Pihole receive request but doesn't forward, also Unkown status on queries

When doing dig @192.168.1.92 google.com, I have no IP found, however the query is recorded in Pi-hole

Expected Behaviour:

I should have a record related to google.com as answer to dig requets, also I should see the request as forwarded (OK)

Actual Behaviour:

No IP answer to dig request / unknown status in the web interface, logs are empty (weird)


Debug Token:

https://tricorder.pi-hole.net/nabrrhaoxc

This is unusual from your debug log - this test should return 0.0.0.0 as the reply for known blocked domain taken from your gravity list:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] hectorluengo.cl is  via localhost (127.0.0.1)
[✓] hectorluengo.cl is  via Pi-hole (192.168.1.92)
[✓] doubleclick.com is 216.58.201.238 via a remote, public DNS server (8.8.8.8)

Let’s take a look at FTL status. Please post the outputs of the following:

grep google.com /var/log/pihole.log | tail -n20

sudo service pihole-FTL status

sudo netstat -nltup | grep 'Proto\|:53 \|:5053 \|:5353 \|:8953 \|:67 \|:80 \|:471'

Before anything, thank you very much for taking some time to help me on resolving this issue, thank you very much.

Here you go:

grep google.com /var/log/pihole.log | tail -n20 shows nothing

sudo service pihole-FTL status seems to be ok

sudo netstat -nltup | grep 'Proto\|:53 \|:5053 \|:5353 \|:8953 \|:67 \|:80 \|:471'

I have Samba AD-DC working on another network (also keep internet working at home)
ALL my tests are done using the 192.168.1.92 which is dedicated for pi-hole.

Please find below result of ip -c a:

Note - in this forum you can copy/paste text output and then format it with the “</>” tool in the top of the reply window. This makes reading your output easier, plus we can copy/paste text for testing.

1 Like

Oh, thank you for the advice, I’ll repost everything correctly so !

grep google.com /var/log/pihole.log | tail -n20 shows nothing (empty)

sudo service pihole-FTL status

sudo service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated)
   Active: active (exited) since Mon 2020-01-13 17:08:09 CET; 6h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 9745 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 9786 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Jan 13 17:08:08 _pc systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 13 17:08:08 _pc pihole-FTL[9786]: Not running
Jan 13 17:08:09 _pc su[9845]: Successful su for pihole by root
Jan 13 17:08:09 _pc su[9845]: + ??? root:pihole
Jan 13 17:08:09 _pc su[9845]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 13 17:08:09 _pc pihole-FTL[9786]: FTL started!
Jan 13 17:08:09 _pc su[9845]: pam_unix(su:session): session closed for user pihole
Jan 13 17:08:09 _pc systemd[1]: Started LSB: pihole-FTL daemon.
dey_pc:~$ sudo netstat -nltup | grep 'Proto\|:53 \|:5053 \|:5353 \|:8953 \|:67 \|:80 \|:471'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      512/apache2
tcp        0      0 192.168.1.92:53         0.0.0.0:*               LISTEN      9861/pihole-FTL
tcp        0      0 192.168.1.91:53         0.0.0.0:*               LISTEN      1063/samba
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1063/samba
tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      9861/pihole-FTL
udp        0      0 192.168.1.92:53         0.0.0.0:*                           9861/pihole-FTL
udp        0      0 192.168.1.91:53         0.0.0.0:*                           1063/samba
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1063/samba

ip -c a result

ip -c a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether e0:d5:5e:67:6d:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.91/24 brd 192.168.1.255 scope global enp2s0
       valid_lft forever preferred_lft forever
3: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 04:92:26:87:83:2c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.77/24 brd 192.168.1.255 scope global enp1s0
       valid_lft forever preferred_lft forever
4: vlan11@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e0:d5:5e:67:6d:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.92/24 brd 192.168.1.255 scope global vlan11
       valid_lft forever preferred_lft forever

Thank you very much, hope this will help you understand my problem, I’m really getting desperate at this moment :confused:

To make it clear, as a first step I’m not putting pi hole as my default dns because I want to make it work first (tried to put it as dns, no internet ensues)

First step for me is to make it resolve dns requests which is not doing for now.

In short, I want to understand why

dig @192.168.1.92 google.com

Is not resolving :confused:

Your time and help are much appreciated, thank you very much.

Your machine is aleady running Samba as DNS server.

Your best option would be to consult documentation for Samba on whether Samba can coexist with another DNS server on the same machine and if so, how to achieve this.

If coexistence is not an option, I’d recommend to setup Pi-hole on a differerent machine. A cheap RPi Zero and Ethernet dongle or RPi Zero W would suffice.

Concomitantly, you would raise chances for attracting the odd Pi-hole user with experience in running Samba and Pi-hole by renaming your topic to explicitly contain this keyword.

And you could also try and search the forums for Samba, now that you know the cause for your problems :wink:

Yep, it should work without any problem, too bad this tutorial is outdated and is for the version where pi hole still uses dnsmasq.conf instead of 01-pihole-FTL.conf

Also samba work perfectly, and doesn’t interefer with pi-hole as they’re not in the same network at all.

As a reminder, I use dig @192.168.1.92 yahoo.com just to be sure to use pi-hole DNS.

By the way, I’ve found that the pi-hole server is found, but my requests are refused when I try that, maybe that’s a way to find the issue.

dig @192.168.1.92 google.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @192.168.1.92 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24876
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 0 msec
;; SERVER: 192.168.1.92#53(192.168.1.92)
;; WHEN: Tue Jan 14 15:59:10 CET 2020
;; MSG SIZE  rcvd: 39

I am not sure about the implications of your Samba AD hogging the loopback interface (127.0.0.1).

And as it seems you have created a virtual network interface to attach Pi-hole to:
Is the gateway for that interface allowing outbound DNS traffic?

Did this happen a few times only, or did Pi-hole fail to answer any DNS request so far?

I only remember seeing REFUSED with a warning (“recursion not available”) or with absolutely no upstream servers for Pi-hole.

On your Pi-hole machine, the following command will list the upstream DNS servers your Pi-hole is currently configured to use:

 grep "server=" --include=\*.conf -rn /etc/dnsmasq.d/

I am not sure about the implications of your Samba AD hogging the loopback interface ( 127.0.0.1 ).

And as it seems you have created a virtual network interface to attach Pi-hole to:
Is the gateway for that interface allowing outbound DNS traffic?

As configured now, Samba is taking the requests going to 127.0.0.1:53, however that’s something I want, because I want pi-hole to answer requests going ONLY to this adress 192.168.1.92:53, DNS forwarding will look like this:

Computers=>RouterDNS=>SambaDNS=>Pi-holeDNS=>GoogleDNS

Did this happen a few times only, or did Pi-hole fail to answer any DNS request so far?
I only remember seeing REFUSED with a warning (“recursion not available”) or with absolutely no upstream servers for Pi-hole.

Pi-hole always refuse any dns request, and in the web interface it’s written as unknown, the logs are also empty as in the original post.

grep "server=" --include=\*.conf -rn /etc/dnsmasq.d/

Gives this

de_pc:~$ grep "server=" --include=\*.conf -rn /etc/dnsmasq.d/
/etc/dnsmasq.d/01-pihole.conf:42:server=8.8.8.8
/etc/dnsmasq.d/01-pihole.conf:43:server=8.8.4.4
/etc/dnsmasq.d/01-pihole.conf:44:server=208.67.222.222
/etc/dnsmasq.d/01-pihole.conf:45:server=208.67.220.220

As I said, I am not sure about the implications of your Samba AD hogging the loopback interface. Maybe a developer like @DL6ER can offer his advice on this.

So you have configured your upstreams :wink:

Bugger - as missing upstreams would have been the most obvious explanation for a REFUSED answer.
Just to be sure pihole-FTL/dnsmasq is aware of those settings, you could run

sudo pihole restartdns

And finally:
What about your gateway?

Thank you for your fast answer @Bucking_Horn, I really appreciate it

sudo pihole restartdns gives

de_pc:~$ sudo pihole restartdns
  [✓] Restarting DNS service
de_pc:~$ dig @192.168.1.92 yahoo.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @192.168.1.92 yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 63436
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;yahoo.com.                     IN      A

;; Query time: 0 msec
;; SERVER: 192.168.1.92#53(192.168.1.92)
;; WHEN: Tue Jan 14 19:08:25 CET 2020
;; MSG SIZE  rcvd: 38

What about the gateway ? can you be more specific please ? (it’s 192.168.1.254 and it’s DNS forwarder is 192.168.1.92)

Sorry, I was referring to my earlier question (you might just have overlooked it).

If it doesn’t, I would expect Pi-hole giving you timeouts rather than REFUSED answers, but better check anyhow.

If your quoted gateway 192.168.1.254 is your router, then it would most likely not restrict outbound DNS (though I have mine configured to do just that, exempting Pi-hole). You also want to verify that your network interface is indeed using this address as its gateway.

EDIT:
Your gateway seems ok, deducing from this info from @jfb:

[✓] doubleclick.com is 216.58.201.238 via a remote, public DNS server (8.8.8.8)

This shows that your gateway does not interfere with DNS traffic from your Pi-hole machine.

Yep, can confirm gateway is ok because ping -I 192.168.1.92 google.com works fine (using vlan.11 interface and samba dns)

ping -I 192.168.1.92 google.com

PING google.com (216.58.213.174) from 192.168.1.92 : 56(84) bytes of data.
64 bytes from par21s04-in-f174.1e100.net (216.58.213.174): icmp_seq=1 ttl=57 time=8.85 ms

However when trying to use the vlan.11 dns, which is pi-hole, the request is refused :confused:

Just a side note (click for more)

ping is using the ICMP protocol, which wouldn’t verify how DNS traffic is treated.
You’d have to use dig or nslookup for that instead, which is how @jfb’s or rather your Pi-hole’s debug doubleclick.com was resolved.


As for your problem:
I am not aware of any other possible cause, apart from the aforementioned possible ramifications regarding the loopback interface :frowning:

Good news !

First, I’ve did this command to reinstall everything (but keep install config)

dey_pc:~$ sudo pihole -r

  [✓] Root user check

        .;;,.
        .ccccc:,.
         :cccclll:.      ..,,
          :ccccclll.   ;ooodc
           'ccll:;ll .oooodc
             .;cll.;;looo:.
                 .. ','.
                .',,,,,,'.
              .',,,,,,,,,,.
            .',,,,,,,,,,,,....
          ....''',,,,,,,'.......
        .........  ....  .........
        ..........      ..........
        ..........      ..........
        .........  ....  .........
          ........,,,,,,,'......
            ....',,,,,,,,,,,,.
               .',,,,,,,,,'.
                .',,,,,,'.
                  ..'''.

  [i] Existing PHP installation detected : PHP version 7.2.24-0ubuntu0.18.04.1
  [i] Repair option selected
  [✓] Disk space check
  [✓] Update local cache of available packages

  [✓] Checking apt-get for upgraded packages... 2 updates available
  [i] It is recommended to update your OS after installing the Pi-hole!

  [i] Installer Dependency checks...
  [✓] Checking for apt-utils
  [✓] Checking for dialog
  [✓] Checking for debconf
  [✓] Checking for dhcpcd5
  [✓] Checking for git
  [✓] Checking for iproute2
  [✓] Checking for whiptail

  [i] Performing reconfiguration, skipping download of local repos
  [✓] Resetting repository within /etc/.pihole...
  [✓] Resetting repository within /var/www/html/admin...
  [i] Main Dependency checks...
  [✓] Checking for cron
  [✓] Checking for curl
  [✓] Checking for dnsutils
  [✓] Checking for iputils-ping
  [✓] Checking for lsof
  [✓] Checking for netcat
  [✓] Checking for psmisc
  [✓] Checking for sudo
  [✓] Checking for unzip
  [✓] Checking for wget
  [✓] Checking for idn2
  [✓] Checking for sqlite3
  [✓] Checking for libcap2-bin
  [✓] Checking for dns-root-data
  [✓] Checking for resolvconf
  [✓] Checking for libcap2


  [i] FTL Checks...

  [✓] Detected x86_64 architecture
  [i] Checking for existing FTL binary...
  [i] Latest FTL Binary already installed (v4.3.1). Confirming Checksum...
curl: (6) Could not resolve host: github-production-release-asset-2e65be.s3.amazonaws.com
  [i] Corruption detected...
  [✓] Downloading and Installing FTL
  [✓] Checking for user 'pihole'
  [✓] Installing scripts from /etc/.pihole

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf

  [i] Installing blocking page...
  [✓] Creating directory for blocking page, and copying files
  [✗] Backing up index.lighttpd.html
      No default index.lighttpd.html file found... not backing up

  [✓] Installing sudoer file

  [✓] Installing latest Cron script

  [✓] Installing latest logrotate script
  [i] Backing up /etc/dnsmasq.conf to /etc/dnsmasq.conf.old
  [✓] man pages installed and database updated
  [i] Testing if systemd-resolved is enabled
  [i] Systemd-resolved is not enabled
  [i] Restarting services...
  [✓] Enabling pihole-FTL service to start on reboot...
  [✓] Restarting pihole-FTL service...
  [✓] Deleting existing list cache
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: Retrieval successful

  [i] Target: sysctl.org (hosts)
  [✓] Status: Retrieval successful

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: Retrieval successful

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: Retrieval successful

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: Retrieval successful

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 136733
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 114789
  [i] Nothing to whitelist!
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter
  [✓] Restarting DNS service

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled

  [i] The install log is located at: /etc/pihole/install.log
Update Complete!

Oh…looks like we had a corrupt file :thinking:, glad it was corrected.

After that, pi-hole refused to start because it didn’t have access to 127.0.0.1.

Then, I’ve removed access to samba for 127.0.0.1, restricted it to 192.168.1.91 and restarted samba service to free up localhost.

I’ve restarted then pi-hole FTL service and it started successfully.

Then this happened:

dig @192.168.1.92 google.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @192.168.1.92 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55719
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             260     IN      A       216.58.198.206

;; Query time: 9 msec
;; SERVER: 192.168.1.92#53(192.168.1.92)
;; WHEN: Tue Jan 14 20:50:59 CET 2020
;; MSG SIZE  rcvd: 55

Alright ! looks like it works fine :smiley:

Then I’ve changed DNS forwarder in samba, from 8.8.8.8 to 192.168.1.92 to let pi-hole be the latest DNS before google dns.

Now it looks like my two DNS are working.

However, please stay tuned as I want to know if there is no hidden crash, and obviously check if a config like this is blocking adwares effectively !

I’ll post an update this evening, thank you for that suggestion @Bucking_Horn !!!

EDIT:

What is working now:
DNS is up, forwarding works, and query table works too !

What is not working:
The logs are still empty
When I restart, pi-hole start before netplan setup the vlan, any idea to “delay” pihole start ?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.