Problem when installing Pi-hole on Raspbian GNU/Linux 11 (bullseye) or Raspbian GNU/Linux 12 (bookworm)

Help Community Help
1

The issue I am facing:
I try to install Pi-hole on an old Raspberry Pi Model B Plus Rev 1.2.

  1. First try: Operating system Raspbian GNU/Linux 12 (bookworm)
  2. 2nd try: Raspbian GNU/Linux 11 (bullseye)

In both cases I get the message

[✗] Retrieval of supported OS list failed. dig failed with return code 10.
      Unable to determine if the detected OS (Raspbian 11) is supported

But

$ dig ns1.pi-hole.net  shows

; <<>> DiG 9.16.50-Raspbian <<>> ns1.pi-hole.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3417
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns1.pi-hole.net.               IN      A

;; ANSWER SECTION:
ns1.pi-hole.net.        979     IN      A       205.251.193.151

;; Query time: 0 msec
;; SERVER: 192.168.10.10#53(192.168.10.10)
;; WHEN: Tue Apr 29 16:43:20 CEST 2025
;; MSG SIZE  rcvd: 60

and

$ dig +short versions.pi-hole.net txt
"Raspbian=11,12 Ubuntu=20,22,23,24 Debian=11,12 Fedora=40,41 CentOS=9,10"

and installation is only possible with PIHOLE_SKIP_OS_CHECK=true

After installation without OS-check Pi-hole is running, but doesn't resolve DNS queries.

Using the router address:

pi@pihole-ulm:~ $ nslookup - 192.168.10.1
> spiegel.de
Server:         192.168.10.1
Address:        192.168.10.1#53

Non-authoritative answer:
Name:   spiegel.de
Address: 128.65.210.8
>

Using the Pi-hole system:

pi@pihole-ulm:~ $ nslookup - 192.168.10.78
> spiegel.de
;; connection timed out; no servers could be reached

Details about my system:

pi@pihole-ulm:~ $ hostnamectl
    Static hostname: pihole-ulm
          Icon name: computer
         Machine ID: e2dfcc10ec2d4558a1a13a66bfa8e1b5
            Boot ID: fa6341664b244f4f8cc2a967c9462ce9
   Operating System: Raspbian GNU/Linux 11 (bullseye)
   
             Kernel: Linux 6.1.21+
       Architecture: arm
 	  
pi@pihole-ulm:~ $ dpkg --print-architecture
armhf
2

What DNS-resolvers are defined on your system?
Please share the output of cat /etc/resolv.conf

Please also check what upstream DNS-resolvers are used in the Pi-hole configuration
Either via the web interface or via sudo pihole-FTL --config dns.upstreams

3

Recently I installed Pi-Hole on a Pi 5 with Pi OS 12, which is reported as Debian 12. It also failed/stopped at the OS check and the skip parameter was necessary to proceed. This was not the biggest issue at that time, but now I‘m wondering why that system seems to be unsupported.

By the way: Pi OS 10 is definitely unsupported, tried that on my test system back then and failed completely, I think due to missing dependencies (stuff expected but not available in Debian/Pi OS 10).

4 
# cat /etc/resolv.conf
nameserver 192.168.10.1

Using the upstream router

# nslookup
> spiegel.de
Server:         192.168.10.1
Address:        192.168.10.1#53

Non-authoritative answer:
Name:   spiegel.de
Address: 128.65.210.8

# pihole-FTL --config dns.upstreams
[ 8.8.8.8, 8.8.4.4 ]

Using Pi-hole

# nslookup - 192.168.10.20
> spiegel.de
;; communications error to 192.168.10.20#53: timed out
;; communications error to 192.168.10.20#53: timed out
^C

# pihole status
  [✓] FTL is listening on port 53
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✓] UDP (IPv6)
     [✓] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

I found it's not Pi-hole.

ping to Google DNS is possible:

# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=60 time=15.4 ms

but no nslookup

# nslookup - 8.8.8.8
> spiegel.de
;; communications error to 8.8.8.8#53: host unreachable

if I test the same on another Linux system, I get no error

5

The dig command that will show what the problem is, is:
dig +short versions.pi-hole.net txt @ns1.pi-hole.net

That direct query on ns1.pi-hole.net is key.

6 
# dig +short versions.pi-hole.net txt @ns1.pi-hole.net
;; communications error to 205.251.193.151#53: host unreachable
;; communications error to 205.251.193.151#53: host unreachable
;; communications error to 205.251.193.151#53: host unreachable
;; UDP setup with 2600:9000:5301:9700::1#53(2600:9000:5301:9700::1) for versions.pi-hole.net failed: network unreachable.
;; no servers could be reached

But:

# dig +short versions.pi-hole.net txt
"Raspbian=11,12 Ubuntu=20,22,23,24 Debian=11,12 Fedora=40,41 CentOS=9,10"

Does it make sense to start again with an "empty" Raspian?

7

Do you have a firewall blocking specific DNS traffic active?
It seams like its at Router level

8

No firewall @router level. I can run the same lookup from a linux system, a windows system and another Raspian.

Very strange :hot_face:

Howto further analyse?

Addendum: Found a second Linux system (Openmediavault) showing the same problem.

9

What lookup, exactly. And what are the results of those lookups?

Can you ping ns1.pi-hole.net? That would show if the nameserver is being blocked completely or if only DNS resolution is being blocked.

10

It looks like for some systems only DNS resolution is blocked. I.e.

on OpenMediaVault V5 running on Debian 10 even dns.google (8.8.8.8) can't be used

klaus@omv:~$ ping ns1.pi-hole.net
PING ns1.pi-hole.net (205.251.193.151) 56(84) bytes of data.
64 bytes from ns-407.awsdns-50.com (205.251.193.151): icmp_seq=1 ttl=249 time=23.0 ms

klaus@omv:~$ dig +short versions.pi-hole.net txt @ns1.pi-hole.net
;; connection timed out; no servers could be reached
klaus@omv:~$ dig +short versions.pi-hole.net txt @8.8.8.8
;; connection timed out; no servers could be reached

on Raspbian GNU/Linux 11 (bullseye)

klaus@raspi:~ $ dig +short versions.pi-hole.net txt @ns1.pi-hole.net
"Raspbian=11,12 Ubuntu=20,22,23,24 Debian=11,12 Fedora=40,41 CentOS=9,10"

absolut no clue, why only the Raspian system is running o.k.