Hi,
I've been using pihole for a couple of years now with unbound and cloudflare without any issues. Recently after updating to pihole 6.XX I experienced the error " Retrieval of supported OS list failed. dig failed with return code 10.
Unable to determine if the detected OS (Debian 12) is supported"
PiHole is running on my raspberrypi 4B 4GB
I run a docker with Nginx Proxy Manager and pialert.
I also had installed NordVPN but disabled it as I thought this was the issue but this wasn't the case.
Let's take a look at the corresponding lines in your debug log:
*** [ DIAGNOSING ]: Operating system
[i] Distro: Debian
[i] Version: 12
[β] dig IPv4 return code: 9
[β] dig response: ;; communications error to 205.251.193.151#53: timed out
[i] Retrying via IPv6
[β] dig IPv6 return code: 9
[β] dig response: ;; communications error to 2600:9000:5301:9700::1#53: timed out
[β] Error: dig command failed - Unable to check OS
The OS check failed as communication with the public DNS server for pi-hole.net timed out.
I addition, Pi-hole's debug script also failed to retrieve DNS replies from public DNS servers:
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[β] adf.shinobi.jp is NOERROR on lo (127.0.0.1)
[β] adf.shinobi.jp is NOERROR on eth0 (192.168.1.137)
[β] adf.shinobi.jp is NOERROR on br-775f80ffb4cf (172.18.0.1)
[β] adf.shinobi.jp is NOERROR on docker0 (172.17.0.1)
[β] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)
*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[β] www.allegrolokalnie.pl-oferta7224283.cfd is NOERROR on lo (::1)
[β] www.allegrolokalnie.pl-oferta7224283.cfd is NOERROR on eth0 (2001:<redacted>e)
[β] www.allegrolokalnie.pl-oferta7224283.cfd is NOERROR on eth0 (fe80::d<redacted>4%eth0)
[β] www.allegrolokalnie.pl-oferta7224283.cfd is NOERROR on br-775f80ffb4cf (fe80::c<redacted>f%br-775f80ffb4cf)
[β] www.allegrolokalnie.pl-oferta7224283.cfd is NOERROR on docker0 (fe80::f<redacted>7%docker0)
[β] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)
This may suggest that something is blocking DNS requests to public DNS servers for the machine that runs your Pi-hole.
Would your router perhaps only allow specific DNS servers and/or protocols?
Furthermore, there are a few SERVFAIL replies from your upstreams:
Mar 6 00:00:08 dnsmasq[810]: query[AAAA] pool.ntp.org from 192.168.1.137
Mar 6 00:00:08 dnsmasq[810]: forwarded pool.ntp.org to 127.0.0.1#5335
Mar 6 00:00:08 dnsmasq[810]: forwarded pool.ntp.org to 127.0.0.1#5053
Mar 6 00:00:08 dnsmasq[810]: forwarded pool.ntp.org to 1.1.1.1
Mar 6 00:00:08 dnsmasq[810]: reply error is SERVFAIL
As unbound as well as dnscrypt require an accurate time, those SERVFAILs for pool.ntp.org (as required for a time-sync) may indicate that your time is off.
You should verify your Pi-hole machine's time and time zone settings.
Watching! Have exactly this issue. Does this happen to be a backup pihole and were you running gravity-sync? In my case I upgraded my primary first and it took some time before I upgraded the backup. I cannot get upbound to function on the backup. The primary works fine-ish.
Currently, I'm still troubleshooting. It started straight after upgrading to v6.
When I disable pihole I still encounter some weird dns issues with UDP. It might be my ISP, but I'm not sure yet. I'll update once I find something or need help. I even reinstalled Pihole fresh but still have the same issue.
Gravity Sync is retired as of July 24. Given Pihole V6 Changes its not going to be usable. I've seen some people talk about orbital-sync as a replacement.
Yes I am aware...thanks. I mention the timing of my upgrade because it was still running on the backup pi-hole for a bit after upgrading the primary, so could have borked something. It is uninstalled. I don't want to continue this conversation here.
When I use pure dnsmasq as standalone, most of my DNS requests will be resolved, but every now and then, the request gets a timeout / servfail with UDP.
Using dig with PiHole enabled I see most public DNS upstream work like Google (8.8.8.8 / 8.8.4.4) and Cloudflare (1.1.1.1 / 1.0.0.1)
NSlookup works most of the time using public DNS upstream but fails using PiHole with and without Unbound and Cloudflare (DoH).
On my ISP router I port fowarded 53 UDP/TCP but this didn't seems to work.
My PiHole is connected by a PoE switch striaght to my ISP router.
As already mentioned I have reinstalled PiHole but still experience the same issue with the OS check.
If anybody has any suggestions how to solve this It would be appreciated.
Ow btw as far as I checked the PiHoles machine time, time zone is running as it should and removed lighttpd just to be sure.
Mon Mar 10 11:15:19 CET 2025
Local time: Mon 2025-03-10 11:15:19 CET
Universal time: Mon 2025-03-10 10:15:19 UTC
RTC time: n/a
Time zone: Europe/Amsterdam (CET, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Your debug log shows that your Pi-hole is receiving traffic from public IP addresses.
This may have happened due to:
You are risking to run Pi-hole as an open resolver, posing a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
The Pi-hole team strongly discourages Pi-holeβs usage as an open resolver, and we won't provide support in that case.
Please close inbound port 53 on your router's firewall immediately.
EDIT: When done, please provide a fresh debug token.
Update
So I found out that my ISP is blocking UDP #53
When I use Unbound (127.0.0.1:5335) as its upstream resolver, forwarding to Cloudflare (1.1.1.1/1.0.0.1) with forward-tcp-upstream: yes, I was able to bypass my ISPβs UDP/53 block.
Client queries (e.g., nslookup google.com 192.168.1.137) and manual dig tests through Unbound (e.g., dig @127.0.0.1 -p 5335) resolve correctly now.
Issue I discovered
When using dig +short -t txt versions.pi-hole.net @ns1.pi-hole.net, results in:
;; communications error to 2600:9000:5301:9700::1#53: timed out
;; communications error to 2600:9000:5301:9700::1#53: timed out
;; communications error to 2600:9000:5301:9700::1#53: timed out
;; communications error to 205.251.193.151#53: timed out
;; no servers could be reached
I contacted my ISP they had some issues with disabling me from their CGNAT which got solved today hoping this solved the issue with my UDP #53 but that was not the case.
One more question I'm missing setupVars.conf in /etc/pihole/ after reinstallation of v6 could this be an issue?
Any help to solve this issue would be appreciated.