Pihole working except one url unresolved with default config

Help
1

Expected Behaviour:

New Pihole installed today on new Pi Zero W with Pi OS. Default everything on pihole setup.
Router: Ubiquiti Dream Machine. Pi connected over wifi. UDM on 192.168.1.1, running dhcp, with Pi staticed on 192.168.1.100. DNS of WAN and LAN networks set to 192.168.1.100. (also tried just LAN, and just WAN)

On local PC 192.168.1.83:
Ipconfig /all

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Realtek Gaming 2.5GbE Family Controller
Physical Address. . . . . . . . . : ***
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.83(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 15, 2024 3:36:30 PM
Lease Expires . . . . . . . . . . : Sunday, June 16, 2024 3:50:42 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.100
NetBIOS over Tcpip. . . . . . . . : Enabled

Actual Behaviour:

Most websites work fine, and ads are being blocked properly.
www,reddit.com is not resolving. Unknown if any other sites don't work. This is true on all local devices, android phone on wifi, wired PCs.

https://www.reddit.com on Edge throws:

Hmmm... can't reach this page
DNS_PROBE_FINISHED_NXDOMAIN

NSLookup Google:

C:\Users****>nslookup google.com
Server: pi.hole
Address: 192.168.1.100

Non-authoritative answer:
Name: google.com
Addresses: 2607:f8b0:4009:81b::200e
142.250.191.110

NSLookup reddit:

C:\Users*****>nslookup reddit.com
Server: pi.hole
Address: 192.168.1.100

*** pi.hole can't find reddit.com: Server failed

Can't figure out why reddit in particular is unresolvable. Unknown if other sites are also unresolved. I do not see anything blocked in relation to reddit.com on Query log.

Debug Token: https://tricorder.pi-hole.net/XsfvOUMJ/

2

Can you try temporarily disabling blocking with Disable Blocking > Indefinitely and then run the commands below from that PC.

nslookup flurry.com 192.168.1.100

nslookup flurry.com 8.8.8.8

nslookup reddit.com 192.168.1.100

nslookup reddit.com 8.8.8.8

Are you able to try these same commands from another computer too?

Are the Pi-hole queries appearing in the Query Log when you refresh it?

Your log also shows that the UDM is hammering the Pi-hole with a particular domain to the extent that Pi-hole is rate-limiting the UDM, meaning it won't respond to any requests made by it for one minute once it gets rate-limited. Then it's allowed again, but the UDM will likely just keep trying blindly and get rate-limited again.

This means if you're okay with the UDM being unable to do any name resolving, you can leave it like that to block the domain, but it means you'll always have that diagnostic warning hanging around in the interface (the orange blob). Your clients shouldn't be affected since they'll be using Pi-hole, not the UDM's DNS.

Or, if you don't mind the UDM reaching that domain, and it was just an artifact of happening to use Pi-hole as the WAN DNS, you can change the WAN DNS to something else, for example Cloudflare 1.1.1.1. Now it will leave Pi-hole alone, but it will also be able to reach the domain it was trying to reach. It may also be that if it's allowed to reach it just once it's happy and stops trying, so you can that if you want first (the above tests will allow everything for a short while so you can check this afterwards).

For reference, a client that's rate-limited will report "** server can't find example.com: REFUSED" when using nslookup.

Another thing to note, your Pi-hole OS is using Pi-hole (itself as its DNS). Usually you don't want this because it can mean that if Pi-hole happens to block a domain that Pi-hole or the OS needs, it may not be able to complete an upgrade properly. Unless you have something running on the OS that you want Pi-hole to block, I'd suggest changing the OS DNS server to something again like Cloudflare. You might need to adjust your ranges and give the Pi-hole OS a manual static IP. For example .1 is the UDM, .2 to .20 are left free for static, and the UDM DHCP ramge goes from .21 to .254. Then you can set the Pi-hole OS manually as, eg, .2.

5

Thank you. I made use of your suggestions with tuning the DNS of the Pi and UDM. I paused the blocking, and am still having the issue.

The following is the outputs you requested with blocking paused:

PC1:

C:\Users\PC1>nslookup flurry.com 192.168.1.100
Server:  pi.hole
Address:  192.168.1.100
Name:    flurry.com
Addresses:  ::  0.0.0.0

C:\Users\PC1>nslookup flurry.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8
Name:    flurry.com
Addresses:  ::  0.0.0.0

C:\Users\PC1>nslookup reddit.com 192.168.1.100
Server:  pi.hole
Address:  192.168.1.100
*** pi.hole can't find reddit.com: Server failed

C:\Users\PC1>nslookup reddit.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8
*** dns.google can't find reddit.com: Non-existent domain

PC2:

C:\Users\PC2>nslookup flurry.com 192.168.1.100
Server:  pi.hole
Address:  192.168.1.100
Name:    flurry.com
Addresses:  ::    0.0.0.0

C:\Users\PC2>nslookup flurry.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8
Name:    flurry.com
Addresses:  ::  0.0.0.0

C:\Users\PC2>nslookup reddit.com 192.168.1.100
Server:  pi.hole
Address:  192.168.1.100
*** pi.hole can't find reddit.com: Server failed

C:\Users\PC2>nslookup reddit.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8
*** dns.google can't find reddit.com: Non-existent domain

Query Log of the attempt to go to reddit.com on PC1:

2024-06-16 17:49:46 	A	www.reddit.com	192.168.1.83	OK (sent to resolver1.opendns.com#53)               	N/A
2024-06-16 17:49:46 	A	www.reddit.com	192.168.1.83	OK (sent to one.one.one.one#53) BOGUS (NSEC(3) missing)	N/A
2024-06-16 17:49:46 	DS	reddit.com	    pi.hole         OK (sent to resolver1.opendns.com#53)	                N/A
6

Thanks for running those tests. It looks like something is interfering with your DNS requests.

This test asks Pi-hole to look up flurry.com, which is a blocked domain in the default adlist, and, as expected, you get back all 0's because it's blocked.

C:\Users\PC1>nslookup flurry.com 192.168.1.100
Server: pi.hole Address: 192.168.1.100
Name: flurry.com Addresses: :: 0.0.0.0

This test is the same except it asks Google's DNS instead of Pi-hole. You should get back the domain's IP addresses. But instead you still get the same blocked result.

C:\Users\PC1>nslookup flurry.com 8.8.8.8
Server: dns.google Address: 8.8.8.8
Name: flurry.com Addresses: :: 0.0.0.0

Is there a setting in the UDM which says something like "Force all DNS queries to use the configured DNS server?"

Dp you have any anti-virus software running on both PC1 and PC2 which might interfere with DNS lookups? Typically these are advertised as a DNS "anti-hijacking" feature.

Earlier I asked

Are the Pi-hole queries appearing in the Query Log when you refresh it?

Please check that as it will show Pi-hole is answering the Google query, and show that something, probably the router, is redirecting your DNS queries.

As for reddit.com, my suspicion is that the same redirection is screwing with the DNSSEC, resulting in a validation failure and causing the BOGUS result (which is actually DNSSEC doing its job).

Can you run a few more commands from PC1 and PC2 please? What do these give you? They are testing asking Pi-hole and then some external servers for some info about themselves. They will help show if your queries are being messed with. I'm assming your Pi-hole is still at 192.168.1.100.

nslookup -class=chaos -type=txt version.bind 192.168.1.100

nslookup -class=chaos -type=txt version.FTL 192.168.1.100

nslookup -class=chaos -type=txt version.bind 9.9.9.9

nslookup -class=chaos -type=txt version.FTL 8.8.8.8

nslookup -class=chaos -type=txt version.bind 198.41.0.4
7

2 posts were split to a new topic: Domains not appearing in Query Log

8

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.