Expected Behaviour:
I have DHCP server running on Pi-Hole, network should have ad-blocking without manually entering DNS address
Actual Behaviour:
Cannot make Pi-Hole work at all.
Pi-Hole DNS: 192.168.0.101
I have disabled DHCP server on modem/router (device supplied by ISP), enabled DHCP server on Pi-Hole. I get the Pi-Hole DNS on all devices (PC/phone etc.) yet I get 0 queries,0 blocks on Query Log. Internet works fine on all devices
Pi-Hole:
PC ipconfig showing it has Pi-Hole DNS:
ISP Provided "router" settings:
There is no setting option on this device to set a static DNS address. Could this be the root of all my issues? DO I need to put another router between the modem and the rpi4?
Manually entering DNS on PC network setting doesnt work either
I have disabled wlan on rpi4, no changes
Debug Token:
https://tricorder.pi-hole.net/kzk27gmayz
jfb
May 27, 2020, 6:06pm
2
These errors appear in your debug log output of /var/log/pihole.log:
May 27 07:47:50 dnsmasq-dhcp[598]: not giving name raspberrypi to the DHCP lease of 192.168.0.139 because the name exists in /etc/hosts with address 127.0.1.1
May 27 07:47:50 dnsmasq-dhcp[598]: not giving name localhost to the DHCP lease of 192.168.0.132 because the name exists in /etc/hosts with address 127.0.0.1
May 27 07:47:57 dnsmasq-dhcp[598]: DHCP packet received on eth0 which has no address
May 27 07:48:15 dnsmasq-dhcp[598]: DHCPDISCOVER(eth0) c0:48:e6:4c:1b:08
May 27 07:48:15 dnsmasq-dhcp[598]: DHCPOFFER(eth0) 192.168.0.132 c0:48:e6:4c:1b:08
May 27 07:48:15 dnsmasq-dhcp[598]: DHCPREQUEST(eth0) 192.168.0.132 c0:48:e6:4c:1b:08
May 27 07:48:15 dnsmasq-dhcp[598]: DHCPACK(eth0) 192.168.0.132 c0:48:e6:4c:1b:08 Samsung
May 27 07:48:15 dnsmasq-dhcp[598]: not giving name raspberrypi to the DHCP lease of 192.168.0.139 because the name exists in /etc/pihole/local.list with address 192.168.0.101
The only device with the name localhost should be the loopback address on the Pi, and this is specified at the top of the /etc/hosts file. What is the output of the following command from the Pi terminal:
cat /etc/hosts
pi@raspberrypi:~ $ cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 raspberrypi
jfb
May 27, 2020, 6:45pm
6
From a client that you believe should be connected to the Pi-Hole for DNS, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of
nslookup pi.hole
nslookup pi.hole 192.168.0.101
There's something slightly odd with your IPv6 connectivity, but let's focus on seemingly no DNS queries reaching your Pi-hole first.
The previous nslookup
commands have confirmed that Pi-hole is used as your DNS server, and it also shows that Pi-hole is answering DNS queries, as pi.hole is resolved to its correct IPv4 address.
Now let's check if Pi-hole is blocking:
nslookup flurry.com
And also what Google's DNS would return for this:
nslookup flurry.com 8.8.8.8
And a known public filtering server:
nslookup flurry.com 80.241.218.68
Please post the output here, preferably in its textual form - it'll be easier to read and to reuse (by copy and paste). I'll help with the formatting if required.
And please check whether the first statement is showing up in your Pi-hole's Query Log - does it?
On my PC cmd: forst try didnt seem to work
No result in Query Log
C:\Users\fury>nslookup flurry.com
Server: raspberrypi
Address: 192.168.0.101
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: flurry.com
Addresses: 74.6.136.153
98.136.103.26
212.82.100.153
C:\Users\fury>nslookup flurry.com
Server: raspberrypi
Address: 192.168.0.101
Non-authoritative answer:
Name: flurry.com
Addresses: 212.82.100.153
98.136.103.26
74.6.136.153
C:\Users\fury>nslookup flurry.com 8.8.8.8
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: flurry.com
Addresses: 212.82.100.153
74.6.136.153
98.136.103.26
C:\Users\fury>nslookup flurry.com 80.241.218.68
Server: dismail.de
Address: 80.241.218.68
Name: flurry.com
Address: 0.0.0.0
Could be some other DNS daemon answering instead of the pihole-FTL
daemon.
Who is answering when run below on the Win PC ?
nslookup -class=chaos -type=txt version.bind
And who is listening on ports used by Pi-hole if run below on Pi-hole ?
sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
C:\Users\fury>nslookup -class=chaos -type=txt version.bind
Server: raspberrypi
Address: 192.168.0.101
version.bind text =
"dnsmasq-pi-hole-2.81"
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:547 \|:471[1-8] '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 518/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 594/pihole-FTL
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 594/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 518/lighttpd
tcp6 0 0 :::53 :::* LISTEN 594/pihole-FTL
tcp6 0 0 ::1:4711 :::* LISTEN 594/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 594/pihole-FTL
udp 0 0 0.0.0.0:67 0.0.0.0:* 594/pihole-FTL
udp6 0 0 :::53 :::* 594/pihole-FTL
When you tail the logs live with below:
pihole -t
And at same time do a nslookup flurry.com.
on the win PC (notice the dot at the end), what is shown in the logs ?
C:\>nslookup flurry.com.
Server: ph5.dehakkelaar.nl
Address: 10.0.0.4
Name: flurry.com
Addresses: ::
0.0.0.0
pi@ph5:~ $ pihole -t
[..]
13:55:52: query[A] flurry.com from 10.0.0.11
13:55:52: gravity blocked flurry.com is 0.0.0.0
13:55:52: query[AAAA] flurry.com from 10.0.0.11
13:55:52: gravity blocked flurry.com is ::
And what does below show ?
pihole -q -exact flurry.com
on PC:
C:\Users\fury>nslookup flurry.com.
Server: raspberrypi
Address: 192.168.0.101
Non-authoritative answer:
Name: flurry.com
Addresses: 74.6.136.153
212.82.100.153
98.136.103.26
on rpi4:
pi@raspberrypi:~ $ pihole -t
> [i] Press Ctrl-C to exit
> 16:37:50: forwarded discourse-cdn.pi-hole.net to 1.1.1.1
> 16:37:50: forwarded discourse-cdn.pi-hole.net to 1.0.0.1
> 16:37:50: reply discourse-cdn.pi-hole.net is <CNAME>
> 16:37:50: reply piholediscourse.b-cdn.net is 89.187.190.167
> 16:38:06: query[A] scontent-vie1-1.xx.fbcdn.net from 192.168.0.151
> 16:38:06: forwarded scontent-vie1-1.xx.fbcdn.net to 1.0.0.1
> 16:38:06: query[A] scontent-vie1-1.xx.fbcdn.net from 192.168.0.151
> 16:38:06: forwarded scontent-vie1-1.xx.fbcdn.net to 1.1.1.1
> 16:38:06: forwarded scontent-vie1-1.xx.fbcdn.net to 1.0.0.1
> 16:38:06: reply scontent-vie1-1.xx.fbcdn.net is 31.13.84.4
> 16:38:31: query[A] content-autofill.googleapis.com from 192.168.0.151
> 16:38:31: forwarded content-autofill.googleapis.com to 1.1.1.1
> 16:38:31: reply content-autofill.googleapis.com is 216.58.214.234
> 16:38:49: query[A] clients4.google.com from 192.168.0.151
> 16:38:49: forwarded clients4.google.com to 1.1.1.1
> 16:38:49: reply clients4.google.com is <CNAME>
> 16:38:49: reply clients.l.google.com is 172.217.20.14
> 16:38:54: query[A] login.microsoftonline.com from 192.168.0.151
> 16:38:55: forwarded login.microsoftonline.com to 1.1.1.1
> 16:38:55: query[A] login.microsoftonline.com from 192.168.0.151
> 16:38:55: forwarded login.microsoftonline.com to 1.0.0.1
> 16:38:55: forwarded login.microsoftonline.com to 1.1.1.1
> 16:38:55: reply login.microsoftonline.com is <CNAME>
> 16:38:55: reply a.privatelink.msidentity.com is <CNAME>
> 16:38:55: reply prda.aadg.msidentity.com is <CNAME>
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 40.126.9.6
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.6
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 40.126.9.73
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.14
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.73
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 40.126.9.77
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.75
> 16:38:55: reply www.tm.a.prd.aadg.akadns.net is 20.190.137.96
> 16:38:55: query[A] ocsp.msocsp.com from 192.168.0.151
> 16:38:55: forwarded ocsp.msocsp.com to 1.1.1.1
> 16:38:55: reply ocsp.msocsp.com is <CNAME>
> 16:38:55: reply hostedocsp.globalsign.com is <CNAME>
> 16:38:55: reply ocsp-cluster2.globalsign.cloud is 104.18.24.243
> 16:38:55: reply ocsp-cluster2.globalsign.cloud is 104.18.25.243
> 16:39:19: query[PTR] 101.0.168.192.in-addr.arpa from 192.168.0.151
> 16:39:19: /etc/pihole/local.list 192.168.0.101 is raspberrypi
> 16:39:19: query[A] flurry.com from 192.168.0.151
> 16:39:19: forwarded flurry.com to 1.1.1.1
> 16:39:19: reply flurry.com is 74.6.136.153
> 16:39:19: reply flurry.com is 212.82.100.153
> 16:39:19: reply flurry.com is 98.136.103.26
> 16:39:19: query[AAAA] flurry.com from 192.168.0.151
> 16:39:19: forwarded flurry.com to 1.1.1.1
> 16:39:19: reply flurry.com is NODATA-IPv6
> 16:39:23: query[A] ssl.gstatic.com from 192.168.0.151
> 16:39:23: forwarded ssl.gstatic.com to 1.1.1.1
> 16:39:23: reply ssl.gstatic.com is 172.217.19.99
> 16:39:29: query[A] bacon.secure.dyn.riotcdn.net from 192.168.0.151
> 16:39:29: forwarded bacon.secure.dyn.riotcdn.net to 1.1.1.1
> 16:39:29: reply bacon.secure.dyn.riotcdn.net is <CNAME>
> 16:39:29: reply scd.akacdn.riotgames.com.edgesuite.net is <CNAME>
> 16:39:29: reply a17.d.akamai.net is 104.85.249.104
> 16:39:29: reply a17.d.akamai.net is 104.85.249.99
> 16:40:16: query[A] wpad.lan from 192.168.0.151
16:40:16: cached wpad.lan is NXDOMAIN
last command:
pi@raspberrypi:~ $ pihole -q -exact flurry.com
Exact matches for flurry.com found in:
sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort | sed 's\:\ \' | column -t
?
Might want to redact some of the output!
redact what? i dont understand
pi@raspberrypi:~ $ sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.* | sort | sed 's\:\ \' | column -t
/etc/dnsmasq.conf conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf addn-hosts=/etc/pihole/custom.list
/etc/dnsmasq.d/01-pihole.conf addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf bogus-priv
/etc/dnsmasq.d/01-pihole.conf cache-size=10000
/etc/dnsmasq.d/01-pihole.conf dhcp-ignore-names=tag:hostname-ignore
/etc/dnsmasq.d/01-pihole.conf dhcp-name-match=set:hostname-ignore,localhost
/etc/dnsmasq.d/01-pihole.conf dhcp-name-match=set:hostname-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf domain-needed
/etc/dnsmasq.d/01-pihole.conf interface=eth0
/etc/dnsmasq.d/01-pihole.conf localise-queries
/etc/dnsmasq.d/01-pihole.conf local-ttl=2
/etc/dnsmasq.d/01-pihole.conf log-async
/etc/dnsmasq.d/01-pihole.conf log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf log-queries
/etc/dnsmasq.d/01-pihole.conf no-resolv
/etc/dnsmasq.d/01-pihole.conf server=1.0.0.1
/etc/dnsmasq.d/01-pihole.conf server=1.1.1.1
/etc/dnsmasq.d/01-pihole.conf server=/use-application-dns.net/
/etc/dnsmasq.d/02-pihole-dhcp.conf dhcp-authoritative
/etc/dnsmasq.d/02-pihole-dhcp.conf dhcp-leasefile=/etc/pihole/dhcp.leases
/etc/dnsmasq.d/02-pihole-dhcp.conf dhcp-option=option:router,192.168.0.1
/etc/dnsmasq.d/02-pihole-dhcp.conf dhcp-range=192.168.0.105,192.168.0.200,24h
/etc/dnsmasq.d/02-pihole-dhcp.conf dhcp-rapid-commit
/etc/dnsmasq.d/02-pihole-dhcp.conf domain=lan
[quote="furythestunner, post:20, topic:33465"]
/etc/dnsmasq.d/01-pihole.conf dhcp-ignore-names=tag:hostname-ignore
/etc/dnsmasq.d/01-pihole.conf dhcp-name-match=set:hostname-ignore,localhost
/etc/dnsmasq.d/01-pihole.conf dhcp-name-match=set:hostname-ignore,wpad
Any idea where above three lines come from ?
Did you edit this /etc/dnsmasq.d/01-pihole.conf
file manually ?
I dont have those three lines in my config.
Might be a feature that I dont know of
Is it in below file ?
cat /etc/pihole/setupVars.conf
furythestunner:
redact what?
If the output shows private domain names or maybe public IP addresses, its best to not publish here
I did not edit or add any files
the file has this:
WEBPASSWORD= edited
BLOCKING_ENABLED=true
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.0.101/24
IPV6_ADDRESS=2a02:ab88:59ba:eb00:d48f:63f1:bbd6:ad23
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=1.1.1.1
PIHOLE_DNS_2=1.0.0.1
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false
DHCP_ACTIVE=true
DHCP_START=192.168.0.105
DHCP_END=192.168.0.200
DHCP_ROUTER=192.168.0.1
DHCP_LEASETIME=24
PIHOLE_DOMAIN=lan
DHCP_IPv6=false
DHCP_rapid_commit=true
I dont know what Pi-hole settings could trigger those three lines being added to the config.
Wait for someone who knows
jfb
May 29, 2020, 3:13pm
25
What is the output of this command from the Pi terminal:
echo ">stats >quit" | nc localhost 4711