Pihole reachable through 127.0.0.1, but not through network address

Help
1

Expected Behaviour:

I would expect
nslookup google.com 127.0.0.1
and
nslookup google.com 192.168.2.26
to give the same result. I'm using the network address shown by ifconfig and what I can see from my router interface.

Actual Behaviour:

What happens is that nslookup google.com 127.0.0.1 does work:

Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.3.174

But nslookup google.com 192.168.2.26 doesn't:

;; connection timed out; no servers could be reached

nslookup google.com -port=11154 127.0.0.1 (11154 being the port dnscrypt-proxy (that I use as my resolver) is set to)
and
nslookup google.com -port=11154 192.168.2.26
give similar results

More details

My /etc/resolv.conf gives

# Generated by resolvconf
nameserver 127.0.0.1

I've been using pihole for a while, so I'm quite surprised by this change. I'm using dnscrypt2 as resolver (although I regret it, much slower than dnscrypt, surprisingly).
At some point dnscrypt-proxy itself wouldn't work, but I think it was because the fallback resolver wasn't up anymore, I changed it and I could resolve with 127.0.0.1.

In "interface listening behavior", I have "Listen on all interfaces, permit all origins". (Pihole is hidden from the internet, and I remember setting it for dns resolving through vpn)

Querying an external dns works (9.9.9.9 for ex)

Debug Token:

956a7bbmme

Thanks for pihole and the help!

2

Have you tried restarting dnsmasq? sudo service dnsmasq restart

3

Yes, unfortunately it still doesn't work :confused:

4

What is the output of sudo netstat -tulpn

5

127.0.0.1:11154 is used by dnscrypt-proxy, and 0.0.0.0:53 by dnsmasq

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      596/pihole-FTL
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      1010/smbd
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      550/vncserver-x11-c
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      677/lighttpd
tcp        0      0 127.0.0.1:11154         0.0.0.0:*               LISTEN      1673/dnscrypt-proxy
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      9157/dnsmasq
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      622/sshd
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      1010/smbd
tcp        0      0 0.0.0.0:58846           0.0.0.0:*               LISTEN      876/python
tcp        0      0 0.0.0.0:6881            0.0.0.0:*               LISTEN      876/python
tcp6       0      0 ::1:4711                :::*                    LISTEN      596/pihole-FTL
tcp6       0      0 :::139                  :::*                    LISTEN      1010/smbd
tcp6       0      0 :::5900                 :::*                    LISTEN      550/vncserver-x11-c
tcp6       0      0 :::80                   :::*                    LISTEN      677/lighttpd
tcp6       0      0 ::1:11154               :::*                    LISTEN      1673/dnscrypt-proxy
tcp6       0      0 :::53                   :::*                    LISTEN      9157/dnsmasq
tcp6       0      0 :::22                   :::*                    LISTEN      622/sshd
tcp6       0      0 ::1:3350                :::*                    LISTEN      572/xrdp-sesman
tcp6       0      0 :::3389                 :::*                    LISTEN      618/xrdp
tcp6       0      0 :::445                  :::*                    LISTEN      1010/smbd
tcp6       0      0 :::6881                 :::*                    LISTEN      876/python
udp        0      0 10.8.0.1:1900           0.0.0.0:*                           876/python
udp        0      0 192.168.2.26:1900       0.0.0.0:*                           876/python
udp        0      0 127.0.0.1:1900          0.0.0.0:*                           876/python
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           876/python
udp        0      0 127.0.0.1:11154         0.0.0.0:*                           1673/dnscrypt-proxy
udp        0      0 0.0.0.0:11194           0.0.0.0:*                           487/openvpn
udp        0      0 0.0.0.0:55299           0.0.0.0:*                           332/avahi-daemon: r
udp        0      0 0.0.0.0:53              0.0.0.0:*                           9157/dnsmasq
udp        0      0 10.8.0.1:32829          0.0.0.0:*                           876/python
udp        0      0 0.0.0.0:67              0.0.0.0:*                           9157/dnsmasq
udp        0      0 0.0.0.0:68              0.0.0.0:*                           390/dhcpcd
udp        0      0 10.8.0.1:35401          0.0.0.0:*                           876/python
udp        0      0 10.8.0.1:6771           0.0.0.0:*                           876/python
udp        0      0 192.168.2.26:6771       0.0.0.0:*                           876/python
udp        0      0 127.0.0.1:6771          0.0.0.0:*                           876/python
udp        0      0 0.0.0.0:6771            0.0.0.0:*                           876/python
udp        0      0 192.168.2.255:137       0.0.0.0:*                           700/nmbd
udp        0      0 192.168.2.26:137        0.0.0.0:*                           700/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           700/nmbd
udp        0      0 192.168.2.255:138       0.0.0.0:*                           700/nmbd
udp        0      0 192.168.2.26:138        0.0.0.0:*                           700/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           700/nmbd
udp        0      0 192.168.2.26:46734      0.0.0.0:*                           876/python
udp        0      0 127.0.0.1:37580         0.0.0.0:*                           876/python
udp        0      0 192.168.2.26:52439      0.0.0.0:*                           876/python
udp        0      0 0.0.0.0:35036           0.0.0.0:*                           876/python
udp        0      0 0.0.0.0:6881            0.0.0.0:*                           876/python
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           332/avahi-daemon: r
udp        0      0 127.0.0.1:42307         0.0.0.0:*                           876/python
udp6       0      0 ::1:11154               :::*                                1673/dnscrypt-proxy
udp6       0      0 :::60360                :::*                                332/avahi-daemon: r
udp6       0      0 fe80::33e3:a6d5:3:53748 :::*                                876/python
udp6       0      0 ::1:58367               :::*                                876/python
udp6       0      0 :::547                  :::*                                9157/dnsmasq
udp6       0      0 fe80::8c3:e0c5:3e:58414 :::*                                876/python
udp6       0      0 :::53                   :::*                                9157/dnsmasq
udp6       0      0 fe80::33e3:a6d5:35:6771 :::*                                876/python
udp6       0      0 fe80::8c3:e0c5:3e0:6771 :::*                                876/python
udp6       0      0 ::1:6771                :::*                                876/python
udp6       0      0 :::6771                 :::*                                876/python
udp6       0      0 :::6881                 :::*                                876/python
udp6       0      0 :::5353                 :::*                                332/avahi-daemon: r
6

Check /etc/dnsmasq.conf and the files in /etc/dnsmasq.d/ to make sure that there are no interface= lines.

7

I have a except-interface=nonexisting in /etc/dnsmasq.d/01-pihole.conf
and in /etc/dnsmasq.d/99-interfaces.conf I have interface=tun0 (I might have modified it a while ago for vpn purposes)

8

Comment out or remove the tun0 interface line and try again

9

I did so, and then rebooted dnsmasq, and it still doesn't work :confused:

10

Try the following so we can see exactly what dnsmasq is being directed to do:

cd /etc/dnsmasq.d
tail -n +1 *

This should print out all the config file contents with the name of the file at the start of the configuration. It's hard to remotely troubleshoot an installation with other configuration files set up without knowing what is in those configuration files, and dnsmasq is pretty particular about how it does things.

11

Totally understandable, and thanks again for the help:

==> 01-pihole.conf <==
# Pi-hole: A black hole for Internet advertisements
# (c) 2015, 2016 by Jacob Salmela
# Network-wide ad blocking via your Raspberry Pi
# http://pi-hole.net
# dnsmasq config for Pi-hole
#
# Pi-hole is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE           #
#                        OR IN /etc/dnsmasq.conf                              #
###############################################################################

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list


localise-queries


no-resolv



cache-size=10000

log-queries=extra
log-facility=/var/log/pihole.log

local-ttl=2

log-async
domain-needed
bogus-priv
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

except-interface=nonexisting

==> 02-dnscrypt.conf <==
server=127.0.0.1#11154

==> 02-pihole-dhcp.conf <==
###############################################################################
#  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
#            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
###############################################################################
dhcp-authoritative
dhcp-range=192.168.2.201,192.168.2.251,24h
dhcp-option=option:router,192.168.2.1
dhcp-leasefile=/etc/pihole/dhcp.leases
#quiet-dhcp

domain=local
#quiet-dhcp6
#enable-ra
dhcp-option=option6:dns-server,[::]
dhcp-range=::100,::1ff,constructor:eth0,ra-names,slaac,24h
ra-param=*,0,0


==> 03-pihole-wildcard.conf <==
address=/googleads.g.doubleclick.net/192.168.2.26
address=/googlesyndication.com/192.168.2.26
address=/doubleclick.net/192.168.2.26
address=/doubleclick.net/fe80::8c3:e0c5:3e0a:14c7

==> 04-pihole-static-dhcp.conf <==
I censored it, there is a bunch of 
dhcp-host=mac address,ip address,device name


==> 99-interfaces.conf <==
#interface=tun0

==> README <==
# All files in this directory will be read by dnsmasq as
# configuration files, except if their names end in
# ".dpkg-dist",".dpkg-old" or ".dpkg-new"
#
# This can be changed by editing /etc/default/dnsmasq
12

That looks okay in the configuration, let's try a bash trick to see if the port is open.
echo >/dev/tcp/127.0.0.1/53 && echo "open"
echo >/dev/tcp/192.168.2.26/53 && echo "open"

13

And just to make sure, run the two commands below:

netstat -atuve
sudo iptables -L -n

14

Oh it's working now!
I don't quite know what changed when, I'll check to see if it's commenting out interface=tun0

Edit: it seems like it was the cause, commenting the interface line solves the problem

Thanks you both!

1 Like
15

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.