Reverse lookup of client ips

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

I'd like the dashboard and etc., to show client DNS names, via reverse lookup.

Actual Behaviour:

But I'm actually seeing just ip addresses.

Clients via Win Server DHCP are told pihole.agpllc.local is the DNS server. athena.agpllc.local is the Win Server, and has the reverse entries. If I do a reverse lookup via pihole, it works right (below), but /etc/resolv.conf has just the Google DNS entries 8.8.8.8 8.8.4.4, and that yields NXDOMAIN (below).

Perhaps this is a misconfiguration on my part? Something I need to do? BTW, I'm not entirely sure I had the dnsmasq.d file set right to begin with, but it is now (below)

reverse lookup via pihole

[root@pihole log]# nslookup
> server pihole.agpllc.local
Default server: pihole.agpllc.local
Address: fe80::20c:29ff:fefc:d662#53
Default server: pihole.agpllc.local
Address: 192.168.55.34#53
> 192.168.55.1
Server:         pihole.agpllc.local
Address:        fe80::20c:29ff:fefc:d662#53

1.55.168.192.in-addr.arpa       name = athena.agpllc.local.

Reverse lookup via default resolver

[root@pihole log]# nslookup
> 192.168.55.1
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find 1.55.168.192.in-addr.arpa.: NXDOMAIN
>

/etc/dnsmasq.d/06-activedirectory.conf:

[root@pihole dnsmasq.d]# cat 06-activedirectory.conf
## Point to Athena for .agpllc.local addresses
## amg 2018 06 29
server=/agpllc.local/192.168.55.1
server=/55.168.192.in-addr.arpa/192.168.55.1

Debug Token:

Your debug token is: r7oi3e3pcf

4

in the pihole webgui under setting and DNS look at the 5 options conditional forwarding and p[otentially the other options there should resolve this issue.

5

Set the Pi-hole's /etc/resolv.conf to 127.0.0.1 so it uses its own DNS server.

6

I can't find a way for NetworkManager to stop rewriting resolv.conf. Centos 7, btw.

7

in the pihole webgui under setting and DNS look at the 5 options conditional forwarding and p[otentially the other options there should resolve this issue.

Yea, nope. Unticking both boxes yields no difference.

8

According to this, modify the ifcfg- file for you interface and set it to use localhost for DNS:

9

Yea, I found that.

  1. It doesn't work, even removing the DNS1 and DNS2 entries from ifcfg-eth0 doesn't stop NetworkManager from overwriting (it puts a 'search ' line in resolv.conf even if it isn't putting nameserver lines in).

  2. Nevermind that, if I manually edit resolv.conf and then verify that nslookup is pulling from the right nameserver, I still can't see reverse-lookedup names in the dashboard or in reports... do I need to refresh something, or delete logs, or something?

    [root@pihole network-scripts]# cat /etc/resolv.conf
    nameserver 127.0.0.1
    [root@pihole network-scripts]# nslookup

    192.168.55.1
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    Non-authoritative answer:
    1.55.168.192.in-addr.arpa name = athena.agpllc.local.

    Authoritative answers can be found from:

    exit

    [root@pihole network-scripts]#

10

That is a NetworkManager issue then. Did you see the first comment from the link I gave you?

If you are using localhost for the Pi's DNS, and it resolves reverse lookups like you have shown when you manually changed the resolver, then when FTL re-resolves the hostnames of the clients they will be correct (they are cached to prevent spamming of reverse lookup queries).

1 Like
11

Yea, I saw. NetworkManager is expletive screwy (see below). But it doesn't matter, I can fight that battle separately.

It works now

I've managed to get NM to create a resolv.conf that looks like this:

[root@pihole network-scripts]# cat /etc/resolv.conf
# Generated by NetworkManager
search agpllc.local
nameserver 127.0.0.1
[root@pihole network-scripts]#

So now it looks like the dashboard is getting populated with dns names. Is there a way to force FTL to re-resolve?

NetworkManager Stinks - edit, it only stinks if you forget to restart it

resolv.conf started looking like this:

[root@pihole NetworkManager]# cat /etc/resolv.conf
# Generated by NetworkManager
search agpllc.local
nameserver 8.8.8.8
nameserver 8.8.4.4

The link above says just remove the "DNS1" and "DNS2" entries from NetworkManager.conf. If I do that, I end up with resolv.conf without the nameserver lines, but still gets rewritten by NM:

[root@pihole NetworkManager]# cat /etc/resolv.conf
# Generated by NetworkManager
search agpllc.local

I couldn't figure out where the 'search' line was configured. Also, the NM documentations seem to say that if you put

[main]
dns=none
rc-manager=none

in NetworkManager.conf that'll cause it to leave resolv.conf alone. Apparently that's not true, or something. EDIT: Need to 'service NetworkManager restart' after modifying NetworkManager.conf (duh). Now it leaves resolv.conf alone.

I was able to get resolv.conf looking kinda like I wanted by editing the ifcfg- file with

DNS1=127.0.0.1

Which may be a bit of a hack, but it seems to be working now.

Thanks for the help.

12

Run echo ">reresolve" | nc localhost 4711 to re-resolve hostnames

13 
[root@pihole network-scripts]# echo ">reresolve" | nc localhost 4711
unknown command: >reresolve

---EOM---
14

It looks like that command is only available on FTLDNS and newer, so you will just have to either restart FTL or wait:

sudo service pihole-FTL restart
15

Ok, but interesting.

[root@pihole pihole]# service pihole-FTL restart
.
Stopped

rm: cannot remove '/var/run/pihole/FTL.sock': No such file or directory
FTL started!
16

That is somewhat expected (that socket file may not exist)

17

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.