Request: Client Name

Mhhh... something seems wrong. The command doesn't initiate anything in the log and doesn't terminate - terminal is still executing.

But in the log I see periodic (1 minute) attempts to resolve client host names (but 20 custom DNS entries are set)

[2020-02-15 08:41:00.113 24651] 0 / 10 client host names resolved
[2020-02-15 08:41:00.113 24651] 0 / 1 upstream server host names resolved
[2020-02-15 08:41:22.943 24651] **** new UDP query[A] "www.google.com" from 10.0.30.254 (ID 15, FTL 8907, src/dnsmasq/forward.c:1571)
[2020-02-15 08:41:22.943 24651] www.google.com is known as not to be blocked
[2020-02-15 08:41:22.943 24651] **** got cache answer for www.google.com / 216.58.207.68 / <unknown> (ID 15, src/dnsmasq/rfc1035.c:1762)
[2020-02-15 08:41:22.944 24651] **** new UDP query[AAAA] "www.google.com" from 10.0.30.254 (ID 16, FTL 8908, src/dnsmasq/forward.c:1571)
[2020-02-15 08:41:22.944 24651] www.google.com is known as not to be blocked
[2020-02-15 08:41:22.944 24651] **** got cache answer for www.google.com / 2a00:1450:4001:825::2004 / <unknown> (ID 16, src/dnsmasq/rfc1035.c:1762)
[2020-02-15 08:41:40.129 24651] **** new UDP query[A] "beacons4.gvt2.com" from 10.0.1.136 (ID 17, FTL 8909, src/dnsmasq/forward.c:1571)
[2020-02-15 08:41:40.130 24651] beacons4.gvt2.com is not known
[2020-02-15 08:41:40.130 24651] Blocking beacons4.gvt2.com as domain is regex blacklisted
[2020-02-15 08:42:00.176 24651] 0 / 10 client host names resolved
[2020-02-15 08:42:00.176 24651] 0 / 1 upstream server host names resolved
[2020-02-15 08:42:01.991 24651] **** new UDP query[A] "clients4.google.com" from 10.0.1.136 (ID 19, FTL 8910, src/dnsmasq/forward.c:1571)
[2020-02-15 08:42:01.992 24651] clients4.google.com is not known
[2020-02-15 08:42:01.993 24651] **** forwarded clients4.google.com to 127.0.0.1 (ID 19, src/dnsmasq/forward.c:558)
[2020-02-15 08:42:02.122 24651] **** got DNSSEC details for clients4.google.com: 2 (ID 19, src/dnsmasq/forward.c:1254)
[2020-02-15 08:42:02.123 24651] clients4.google.com is known as not to be blocked
[2020-02-15 08:42:02.123 24651] CNAME clients4.google.com
[2020-02-15 08:42:02.123 24651] **** got reply clients4.google.com is (CNAME) (ID 19, src/dnsmasq/cache.c:487)
[2020-02-15 08:42:02.123 24651] clients.l.google.com is not known
[2020-02-15 08:42:02.123 24651] CNAME clients4.google.com ---> clients.l.google.com
[2020-02-15 08:42:02.124 24651] **** got reply clients.l.google.com is 216.58.208.46 (ID 19, src/dnsmasq/cache.c:487)
[2020-02-15 08:42:23.091 24651] **** new UDP query[A] "calendar.google.com" from 10.0.1.136 (ID 120, FTL 8911, src/dnsmasq/forward.c:1571)
[2020-02-15 08:42:23.091 24651] calendar.google.com is not known
[2020-02-15 08:42:23.092 24651] **** forwarded calendar.google.com to 127.0.0.1 (ID 120, src/dnsmasq/forward.c:558)
[2020-02-15 08:42:23.093 24651] **** got DNSSEC details for calendar.google.com: 2 (ID 120, src/dnsmasq/forward.c:1254)
[2020-02-15 08:42:23.093 24651] calendar.google.com is known as not to be blocked
[2020-02-15 08:42:23.093 24651] CNAME calendar.google.com
[2020-02-15 08:42:23.094 24651] **** got reply calendar.google.com is 172.217.18.110 (ID 120, src/dnsmasq/cache.c:487)
[2020-02-15 08:42:27.764 24651] **** new UDP query[A] "www.google.com" from 10.0.30.254 (ID 121, FTL 8912, src/dnsmasq/forward.c:1571)
[2020-02-15 08:42:27.764 24651] www.google.com is known as not to be blocked
[2020-02-15 08:42:27.765 24651] **** got cache answer for www.google.com / 216.58.207.68 / <unknown> (ID 121, src/dnsmasq/rfc1035.c:1762)
[2020-02-15 08:42:27.766 24651] **** new UDP query[AAAA] "www.google.com" from 10.0.30.254 (ID 122, FTL 8913, src/dnsmasq/forward.c:1571)
[2020-02-15 08:42:27.766 24651] www.google.com is known as not to be blocked
[2020-02-15 08:42:27.766 24651] **** got cache answer for www.google.com / 2a00:1450:4001:825::2004 / <unknown> (ID 122, src/dnsmasq/rfc1035.c:1762)
[2020-02-15 08:42:29.084 24651] **** new UDP query[A] "ssl.gstatic.com" from 10.0.1.136 (ID 123, FTL 8914, src/dnsmasq/forward.c:1571)
[2020-02-15 08:42:29.084 24651] ssl.gstatic.com is known as not to be blocked
[2020-02-15 08:42:29.084 24651] **** got cache answer for ssl.gstatic.com / 172.217.16.131 / <unknown> (ID 123, src/dnsmasq/rfc1035.c:1762)
[2020-02-15 08:42:40.129 24651] **** new UDP query[A] "beacons.gcp.gvt2.com" from 10.0.1.136 (ID 124, FTL 8915, src/dnsmasq/forward.c:1571)
[2020-02-15 08:42:40.130 24651] beacons.gcp.gvt2.com is not known
[2020-02-15 08:42:40.131 24651] Blocking beacons.gcp.gvt2.com as domain is regex blacklisted
[2020-02-15 08:43:00.241 24651] 0 / 10 client host names resolved
[2020-02-15 08:43:00.241 24651] 0 / 1 upstream server host names resolved

Make sure you have the right quotation marks. Sometimes copy-paste from this forum into the terminal creates "nice" quotation marks. The terminal usually doesn't understand them and acts up.

Bad: Screenshot from 2020-02-15 14-34-20

FTL does only try to resolve the hostnames for those clients it knows of to reduce the total number of lookups. It doesn't need to know the host names for devices that are not in any of its tables. If such a devices shows it, FTL will do the lookup when it needs the name.

It were the quotation marks....

[2020-02-15 20:47:07.603 18921] Blocking status is enabled
[2020-02-15 20:47:07.604 18921] *****************************
[2020-02-15 20:47:07.604 18921] * Debugging enabled *
[2020-02-15 20:47:07.604 18921] * DEBUG_DATABASE NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_NETWORKING NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_LOCKS NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_QUERIES YES *
[2020-02-15 20:47:07.604 18921] * DEBUG_FLAGS NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_SHMEM NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_GC NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_ARP NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_REGEX NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_API YES *
[2020-02-15 20:47:07.604 18921] * DEBUG_OVERTIME NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_EXTBLOCKED NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_CAPS NO *
[2020-02-15 20:47:07.604 18921] * DEBUG_DNSMASQ_LINES NO *
[2020-02-15 20:47:07.604 18921] *****************************
[2020-02-15 20:47:07.640 18921] Compiled 1 whitelist and 23 blacklist regex filters in 17.2 msec
[2020-02-15 20:47:22.158 18921] Received API request to re-resolve host names
[2020-02-15 20:47:22.198 18921] Resolver: 10.0.30.254 ---> "" (previously "")
[2020-02-15 20:47:22.236 18921] Resolver: 10.0.1.136 ---> "" (previously "")
[2020-02-15 20:47:22.274 18921] Resolver: 10.0.1.190 ---> "" (previously "")
[2020-02-15 20:47:22.312 18921] Resolver: 10.0.1.2 ---> "unifi" (previously "")
[2020-02-15 20:47:22.349 18921] Resolver: 10.0.1.215 ---> "" (previously "")
[2020-02-15 20:47:22.383 18921] Resolver: 10.0.1.64 ---> "" (previously "")
[2020-02-15 20:47:22.414 18921] Resolver: 10.0.1.1 ---> "_gateway" (previously "")
[2020-02-15 20:47:22.452 18921] Resolver: 10.0.1.4 ---> "access-point" (previously "")
[2020-02-15 20:47:22.452 18921] Resolver: 127.0.0.1 ---> "localhost" (previously "")
[2020-02-15 20:47:22.487 18921] Resolver: 10.0.1.5 ---> "nanopi" (previously "")
[2020-02-15 20:47:22.530 18921] Resolver: 10.0.40.3 ---> "" (previously "")
[2020-02-15 20:47:22.572 18921] Resolver: 10.0.1.84 ---> "" (previously "")
[2020-02-15 20:47:22.572 18921] 12 / 12 client host names resolved
[2020-02-15 20:47:22.572 18921] Resolver: 127.0.0.1 ---> "localhost" (previously "")
[2020-02-15 20:47:22.572 18921] 1 / 1 upstream server host names resolved
[2020-02-15 20:47:22.572 18921] Done re-resolving host names

Okay ... so what is the exact content of your /etc/pihole/custom.list?

10.0.1.2 cloudkey
10.0.30.254 chromecast-wohnzimmer
10.0.1.3 switch
10.0.1.4 access-point
10.0.1.6 omv
192.168.178.1 fritz.box
10.0.1.64 IPad
10.0.1.136 Thinkpad-LAN
10.0.1.182 Thinkpad-Wifi
10.0.1.190 Sony-XZ1-Compact
10.0.30.39 Chromecast-Schlafzimmer
10.0.1.84 Marie-Laptop
10.0.1.215 Marie-Windows-Phone
10.0.1.1 usg
10.0.40.1 wireguard_usg
10.0.40.2 wireguard_thinkpad
10.0.40.4 wireguard_ipad
10.0.40.3 wireguard_sony-xz-compact
10.0.40.5 wireguard_marie-laptop
10.0.1.35 Kerstin-Galaxy-S7

This doesn't line up, either.

How does your /etc/dnsmasq.d/01-pihole.conf look like?

# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
###############################################################################

addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list


localise-queries


no-resolv



cache-size=10000

log-queries
log-facility=/var/log/pihole.log

local-ttl=2

log-async
server=127.0.0.1#5353
domain-needed
bogus-priv
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

interface=eth0
server=/use-application-dns.net/

Is the no-resolv the problem?

I was using /etc/hosts before and had an entry with 10.0.1.2 unifi but deleted that entry and changes the name to cloudkey in 'Custom DNS'

So the list is apparently loaded.

No, this just means to not use the upstream servers specified in /etc/resolv.conf.

So you removed it but FTL still knows about it? This is very strange. Have you restarted your machine in between? If not, please try this and check again if the unifi comes up again.

Yes multiple times. Will try once again.

[2020-02-16 22:10:49.668 1125] Received API request to re-resolve host names
[2020-02-16 22:10:49.709 1125] Resolver: 10.0.1.136 ---> "" (previously "")
[2020-02-16 22:10:49.752 1125] Resolver: 10.0.30.254 ---> "" (previously "")
[2020-02-16 22:10:49.795 1125] Resolver: 10.0.1.2 ---> "unifi" (previously "")
[2020-02-16 22:10:49.826 1125] Resolver: 10.0.1.1 ---> "_gateway" (previously "")
[2020-02-16 22:10:49.862 1125] Resolver: 10.0.1.190 ---> "" (previously "")
[2020-02-16 22:10:49.904 1125] Resolver: 10.0.1.64 ---> "" (previously "")
[2020-02-16 22:10:49.948 1125] Resolver: 10.0.1.4 ---> "access-point" (previously "")
[2020-02-16 22:10:49.986 1125] Resolver: 10.0.1.6 ---> "omv" (previously "")
[2020-02-16 22:10:50.030 1125] Resolver: 10.0.1.215 ---> "" (previously "")
[2020-02-16 22:10:50.030 1125] 9 / 9 client host names resolved
[2020-02-16 22:10:50.030 1125] Resolver: 127.0.0.1 ---> "localhost" (previously "")
[2020-02-16 22:10:50.030 1125] 1 / 1 upstream server host names resolved
[2020-02-16 22:10:50.030 1125] Done re-resolving host names

I guess it knows about it, because it's the set hostname of the device itself - I can see it in the network overview.

Not sure if it has anything to do with your problem, but I would generally stay away from underscores in hostnames - may cause you grief somewhere, even if pihole has no issue with it Hostname - Wikipedia

Thanks for the hint. I changed all underscores to minus. Still not working.
The "_gateway" is set automatically by the device as I can see this hostname in the network overview. I set a custom DNS for it (without underscore).

Ah, right! FTL loads the hostname from the network table if it cannot find the name using other means (last resort option).

Any output for

dig -x 10.0.40.5
grep "custom.list" /var/log/pihole.log

?

Maybe a few seconds after

pihole restartdns

On the pihole itself

nanopi@nanopi:~$ dig -x 10.0.40.5 @127.0.0.1

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.0.40.5 @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17443
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.40.0.10.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
5.40.0.10.in-addr.arpa.	2	IN	PTR	wireguard-marie-laptop.

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 17 19:54:12 CET 2020
;; MSG SIZE  rcvd: 87

On a different pc

chrko@ThinkPad-X230:~$ dig -x 10.0.40.5

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> -x 10.0.40.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5089
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.40.0.10.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
5.40.0.10.in-addr.arpa.	2	IN	PTR	wireguard-marie-laptop.

;; Query time: 3 msec
;; SERVER: 10.0.1.5#53(10.0.1.5)
;; WHEN: Mon Feb 17 19:53:16 CET 2020
;; MSG SIZE  rcvd: 87

I replaced custom.conf (no results) with custom.list

Feb 17 19:53:16 dnsmasq[30844]: /etc/pihole/custom.list 10.0.40.5 is wireguard-marie-laptop
Feb 17 19:54:12 dnsmasq[30844]: /etc/pihole/custom.list 10.0.40.5 is wireguard-marie-laptop
Feb 17 19:55:46 dnsmasq[13050]: read /etc/pihole/custom.list - 20 addresses
Feb 17 19:55:49 dnsmasq[13111]: read /etc/pihole/custom.list - 20 addresses

The resolution is working - just not for the pihole web UI..

Anything other than 127.0.0.1 in below file ?

pi@noads:~ $ cat /etc/resolv.conf
nameserver 127.0.0.1
nanopi@nanopi:/$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 10.0.1.1

127.0.0.1 is missing...

Added 127.0.0.1 by hand and pihole restartdns solved it!

Huge thanks!

Wonder why it was missing/overwritten?

I typed up below already:

Temporarily change into:

# Generated by NetworkManager
#nameserver 8.8.8.8
#nameserver 10.0.1.1
nameserver 127.0.0.1

Restart FTL:

sudo service pihole-FTL restart

And check in the browser again.
If this shows correct hostnames, you need to configure DNS in network-manager to only use one DNS server 127.0.0.1 and not the others (8.8.8.8, 10.0.1.1).
The GUI uses the nameservers defined in resolv.conf to display names instead of IP's.

I dont think its solved as this resolv.conf file will probably change back to previous state after a reboot.
Try reboot and see if your changes survived ?
network-manager populates this resolv.conf file so need to look in NM and set only one DNS server 127.0.0.1