Please follow the below template, it will help us to help you!

Please ensure that you are running the latest version of the beta code.
Run pihole -up to update to the latest, then verify that the problem still exists before reporting it.

Problem with Beta 5.0:

pi@raspberrypi:~ $ pihole -up 
[i] Checking for updates... 
[i] Pi-hole Core: up to date 
[i] Web Interface: up to date 
[i] FTL: up to date 
[i] Warning: You are using FTL from a custom branch (release/v5.0) and might be missing future releases.
[✓] Everything is up to date! 

pi@raspberrypi:~ $ dig chaos txt version.bind +short "dnsmasq-2.78"

its saying everything is up to date but, I'm on an old dnsmasq.... how can I fix this

Debug Token:
https://tricorder.pi-hole.net/zyrlfui3td

What is the output of this command from the Pi terminal?

grep "version pi-hole-2" /var/log/pihole.log*

grep "version pi-hole-2" /var/log/pihole.log*
/var/log/pihole.log:Apr 14 01:13:31 dnsmasq[27239]: started, **version pi-hole-2** .81 cachesize 10000
/var/log/pihole.log.1:Apr 13 01:43:15 dnsmasq[846]: started, **version pi-hole-2** .80 cachesize 10000
/var/log/pihole.log.1:Apr 13 01:43:35 dnsmasq[1030]: started, **version pi-hole-2** .80 cachesize 10000
/var/log/pihole.log.1:Apr 13 03:26:36 dnsmasq[8764]: started, **version pi-hole-2** .81 cachesize 10000
/var/log/pihole.log.1:Apr 13 03:27:25 dnsmasq[9116]: started, **version pi-hole-2** .81 cachesize 10000

This is showing the correct version of dnsmasq running. One of the developers will have to weigh in with where the incorrect information is coming from.

I saw where they said that the latest is 2.81, this is running 2.78

How do you know which of the two is incorrect?

Your pihole.log shows that it was 2.80, then you updated and it became 2.81.

pi@raspberrypi:~ $ dig chaos txt version.bind +short "dnsmasq-2.78"

dig chaos txt version.bind +short @127.0.0.1

Check /etc/resolv.conf to see what resolver you query if you use the system default. We no longer force the Pi-hole node to use itself.

pi@raspberrypi : ~ $ dig chaos txt version.bind +short 127.0.0.1

"dnsmasq-pi-hole-2.81"
Perfect

I change 127.0.0.1 to my router ip in /etc/resolv.conf is that ok?

That is OK, assuming you want the Pi to use the router for DNS resolution. It appears that your router is running that version of dnsmasq that was reported.

why I switch the ip is if its the default, I can't do apt updates

That is unusual. Nothing on your Pi-hole should be blocking any domains that serve apt updates. Do you have any raspberrypi.org domains blocked?

pihole -q -adlist -all raspberrypi.org

Also, what is the output of this command from your Pi terminal, and does the reported time match your local clock time?

date

pi@raspberrypi : ~ $ pihole -q -adlist -all raspberrypi.org

[i] No results found for raspberrypi.org within the block lists
pi@raspberrypi : ~ $ date

Tue 14 Apr 02:31:09 BST 2020

date is wrong

An incorrect date/time will interfere with DNSSEC, which is enabled on your Pi-hole. The authentication algorithm depends on accurate time.

Set your time with this command - substitute the correct values. Also check your locale settings and ensure your time zone is correct.

timedatectl set-time '2015-11-20 16:14:50'

And, while I'm looking at your debug log, it appears you have a blocklist that is not leading to a working page:

https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624

leads to a 404 page.

ok will set time and delete that blocklist..... thanks so much for your help

apparently, there is at least one blocklist that blocks version.bind

pihole -q version.bind
 Match found in https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt:
   version.bind

In order for the version check to work, you need to whitelist version.bind, or you'll get something like:

dig chaos txt version.bind +short 127.0.0.1
;; Warning: Message parser reports malformed message packet.
0.0.0.0

At the risk of veering this thread off topic - if you subscribe to dodgy lists, you get dodgy results.

Whomever maintains that list has some misconceptions of how a domain blocker works, based on this opening statement:

my list hereby claims to remove more than 25% of all known malware sites with just a 2-digit amount of entries. This is mostly done by blocking top-level domains that have become devastatingly abused by spammers, usually because they allowed for free and uncontrolled domain registrations

A hosts based domain blocker won't block entire top-level domains - it only blocks a specific domain.

About a dozen entries with IP's, not domain names. If you have the IP, you won't be requesting the IP from a DNS server.

127.0.0.1 54.209.22.226

And, as you noted:

If you run a webserver of any sort, and you get incoming requests to resolve these domains, that's rarely a good sign for that requestor's intentions

127.0.0.1 version.bind

I mean ... oh boy. Thanks for letting us know. It is unbelievable how much crap content is out there...

I have, and probably many users , been using the firebog lists. Personally I use the Non-crossed lists (For when someone is usually around to whitelist falsely blocked sites).

image2371×536 76.4 KB

I wouldn't call firebog dodgy, it's just unfortunate that entry slipped into a list.