Query list empty, setup without router

Expected Behaviour:

I have DHCP server running on Pi-Hole, network should have ad-blocking without manually entering DNS address

Actual Behaviour:

Cannot make Pi-Hole work at all.
Pi-Hole DNS: 192.168.0.101
I have disabled DHCP server on modem/router (device supplied by ISP), enabled DHCP server on Pi-Hole. I get the Pi-Hole DNS on all devices (PC/phone etc.) yet I get 0 queries,0 blocks on Query Log. Internet works fine on all devices

Pi-Hole:



PC ipconfig showing it has Pi-Hole DNS:
4

ISP Provided "router" settings:

There is no setting option on this device to set a static DNS address. Could this be the root of all my issues? DO I need to put another router between the modem and the rpi4?

Manually entering DNS on PC network setting doesnt work either
I have disabled wlan on rpi4, no changes

Debug Token:

https://tricorder.pi-hole.net/kzk27gmayz

These errors appear in your debug log output of /var/log/pihole.log:

   May 27 07:47:50 dnsmasq-dhcp[598]: not giving name raspberrypi to the DHCP lease of 192.168.0.139 because the name exists in /etc/hosts with address 127.0.1.1
   May 27 07:47:50 dnsmasq-dhcp[598]: not giving name localhost to the DHCP lease of 192.168.0.132 because the name exists in /etc/hosts with address 127.0.0.1
   May 27 07:47:57 dnsmasq-dhcp[598]: DHCP packet received on eth0 which has no address
   May 27 07:48:15 dnsmasq-dhcp[598]: DHCPDISCOVER(eth0) c0:48:e6:4c:1b:08 
   May 27 07:48:15 dnsmasq-dhcp[598]: DHCPOFFER(eth0) 192.168.0.132 c0:48:e6:4c:1b:08 
   May 27 07:48:15 dnsmasq-dhcp[598]: DHCPREQUEST(eth0) 192.168.0.132 c0:48:e6:4c:1b:08 
   May 27 07:48:15 dnsmasq-dhcp[598]: DHCPACK(eth0) 192.168.0.132 c0:48:e6:4c:1b:08 Samsung
   May 27 07:48:15 dnsmasq-dhcp[598]: not giving name raspberrypi to the DHCP lease of 192.168.0.139 because the name exists in /etc/pihole/local.list with address 192.168.0.101

The only device with the name localhost should be the loopback address on the Pi, and this is specified at the top of the /etc/hosts file. What is the output of the following command from the Pi terminal:

cat /etc/hosts

pi@raspberrypi:~ $ cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.1.1 raspberrypi

Output of the following?

cat /etc/dhcpcd.conf

ip addr

From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of

nslookup pi.hole

nslookup pi.hole 192.168.0.101

From my PC:

There's something slightly odd with your IPv6 connectivity, but let's focus on seemingly no DNS queries reaching your Pi-hole first.

The previous nslookup commands have confirmed that Pi-hole is used as your DNS server, and it also shows that Pi-hole is answering DNS queries, as pi.hole is resolved to its correct IPv4 address.

  1. Now let's check if Pi-hole is blocking:
nslookup flurry.com
  1. And also what Google's DNS would return for this:
nslookup flurry.com 8.8.8.8
  1. And a known public filtering server:
nslookup flurry.com 80.241.218.68

Please post the output here, preferably in its textual form - it'll be easier to read and to reuse (by copy and paste). I'll help with the formatting if required.

And please check whether the first statement is showing up in your Pi-hole's Query Log - does it?

On my PC cmd: forst try didnt seem to work
No result in Query Log

C:\Users\fury>nslookup flurry.com
Server:  raspberrypi
Address:  192.168.0.101

DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
Name:    flurry.com
Addresses:  74.6.136.153
          98.136.103.26
          212.82.100.153


C:\Users\fury>nslookup flurry.com
Server:  raspberrypi
Address:  192.168.0.101

Non-authoritative answer:
Name:    flurry.com
Addresses:  212.82.100.153
          98.136.103.26
          74.6.136.153


C:\Users\fury>nslookup flurry.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    flurry.com
Addresses:  212.82.100.153
          74.6.136.153
          98.136.103.26


C:\Users\fury>nslookup flurry.com 80.241.218.68
Server:  dismail.de
Address:  80.241.218.68

Name:    flurry.com
Address:  0.0.0.0

Could be some other DNS daemon answering instead of the pihole-FTL daemon.
Who is answering when run below on the Win PC ?

nslookup -class=chaos -type=txt version.bind

And who is listening on ports used by Pi-hole if run below on Pi-hole ?

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '

C:\Users\fury>nslookup -class=chaos -type=txt version.bind
Server: raspberrypi
Address: 192.168.0.101

version.bind text =

    "dnsmasq-pi-hole-2.81"
 pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
 tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      518/lighttpd        
 tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      594/pihole-FTL      
 tcp        0      0 127.0.0.1:4711          0.0.0.0:*               LISTEN      594/pihole-FTL      
 tcp6       0      0 :::80                   :::*                    LISTEN      518/lighttpd        
 tcp6       0      0 :::53                   :::*                    LISTEN      594/pihole-FTL      
 tcp6       0      0 ::1:4711                :::*                    LISTEN      594/pihole-FTL      
 udp        0      0 0.0.0.0:53              0.0.0.0:*                           594/pihole-FTL      
 udp        0      0 0.0.0.0:67              0.0.0.0:*                           594/pihole-FTL      
 udp6       0      0 :::53                   :::*                                594/pihole-FTL

When you tail the logs live with below:

pihole -t

And at same time do a nslookup flurry.com. on the win PC (notice the dot at the end), what is shown in the logs ?

C:\>nslookup flurry.com.
Server:  ph5.dehakkelaar.nl
Address:  10.0.0.4

Name:    flurry.com
Addresses:  ::
          0.0.0.0

pi@ph5:~ $ pihole -t
[..]
13:55:52: query[A] flurry.com from 10.0.0.11
13:55:52: gravity blocked flurry.com is 0.0.0.0
13:55:52: query[AAAA] flurry.com from 10.0.0.11
13:55:52: gravity blocked flurry.com is ::

And what does below show ?

pihole -q -exact flurry.com

on PC:

C:\Users\fury>nslookup flurry.com.
Server: raspberrypi
Address: 192.168.0.101

Non-authoritative answer:
Name: flurry.com
Addresses: 74.6.136.153
212.82.100.153
98.136.103.26

on rpi4:

pi@raspberrypi:~ $ pihole -t

>   [i] Press Ctrl-C to exit
> 16:37:50: forwarded discourse-cdn.pi-hole.net to 1.1.1.1
> 16:37:50: forwarded discourse-cdn.pi-hole.net to 1.0.0.1
> 16:37:50: reply discourse-cdn.pi-hole.net is <CNAME>
> 16:37:50: reply piholediscourse.b-cdn.net is 89.187.190.167
> 16:38:06: query[A] scontent-vie1-1.xx.fbcdn.net from 192.168.0.151
> 16:38:06: forwarded scontent-vie1-1.xx.fbcdn.net to 1.0.0.1
> 16:38:06: query[A] scontent-vie1-1.xx.fbcdn.net from 192.168.0.151
> 16:38:06: forwarded scontent-vie1-1.xx.fbcdn.net to 1.1.1.1
> 16:38:06: forwarded scontent-vie1-1.xx.fbcdn.net to 1.0.0.1
> 16:38:06: reply scontent-vie1-1.xx.fbcdn.net is 31.13.84.4
> 16:38:31: query[A] content-autofill.googleapis.com from 192.168.0.151
> 16:38:31: forwarded content-autofill.googleapis.com to 1.1.1.1
> 16:38:31: reply content-autofill.googleapis.com is 216.58.214.234
> 16:38:49: query[A] clients4.google.com from 192.168.0.151
> 16:38:49: forwarded clients4.google.com to 1.1.1.1
> 16:38:49: reply clients4.google.com is <CNAME>
> 16:38:49: reply clients.l.google.com is 172.217.20.14
> 16:38:54: query[A] login.microsoftonline.com from 192.168.0.151
> 16:38:55: forwarded login.microsoftonline.com to 1.1.1.1
> 16:38:55: query[A] login.microsoftonline.com from 192.168.0.151
> 16:38:55: forwarded login.microsoftonline.com to 1.0.0.1
> 16:38:55: forwarded login.microsoftonline.com to 1.1.1.1
> 16:38:55: reply login.microsoftonline.com is <CNAME>
> 16:38:55: reply a.privatelink.msidentity.com is <CNAME>
> 16:38:55: reply prda.aadg.msidentity.com is <CNAME>
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 40.126.9.6
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.6
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 40.126.9.73
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.14
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.73
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 40.126.9.77
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.75
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.96
> 16:38:55: query[A] ocsp.msocsp.com from 192.168.0.151
> 16:38:55: forwarded ocsp.msocsp.com to 1.1.1.1
> 16:38:55: reply ocsp.msocsp.com is <CNAME>
> 16:38:55: reply hostedocsp.globalsign.com is <CNAME>
> 16:38:55: reply ocsp-cluster2.globalsign.cloud is 104.18.24.243
> 16:38:55: reply ocsp-cluster2.globalsign.cloud is 104.18.25.243
> 16:39:19: query[PTR] 101.0.168.192.in-addr.arpa from 192.168.0.151
> 16:39:19: /etc/pihole/local.list 192.168.0.101 is raspberrypi
> 16:39:19: query[A] flurry.com from 192.168.0.151
> 16:39:19: forwarded flurry.com to 1.1.1.1
> 16:39:19: reply flurry.com is 74.6.136.153
> 16:39:19: reply flurry.com is 212.82.100.153
> 16:39:19: reply flurry.com is 98.136.103.26
> 16:39:19: query[AAAA] flurry.com from 192.168.0.151
> 16:39:19: forwarded flurry.com to 1.1.1.1
> 16:39:19: reply flurry.com is NODATA-IPv6
> 16:39:23: query[A] ssl.gstatic.com from 192.168.0.151
> 16:39:23: forwarded ssl.gstatic.com to 1.1.1.1
> 16:39:23: reply ssl.gstatic.com is 172.217.19.99
> 16:39:29: query[A] bacon.secure.dyn.riotcdn.net from 192.168.0.151
> 16:39:29: forwarded bacon.secure.dyn.riotcdn.net to 1.1.1.1
> 16:39:29: reply bacon.secure.dyn.riotcdn.net is <CNAME>
> 16:39:29: reply scd.akacdn.riotgames.com.edgesuite.net is <CNAME>
> 16:39:29: reply a17.d.akamai.net is 104.85.249.104
> 16:39:29: reply a17.d.akamai.net is 104.85.249.99
> 16:40:16: query[A] wpad.lan from 192.168.0.151

16:40:16: cached wpad.lan is NXDOMAIN

last command:

pi@raspberrypi:~ $ pihole -q -exact flurry.com
Exact matches for flurry.com found in:

sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort | sed 's\:\ \' | column -t

?

Might want to redact some of the output!

redact what? i dont understand

 pi@raspberrypi:~ $ sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort | sed 's\:\ \' | column -t
 /etc/dnsmasq.conf                   conf-dir=/etc/dnsmasq.d
 /etc/dnsmasq.conf.old               conf-dir=/etc/dnsmasq.d
 /etc/dnsmasq.d/01-pihole.conf       addn-hosts=/etc/pihole/custom.list
 /etc/dnsmasq.d/01-pihole.conf       addn-hosts=/etc/pihole/local.list
 /etc/dnsmasq.d/01-pihole.conf       bogus-priv
 /etc/dnsmasq.d/01-pihole.conf       cache-size=10000
 /etc/dnsmasq.d/01-pihole.conf       dhcp-ignore-names=tag:hostname-ignore
 /etc/dnsmasq.d/01-pihole.conf       dhcp-name-match=set:hostname-ignore,localhost
 /etc/dnsmasq.d/01-pihole.conf       dhcp-name-match=set:hostname-ignore,wpad
 /etc/dnsmasq.d/01-pihole.conf       domain-needed
 /etc/dnsmasq.d/01-pihole.conf       interface=eth0
 /etc/dnsmasq.d/01-pihole.conf       localise-queries
 /etc/dnsmasq.d/01-pihole.conf       local-ttl=2
 /etc/dnsmasq.d/01-pihole.conf       log-async
 /etc/dnsmasq.d/01-pihole.conf       log-facility=/var/log/pihole.log
 /etc/dnsmasq.d/01-pihole.conf       log-queries
 /etc/dnsmasq.d/01-pihole.conf       no-resolv
 /etc/dnsmasq.d/01-pihole.conf       server=1.0.0.1
 /etc/dnsmasq.d/01-pihole.conf       server=1.1.1.1
 /etc/dnsmasq.d/01-pihole.conf       server=/use-application-dns.net/
 /etc/dnsmasq.d/02-pihole-dhcp.conf  dhcp-authoritative
 /etc/dnsmasq.d/02-pihole-dhcp.conf  dhcp-leasefile=/etc/pihole/dhcp.leases
 /etc/dnsmasq.d/02-pihole-dhcp.conf  dhcp-option=option:router,192.168.0.1
 /etc/dnsmasq.d/02-pihole-dhcp.conf  dhcp-range=192.168.0.105,192.168.0.200,24h
 /etc/dnsmasq.d/02-pihole-dhcp.conf  dhcp-rapid-commit
 /etc/dnsmasq.d/02-pihole-dhcp.conf  domain=lan

[quote="furythestunner, post:20, topic:33465"]

/etc/dnsmasq.d/01-pihole.conf dhcp-ignore-names=tag:hostname-ignore
/etc/dnsmasq.d/01-pihole.conf dhcp-name-match=set:hostname-ignore,localhost
/etc/dnsmasq.d/01-pihole.conf dhcp-name-match=set:hostname-ignore,wpad

Any idea where above three lines come from ?
Did you edit this /etc/dnsmasq.d/01-pihole.conf file manually ?
I dont have those three lines in my config.
Might be a feature that I dont know of :wink:
Is it in below file ?

cat /etc/pihole/setupVars.conf

If the output shows private domain names or maybe public IP addresses, its best to not publish here :wink:

I did not edit or add any files :slight_smile:

the file has this:

WEBPASSWORD= edited
BLOCKING_ENABLED=true
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.0.101/24
IPV6_ADDRESS=2a02:ab88:59ba:eb00:d48f:63f1:bbd6:ad23
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=1.1.1.1
PIHOLE_DNS_2=1.0.0.1
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false
DHCP_ACTIVE=true
DHCP_START=192.168.0.105
DHCP_END=192.168.0.200
DHCP_ROUTER=192.168.0.1
DHCP_LEASETIME=24
PIHOLE_DOMAIN=lan
DHCP_IPv6=false
DHCP_rapid_commit=true

I dont know what Pi-hole settings could trigger those three lines being added to the config.
Wait for someone who knows :wink:

What is the output of this command from the Pi terminal:

echo ">stats >quit" | nc localhost 4711