[PiHole worked like a charm and then all out of the blue it stops resoving DNS for the LAN, it works just for localhost (=RPI)
Expected behaviour is that a running install of pihole should keep on doing it's work and not stop working for the LAN.]
Actual Behaviour:
_[-Dashboard shows localhost as the only client.
DNSbenchmark say: Non-routable local internet address.
NSlookup from W10 client says: DNS request timed out
dig google.com from RPI behaves as it should
RPI still on same fixed local IP
pihole status shows [✓] DNS service is running
[✓] Pi-hole blocking is Enabled
pihole restartdns doesn not change anything.
RPI reboot does not change anything.
unbound status says: everything ok.
connection through OpenVPN (10.8.0.2) works like it should, client added to dashboard and DNS search displayed in query log.
checked Experia V10 router, primary DNS is RPI, restarted router, set back DNS to the router and set it back to RPI, no change.
this happened 2 times before; first time I reinstalled pihole with a positive result, second time I reinstalled unbound with a positive result.
]_
From your observations, I'd say Pi-hole is up and running and has a healthy connection to its upstream DNS server, which is unbound.
You are even able to connect via OpenVPN remotely and get Pi-hole to resolve DNS queries alright.
The problem seems to lie somewhere with your local home network configuration
DNSBench and nslookup do not get an answer from your local DNS server.
However, DNSBench also reports your local DNS to be a .1 address - that's likely your router, isn't it?
It seems that you have configured Pi-hole as *upstream* DNS server for your router, making your router your local DNS server.
While that is a valid configuration, it comes with the drawback that your Pi-hole would show all local DNS requests as originating from your router ratther than individual clients.
It would be preferable that you distribute Pi-hole as your local DNS server via yor router's DHCP instead.
I do not know your router, so it might as well be that your Experia V10 does not allow setting a DNS server for DHCP distribution.
Let's determine whether it is indeed Pi-hole or your router that leaves DNS requests unanswered by forcing respective local lookups.
Executed from your Win10 client, what is the output of the following two commands (replace <x> to match your Pi-hole's IP):
You've executed 3 nslookups from 3 different machines forcing 3 different DNS servers now
I had asked for a set of 2 nslookups from the same machine forcing 2 DNS servers (your router and your Pi-hole).
Also, could you clarify which device is living at which IP? 192.168.2.1 - router ? 192.168.2.7 - ? 192.168.2.254 - ?
Once that is clear, open a command prompt on your Win10 client.
What is the output of the following two commands (replace the bracket content <x> to match your routerÄs or Pi-hole’s IP respectively):
In my first answer those are all command prompts executed on W10.
(Command prompt: C:\Windows\syswow64>)
192.168.2.1 is RPI, #7 is W10 and #254 is Experia V10 router set to get DNS from RPI.
So W10 is using the router as DNS server, which is using RPI as DNS server.
So the whole LAN is using RPI as DNS server.
ipconfig /all | find /i "server" executed from the command prompt on W10 gives:
C:\Windows\syswow64>ipconfig /all | find /i "server"
DHCP Server . . . . . . . . . . . : 192.168.2.254
DNS Servers . . . . . . . . . . . : 2a02:a443:8cfd:1:ba27:ebff:fee3:b34f
Executed from my RPI, these are the results:
pi@RPI:~ $ nslookup europa.eu 192.168.2.1
^C (= no result after > 5 seconds)
pi@RPI:~ $ nslookup europa.eu 192.168.2.7
^C (= no result after > 5 seconds)
pi@RPI:~ $ nslookup europa.eu 192.168.2.254
Server: 192.168.2.254
Address: 192.168.2.254#53
Technically more precise, your LAN is using your router, which in turn forwards DNS to its upstream DNS: Pi-hole.
Since both your router and Pi-hole are not respondung to local queries from your 192.168.2.0/24 subnet, it is more likely that Pi-hole is indeed involved (though we haven't ruled out your router completely yet).
You wouldn't have configured Pi-hole (or unbound) to use your router as one of its upstream servers? (Because that would close an infinite loop)
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the tun0 interface:
10.8.0.1/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
[✓] IPv6 address(es) bound to the tun0 interface:
fe80::70f6:7881:a962:9809 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
^ Please note that you may have more than one IP address listed.
As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.
The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.
[i] Default IPv4 gateway: 192.168.2.254
* Pinging 192.168.2.254...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)
[i] Default IPv6 gateway: fe80::76a7:8eff:feea:92de
* Pinging fe80::76a7:8eff:feea:92de...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] de.realmedianetwork.net is 0.0.0.0 via localhost (127.0.0.1)
[✗] Failed to resolve de.realmedianetwork.net via Pi-hole (192.168.2.1)
[✓] doubleclick.com is 172.217.17.142 via a remote, public DNS server (8.8.8.8)
*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] quocho7t.beget.tech is :: via localhost (::1)
[✗] Failed to resolve quocho7t.beget.tech via Pi-hole (2a02:a443:8cfd:1:ba27:ebff:fee3:b34f)
[✓] doubleclick.com is 2a00:1450:400e:807::200e via a remote, public DNS server (2001:4860:4860::8888)
(edit: thx, @jfb)
ISP could have retired its IPv6 prefix (happens once every 24 hours with my internet plan), thereby invalidating Pi-hole's IPv6 address.
Strictly, that would only account for lack of IPv6 connectivity, but if you can, it may be worth switching to ULA prefix (fd00::/8 range) anyhow.
Using IPv6 and IPv4 addresses, can you ping Pi-hole from your Win10 machine?
I tried to set Cloudflare as DNS resolver.
As I mentioned in my first post: it worked like a charm and I can restore the lot by reinstalling.
Just curious what is going wrong here.
And the ping:
C:\Windows\syswow64>ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time<1ms TTL=64
Reply from 192.168.2.1: bytes=32 time<1ms TTL=64
Reply from 192.168.2.1: bytes=32 time<1ms TTL=64
Reply from 192.168.2.1: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Pinging 2a02:a443:8cfd:1:ba27:ebff:fee3:b34f with 32 bytes of data:
Reply from 2a02:a443:8cfd:1:ba27:ebff:fee3:b34f: time<1ms
Reply from 2a02:a443:8cfd:1:ba27:ebff:fee3:b34f: time<1ms
Reply from 2a02:a443:8cfd:1:ba27:ebff:fee3:b34f: time<1ms
Reply from 2a02:a443:8cfd:1:ba27:ebff:fee3:b34f: time<1ms
Seems Pi-hole is configured to listen on tun0 interface only.
Try to edit /etc/dnsmasq.d/01-pihole.conf and add a line just below the above
interface=eth0
If required, replace eth0 with the correct value if applicable on your machine (e.g. wlan0).
Don’t forget to restart Pi-hole’s DNS server after editing (takes a few seconds):
pihole restartdns
If that doesn't work, try enabling Listen on all interfaces or Listen on all interfaces, permit all origins via Pi-hole's Settings|DNS - BUT heed the security advice.
EDIT: It's getting late here, I have to jump off soon, a few minutes. Try alerting a mod like @jfb if you require further assistance
-rw-r--r-- 1 root root 1420 Feb 2 00:03 01-pihole.conf
-rw-r--r-- 1 root root 16 Jan 19 01:34 02-ovpn.conf
Content of 02-ovpn.conf : uinerface=tun0
pihole -r : very, very slow on 'Restarting pihole-FTL service...'
pi@RPI:~ $ pihole restartdns
[i] Restarting DNS service...
This took 5 minutes (no guess, watching system time, between 5 and 6 minutes)
Question? Howto fix?
No hurry, no worry, tomorrow is another day.
Thanks for your help thusfar!
Thanks for all your help.
Of course it's interface
Next tests show that everything is going smooth as long as I don't install unbound.
So now my config is without unbound.
I followed the instructions on Pi-hole as All-Around DNS Solution exactly, changed do-ip6: no to do-ip6: yes.
Then at the bottom of the page: Finally, configure Pi-hole to use your recursive DNS server:
I added :::1#5353, unticked the Upstream DNS servers and added interface=eth0 at the end of /etc/dnsmasq.d/01-pihole.conf
And then it still failed.
I must have missed something somewhere.
