is working!
X-Frame-Options: DENY
Date: Wed, 26 Feb 2020 22:10:15 GMT
Server: lighttpd/1.4.53

pi@phb5:~ $ nc localhost 4711 <<< $'>stats >quit'
domains_being_blocked 125233
dns_queries_today 34
ads_blocked_today 6
ads_percentage_today 17.647058
unique_domains 9
queries_forwarded 14
queries_cached 14
clients_ever_seen 2
unique_clients 2
dns_queries_all_types 34
reply_NODATA 6
reply_NXDOMAIN 1
reply_CNAME 11
reply_IP 15
privacy_level 0
status enabled

As requested:

pi@raspberrypi:~ $ nslookup tweakers.net
;; connection timed out; no servers could be reached

pi@raspberrypi:~ $ date
Thu 27 Feb 19:43:23 CET 2020
pi@raspberrypi:~ $ pihole status
  [βœ“] DNS service is running
  [βœ“] Pi-hole blocking is Enabled
pi@raspberrypi:~ $ ping -c3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=8.41 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=7.24 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=7.22 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 7.219/7.623/8.408/0.555 ms
pi@raspberrypi:~ $ ping -c3 dns.google.com
ping: dns.google.com: Temporary failure in name resolution
pi@raspberrypi:~ $

I corrected my timezone, it was on London, should be Amsterdam. But didn't make a difference.

It is really intriging that the same software on the same hardware behaves differently.....

Whats output for below three (might want to redact some with that last one) ?

sudo iptables -nL

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '

sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort

pi@raspberrypi:~ $ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      30844/pihole-FTL
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      30625/lighttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      30844/pihole-FTL
tcp6       0      0 ::1:4711                :::*                    LISTEN      30844/pihole-FTL
tcp6       0      0 :::80                   :::*                    LISTEN      30625/lighttpd
tcp6       0      0 :::53                   :::*                    LISTEN      30844/pihole-FTL
udp        0      0 0.0.0.0:53              0.0.0.0:*                           30844/pihole-FTL
udp6       0      0 :::53                   :::*                                30844/pihole-FTL
pi@raspberrypi:~ $ sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=8.8.4.4
/etc/dnsmasq.d/01-pihole.conf:server=8.8.8.8
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/
pi@raspberrypi:~ $

host pi.hole $(hostname -i)

host pi.hole $(hostname -I)

cat /etc/resolv.conf

What OS does your client run ?

What's that last line trying to achieve in there?

I can confirm that my nslookup and ping both fail in the same way than yours in your earlier post if I have that line only in my 01-pihole.conf.

EDIT: Disabling Firefox DoH, as deHakkelaar explains below, so it's a sane setting, unless it is the only server (and you have two others in your setup).

From a fresh install:

pi@phb5:~ $ sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-service
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=149.112.112.10
/etc/dnsmasq.d/01-pihole.conf:server=9.9.9.10
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/

Ow now remember ... block/disable DoH ???

https://duckduckgo.com/?t=ffsb&q=use-application-dns.net&ia=web

EDIT:

1 Like
pi@raspberrypi:~ $ host pi.hole $(hostname -i)
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ host pi.hole $(hostname -i)
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
pi@raspberrypi:~ $

Above you entered the same command twice (notice the capital I):

Try again:

host pi.hole 127.0.0.1

And below substituting <PIHOLE_IP_ADDRESS> with actual one:

host pi.hole <PIHOLE_IP_ADDRESS>

Can you post output for below ones too please ?

ip a

cat /etc/hosts

pi@raspberrypi:~ $ host pi.hole 127.0.0.1
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ host pi.hole 10.0.0.128
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:d3:95:80 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.128/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 2001:980:3a0d:1:ad5:1538:ee24:e1b/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 6852sec preferred_lft 3252sec
    inet6 fe80::a43a:c108:24bd:1fc2/64 scope link
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether b8:27:eb:86:c0:d5 brd ff:ff:ff:ff:ff:ff
pi@raspberrypi:~ $ cat /etc/hosts
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1               raspberrypi
pi@raspberrypi:~ $

Is the pihole-FTL binary still listening on all IP's 0.0.0.0 for DNS port 53 ?

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '

EDIT: ow and try change into below setting on the Pi-hole web GUI settings:

image

And try do the DNS lookups again:

host pi.hole 127.0.0.1

host pi.hole 10.0.0.128

pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      30844/pihole-FTL
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      30625/lighttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      30844/pihole-FTL
tcp6       0      0 ::1:4711                :::*                    LISTEN      30844/pihole-FTL
tcp6       0      0 :::80                   :::*                    LISTEN      30625/lighttpd
tcp6       0      0 :::53                   :::*                    LISTEN      30844/pihole-FTL
udp        0      0 0.0.0.0:53              0.0.0.0:*                           30844/pihole-FTL
udp6       0      0 :::53                   :::*                                30844/pihole-FTL
pi@raspberrypi:~ $

Setting listening to all interfaces didnt change a thing:


pi@raspberrypi:~ $ host pi.hole 127.0.0.1
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ host pi.hole 10.0.0.128
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $