Whats output for below three (might want to redact some with that last one) ?
sudo iptables -nL
sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '
sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort
pi@raspberrypi:~ $ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 30844/pihole-FTL
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30625/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 30844/pihole-FTL
tcp6 0 0 ::1:4711 :::* LISTEN 30844/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 30625/lighttpd
tcp6 0 0 :::53 :::* LISTEN 30844/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 30844/pihole-FTL
udp6 0 0 :::53 :::* 30844/pihole-FTL
pi@raspberrypi:~ $ sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=8.8.4.4
/etc/dnsmasq.d/01-pihole.conf:server=8.8.8.8
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/
pi@raspberrypi:~ $host pi.hole $(hostname -i)
host pi.hole $(hostname -I)
cat /etc/resolv.conf
What OS does your client run ?
What's that last line trying to achieve in there?
I can confirm that my nslookup and ping both fail in the same way than yours in your earlier post if I have that line only in my 01-pihole.conf.
EDIT: Disabling Firefox DoH, as deHakkelaar explains below, so it's a sane setting, unless it is the only server (and you have two others in your setup).
From a fresh install:
pi@phb5:~ $ sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-service
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=149.112.112.10
/etc/dnsmasq.d/01-pihole.conf:server=9.9.9.10
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/
Ow now remember ... block/disable DoH ???
https://duckduckgo.com/?t=ffsb&q=use-application-dns.net&ia=web
EDIT:
1 Like
pi@raspberrypi:~ $ host pi.hole $(hostname -i)
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ host pi.hole $(hostname -i)
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
pi@raspberrypi:~ $Above you entered the same command twice (notice the capital I):
Try again:
host pi.hole 127.0.0.1
And below substituting <PIHOLE_IP_ADDRESS> with actual one:
host pi.hole <PIHOLE_IP_ADDRESS>
Can you post output for below ones too please ?
ip a
cat /etc/hosts
pi@raspberrypi:~ $ host pi.hole 127.0.0.1
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ host pi.hole 10.0.0.128
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:d3:95:80 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.128/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 2001:980:3a0d:1:ad5:1538:ee24:e1b/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 6852sec preferred_lft 3252sec
inet6 fe80::a43a:c108:24bd:1fc2/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b8:27:eb:86:c0:d5 brd ff:ff:ff:ff:ff:ff
pi@raspberrypi:~ $ cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 raspberrypi
pi@raspberrypi:~ $Is the pihole-FTL binary still listening on all IP's 0.0.0.0 for DNS port 53 ?
sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '
EDIT: ow and try change into below setting on the Pi-hole web GUI settings:
And try do the DNS lookups again:
host pi.hole 127.0.0.1
host pi.hole 10.0.0.128
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 30844/pihole-FTL
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30625/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 30844/pihole-FTL
tcp6 0 0 ::1:4711 :::* LISTEN 30844/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 30625/lighttpd
tcp6 0 0 :::53 :::* LISTEN 30844/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 30844/pihole-FTL
udp6 0 0 :::53 :::* 30844/pihole-FTL
pi@raspberrypi:~ $Setting listening to all interfaces didnt change a thing:
pi@raspberrypi:~ $ host pi.hole 127.0.0.1
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ host pi.hole 10.0.0.128
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $
Have been staring at all the output but cant detect anything odd except for not responding to DNS queries with the host command.
Two options:
- Wait for someone that does know whats wrong;
- Try flash Buster fresh and setup Pi-hole again.
If want to start fresh, have a look at what I did to get Pi-hole installed:
Important bits, you can set a preferred static IP on the Pi before you install Pi-hole by editing below file:
sudo nano /etc/dhcpcd.conf
And append below bit at the bottom with your prefered IP, router and DNS server:
interface eth0
static ip_address=10.0.0.128/24
static routers=10.0.0.1
static domain_name_servers=8.8.8.8
Reboot and check IP with:
ip -4 a
Also check if can resolve Github:
host github.com
Afterwards, you can pretty much reply with "Enter" on all the questions asked during the Pi-hole install:
curl -sSL https://install.pi-hole.net | bash
I have installed pi-hole now 4 times from scratch on a complete newly downloaded and burned Rasbian Buster Lite image on a Raspberry Pi3. There is no other software running and the whole system is as clean as you possibly can imagine. I have shared every possible debug thing that could be thought of.
My conclusion: PiHole does not work at all.
I give up!
thanks.
@Hasse It is regrettable that you did not succeed in successful deployment of pi-hole despite significant efforts on your part. I know how frustrating this can be, but allow me to share my experience. In my quest for privacy and security I have been using pi-hole for about a year now in a home environment on two RPi 3B+ devices running the light-weight Debian image of DietPi (headless), and had no problems whatsoever. I also use unbound on both systems, but nothing else. I opted for the DietPi-image because I am by no means a linux expert, but I am not afraid of using the command line.
A while ago I have switched both RPi's to the beta release/5.0 of pi-hole and had no issues with updating it essentially on a daily basis as the developers fine-tune this release which I closely follow, great work! Two weeks ago I upgraded both RPis to the Debian buster image of DietPi, installed from scratch and booting from a USB-stick. I subsequently did a clean install of the stable branch of pi-hole and then switched to beta release/5.0 on both systems. I also upgraded unbound to version 1.90.2. I did not encounter any significant problems in the process and the systems have been running smooth ever since, including periodic updates of the beta release. I have made donations in support of this worthwhile effort.
This is regrettable to hear. Of course, Pi-hole does work, there are many many people all over the world that will attest to that 
So this whole thing is rather odd.
Now you may not be the only person that has fallen over at this hurdle, some others may have.. but they may not have said anything. Though that is impossible to tell.
I hope that at some point in the future you can try again. Maybe it's worth trying to install it in a virtual machine or a VPS, to see how that works out.
From the extensive findings, I'd think that this is neither Pi-hole nor client related.
I think that something in your network (either your router or a dedicated firewall device) is blocking access to block public facing DNS port 53, so your router would be the only device allowed to connect to e.g. 8.8.8.8.
If you cannot configure your device (i.e. router or firewall) to allow DNS traffic to public servers, setting your router as Pi-hole's only custom upstream server could provide a solution, as long as Pi-hole is not set as your router's upstream DNS server at the same time (normally, a WAN/Intenet setting).
Is this a case of DNS Rebind protection?
Rebind protection on the local loopback interface ?
Above one doesnt depend on upstream resolution
Shouldnt exclude anything oc.
Ah, very good.
Tried getent ahosts to list everything the local name services know about?
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.