Problem with FTL and dnsmasq after pihole -up (Ubuntu 16.04.5 LTS)

Please follow the below template, it will help us to help you!

Expected Behaviour:

Pihole works normally after update, able to resolve DNS addresses.

Actual Behaviour:

After running pihole -up, it will not resolve DNS addresses. I can't tell if there's an issue with dnsmasq or FTL. The web GUI reads Lost Connection to API in the 4 differently colored status boxes.

I had to manually update /etc/resolv.conf to change 127.0.0.1 to a different DNS just so I could get the debug to upload since apparently dnsmasq isn't working.

One other thing to note -- i'm running pi-hole in an LXC container on an Intel NUC, it's been working great for 2+ years, this is the first issue I've had.

Debug Token:

8cxcemecwx

Other maybe helpful information:

root@pi-hole:~# cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.5 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.5 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

root@pi-hole:~# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; disabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/dnsmasq.service.d
└─50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
Active: inactive (dead)

root@pi-hole:~# systemctl status pihole-FTL.service
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; bad; vendor preset: enabled)
Active: active (exited) since Sat 2018-08-11 10:00:36 EDT; 10min ago
Docs: man:systemd-sysv-generator(8)

Aug 11 10:00:36 pi-hole pihole-FTL[1672]: chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
Aug 11 10:00:36 pi-hole pihole-FTL[1672]: Failed to set capabilities on file `/usr/bin/pihole-FTL' (Invalid argument
Aug 11 10:00:36 pi-hole pihole-FTL[1672]: The value of the capability argument is not permitted for a file. Or the f
Aug 11 10:00:36 pi-hole su[1696]: Successful su for pihole by root
Aug 11 10:00:36 pi-hole su[1696]: + ??? root:pihole
Aug 11 10:00:36 pi-hole su[1696]: pam_unix(su:session): session opened for user pihole by (uid=0)
Aug 11 10:00:36 pi-hole pihole-FTL[1672]: dnsmasq: failed to create listening socket for port 53: Permission denied
Aug 11 10:00:36 pi-hole systemd[1]: Started LSB: pihole-FTL daemon.
Aug 11 10:00:45 pi-hole systemd[1]: Started LSB: pihole-FTL daemon.
Aug 11 10:01:37 pi-hole systemd[1]: Started LSB: pihole-FTL daemon.

root@pi-hole:~# pihole status
[✗] DNS service is NOT running

root@pi-hole:~# dnsmasq --version
Dnsmasq version 2.75 Copyright (c) 2000-2015 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

Your debug log shows you at V4 for everything, so you are updated.

Note that with V4 and FTLDNS, dnsmasq is no longer run as a process, since pihole-FTL does this function. This link has additional info: DNS resolver - Pi-hole documentation

Your debug log shows lightttpd and pihole-FTL daemons active, but nothing using ports 80 and 53 respectively, which those should be using.

Run the following to restart FTL and see if this improves things:

sudo service pihole-FTL restart

I get the same error: not sure why it says active (exited).

root@pi-hole2:~# service pihole-FTL restart

root@pi-hole2:~# systemctl status pihole-FTL
● pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; bad; vendor preset: enabled)
Active: active (exited) since Sat 2018-08-11 16:12:53 UTC; 2s ago
Docs: man:systemd-sysv-generator(8)
Process: 2983 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
Process: 2987 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Aug 11 16:12:53 pi-hole2 systemd[1]: Starting LSB: pihole-FTL daemon...
Aug 11 16:12:53 pi-hole2 pihole-FTL[2987]: Not running
Aug 11 16:12:53 pi-hole2 pihole-FTL[2987]: chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
Aug 11 16:12:53 pi-hole2 pihole-FTL[2987]: Failed to set capabilities on file `/usr/bin/pihole-FTL' (Invalid argumen
Aug 11 16:12:53 pi-hole2 pihole-FTL[2987]: The value of the capability argument is not permitted for a file. Or the
Aug 11 16:12:53 pi-hole2 su[3011]: Successful su for pihole by root
Aug 11 16:12:53 pi-hole2 su[3011]: + ??? root:pihole
Aug 11 16:12:53 pi-hole2 su[3011]: pam_unix(su:session): session opened for user pihole by (uid=0)
Aug 11 16:12:53 pi-hole2 pihole-FTL[2987]: dnsmasq: failed to create listening socket for port 53: Permission denied
Aug 11 16:12:53 pi-hole2 systemd[1]: Started LSB: pihole-FTL daemon.

This issue seems to match this other topic: DNS unable to start and FTL offline v 4.0

@Mcat12 - agreed this seems similiar. I wonder if I'm running into this since I'm running pi-hole inside an LXD container on an Ubuntu 16.04 server on an Intel NUC.

Can you help me understand what changes I need to perform the following? I think this will help my issue.

modify the startup scripts of pihole-FTL to ensure the daemon is started as root.

In your /etc/init.d/pihole-FTL you can find a line

su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"

replace it by

/usr/bin/pihole-FTL
1 Like

Yep! That fixed it immediately.

Are there any security concerns operating in this mode?

I presume it'll get wiped out again if I run

pihole -up

No, not really. dnsmasq is always started as root we just preferred to start pihole-FTL under an unprivileged user such as pihole. It's kind of a security model in the sense of "if there is a bug in the code, it can cause less harm under a non-root user".

2 Likes

This seems like the problem I am facing. Can you show me exactly how this line suppose to look in its entirely after the edit? Thanks.

In your /etc/init.d/pihole-FTL you can find a line

su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"

replace it by

/usr/bin/pihole-FTL

It's as simple as you think it is -- the whole line gets replaced.

Afterwards that line should only read:

/usr/bin/pihole-FTL
1 Like

Ah. That was simple enough indeed. However, it didn't help with my issue. I did created a thread about it.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.