Question about DNS


#1

When I use Settings DNS upstream DNS Server and change them to i.e. OpenDNS and save this settings, I get a confirmation about 1 DNS.

If I open it again, the page shows Google again.

Can I not change it?
Does the page not show the current settings?

What is wrong with my pi hole…


#2

The DNS server choice is saved in file /etc/pihole/setupVars.conf

Copy the contents of that file to another file (text editor perhaps), and see which DNS servers are in use.

Then make the changes on the web GUI, and reopen the setupVars.conf file and see if the file has changed. If the changes were not made, that’s one problem. If the changes were made in the file, but not shown on the web interface, that is likely a different problem.


#3

Owner & group of /etc/pihole/setupVars.conf has to be

root root

and the permissions

-rw-r–r--

(this is 644)


#4

On a properly configured install, this will show as follows (size and date will vary):

ls -l /etc/pihole/setupVars.conf
-rw-r--r-- 1 root root 598 Feb  3 22:44 /etc/pihole/setupVars.conf

#5

I have made a backup of the mentioned conf file, and changed the DNS to a custom 1 setting.
Press „save“ confirms, changed to 1 DNS.

The file shows no change:
GNU nano 2.2.6 Datei: /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.0.20/24
IPV6_ADDRESS=
PIHOLE_DNS_1=8.8.8.8
PIHOLE_DNS_2=8.8.4.4
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
BLOCKING_ENABLED=true

The rights are in my opinion ok:
ls -l /etc/pihole/setupVars.conf
-rw-r–r-- 1 root root 298 Feb 12 15:18 /etc/pihole/setupVars.conf


#6

After you entered your custom server and before you press Save, can you make and upload a screenshot of the DNS tab?


#7

Here are screen shots of that what I did:


#8

Please look at the numbers of the screen shot names, that is the order how I did it (1-4)


#9

And what is the output of

ll /etc/dnsmasq.d/01-pihole.conf


#10

Pi-hole: A black hole for Internet advertisements

© 2017 Pi-hole, LLC (https://pi-hole.net)

Network-wide ad blocking via your own hardware.

Dnsmasq config for Pi-hole’s FTLDNS

This file is copyright under the latest version of the EUPL.

Please see LICENSE file for your rights under this license.

###############################################################################
#FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.#

ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE

#IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:#
#/etc/pihole/setupVars.conf#

#ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE#
#WITHIN /etc/dnsmasq.d/yourname.conf#
###############################################################################

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list

localise-queries

no-resolv

cache-size=10000

log-queries
log-facility=/var/log/pihole.log

local-ttl=2

log-async

If a DHCP client claims that its name is “wpad”, ignore that.

This fixes a security hole. see CERT Vulnerability VU#598349

dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
server=8.8.8.8
server=8.8.4.4
interface=eth0


#11

Not the content, but a

ll /etc/dnsmasq.d/01-pihole.conf


#12

Your custom DNS needs to have a port appended to the end, if I recall. Add #53 at the end of your custom DNS.


#13

Ok, but where?
In the menue?
In the conf file?


#14

Thought about it too, but then had the expectation that

  • #53 as default port is not needed
  • a port is added automatically if not entered by the user
  • there is a message if a port is necessary but not entered by the user

#15

Set

192.168.0.1#53

as your Custom 1 (IPv4) server on the DNS tab in the web interface.


#16

I might be wrong here, haven’t tested it and going from memory only. By changing it, this rules out one potential problem.


#17

Run pihole -d for a debug token. You may have an issue somewhere else (such as lighttpd not having permission to run pihole commands).


#18


[✓] Your debug token is: 7rhl8q2wmd




#19

What is the output of this command?

sudo service lighttpd status -l

#20

ralf@ntp_server_1 ~ $ sudo service lighttpd status -l
[sudo] password for ralf:
● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled)
Active: active (running) since Mi 2019-02-13 20:14:42 CET; 1 day 14h ago
Process: 604 ExecStartPre=/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
Main PID: 752 (lighttpd)
CGroup: /system.slice/lighttpd.service
├─752 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf
├─770 /usr/bin/php-cgi
├─774 /usr/bin/php-cgi
├─775 /usr/bin/php-cgi
├─776 /usr/bin/php-cgi
└─777 /usr/bin/php-cgi

Feb 15 06:44:39 ntp_server_1 lighttpd[752]: sudo: no tty present and no askpass program specified
Feb 15 06:44:39 ntp_server_1 lighttpd[752]: We trust you have received the usual lecture from the local System
Feb 15 06:44:39 ntp_server_1 lighttpd[752]: Administrator. It usually boils down to these three things:
Feb 15 06:44:39 ntp_server_1 lighttpd[752]: #1) Respect the privacy of others.
Feb 15 06:44:39 ntp_server_1 lighttpd[752]: #2) Think before you type.
Feb 15 06:44:39 ntp_server_1 lighttpd[752]: #3) With great power comes great responsibility.
Feb 15 06:44:39 ntp_server_1 sudo[1611]: pam_unix(sudo:auth): conversation failed
Feb 15 06:44:39 ntp_server_1 sudo[1611]: pam_unix(sudo:auth): auth could not identify password for [www-data]
Feb 15 06:44:39 ntp_server_1 lighttpd[752]: sudo: no tty present and no askpass program specified
Feb 15 06:44:40 ntp_server_1 sudo[1611]: www-data : user NOT in sudoers ; TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pih… no-dnssec
Hint: Some lines were ellipsized, use -l to show in full.