So this is interesting.. my Pihole fails to come up when there is a power outage.
I figured out that since I have it setup to use 127.0.0.1#5353 to forward DNS requests to DNScrypt which I also installed on my Raspi Zero, it gets stuck because it cannot make any initial resolutions (a catch 22).
To jump start it, I have to go to the DNS settings, change it to use one of the ordinary resolvers such as google, remove DNSSEC, remove the 127.0.0.1#5353 DNS server. Once DNS queries start working again, I can put it back to the way it was and it begins using DNSCrypt again.
Is there a setting to force PiHole to use a fallback resolver? I see one with DNSCrypt but that's no good since PiHole is the initial GW.
It appears that the Pi may be losing track of time when it loses power (Pi's don't have a built in clock). Then, when it starts up, it cannot resolve DNSSEC since the time is not correct, thus cannot connect to an ntp server to set the time.
There are several potential solutions.
Put the Pi on a battery backup or UPS so it won't lose power and won't lose time.
You can also set the Pi itself to use an upstream DNS resolver other than Pi-Hole. By default, Pi-Hole sets the DNS resolver in /etc/resolv.conf to the loopback address (assuming that you will want the Pi to use Pi-Hole for DNS resolution). You can do this with local changes to your installed Pi-Hole code:
One note - since you are using a local DNS resolver (unbound, it appears) that does DNSSEC resolution natively, you don't need to (nor do you want to) enable DNSSEC in Pi-Hole as well.
pi@pihole:/etc/init.d $ cat pihole-dns.sh
#!/bin/bash
### BEGIN INIT INFO
# Provides: Pi-hole DNS resolution during a startup after a power failure.
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop:
# Description: This script will install a Google DNS nameserver in /etc/resolv.conf
# until the Pi-hole has a chance to start working, then it will switch
# DNS back to localhost 127.0.0.1 so DNS resolution comes from the Pi-hole.
### END INIT INFO
echo "Setting up Google for Startup DNS"
cp /home/pi/startup-dns /etc/resolv.conf
echo "Waiting 1 minute"
sleep 1m
echo "Testing Internet connection and DNS resolution is ok..."
wget -q --spider http://google.com
if [ $? -eq 0 ]; then
echo "Online"
echo "Changing back to our default Pi-hole resolver..."
cp /home/pi/default-dns /etc/resolv.conf
echo "Done"
else
echo "Offline"
echo "Sorry, please try logging into the Pi-hole Admin interface and setting a normal resolver there. Once it starts working, put it back to 127.0.0.1#5300"
fi
It requires 2 files to exist:
$ cat /home/pi/startup-dns
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
and
$ cat /home/pi/default-dns
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
Those could probably be just included in the script.
If anyone else needs it you may need to tweak it for the correct runlevels and adjust the 1m delay.
Another option would be to just loop the script to check for connectivity and then change it. Feel free to modify it.
To make it work just put it in /etc/init.d/ folder and run:
$ sudo update-rc.d pihole-dns.sh defaults
If something went wrong you can remove it using this: