Struggling with pihole-FTL

Yes running dnsmasq as a temporary measure is intended, at the moment pihole-FTP refuses to bind the port and provides no nameservice. As the pi concerned is now the target for the DNS requests for my network, that behavior kills DNS network wide. So not a configuration I can live with for any significant period.

If you have access to a Pi to test on, the config is fairly simple.

I'm insmod'ing the dummy module:

netadmin@namepi:/etc/modprobe.d $ ls
blacklist-rtl8192cu.conf  dummy.conf  raspi-blacklist.conf
blacklist-rtl8xxxu.conf   ipv6.conf
netadmin@namepi:/etc/modprobe.d $ cat dummy.conf 
options dummy numdummies=2
netadmin@namepi:/etc/modprobe.d $
netadmin@namepi:/etc/modules-load.d $ ls
dummy.conf  modules.conf
netadmin@namepi:/etc/modules-load.d $ cat dummy.conf 
dummy
netadmin@namepi:/etc/modules-load.d $

That gives me two dummy interfaces.
Config files for systemd-network

netadmin@namepi:/etc/systemd/network $ ls
80-dhcp.network  90-loop0.network  91-loop1.network  99-default.link
netadmin@namepi:
netadmin@namepi:/etc/systemd/network $ cat 90-loop0.network 
[Match]
Name=dummy0

[Network]
Description="nsd loopback"
DHCP=false
LLDP=false
LinkLocalAddressing=no
IPv6AcceptRA=no
Address=192.168.55.1/30

netadmin@namepi:/etc/systemd/network $ cat 91-loop1.network 
[Match]
Name=dummy1

[Network]
Description="unbound loopback"
DHCP=false
LLDP=false
LinkLocalAddressing=no
IPv6AcceptRA=no
Address=192.168.55.9/30

netadmin@namepi

unbound configuration:

netadmin@namepi:/etc/unbound/unbound.conf.d $ ls
namepi-unbound.conf       qname-minimisation.conf
namepi-unbound.conf.save  root-auto-trust-anchor-file.conf
netadmin@namepi:/etc/unbound/unbound.conf.d $ cat namepi-unbound.conf
directory: "/etc/unbound"
username: unbound
logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
pidfile: "/etc/unbound/unbound.pid"
verbosity: 1      # uncomment and increase to get more logging.
#listen on specific interface
interface: 192.168.55.9
#answer queries from the all private addreses and local subnet.
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 192.168.0.0/16 allow
#also answer queries from the shoka.net address range.
access-control: 81.174.227.96/29 allow
#use ipv4 only
do-ip4: yes
do-ip6: no
#use udp and tcp
do-udp: yes
do-tcp: yes

netadmin@namepi

NSD config:

netadmin@namepi:/etc/nsd $ ls
local.shoka.net.zone         nsd.conf.d       nsd_server.key
local.shoka.net.zone.backup  nsd_control.key  nsd_server.pem
nsd.conf                     nsd_control.pem  test.zone


#
# The following line includes additional configuration files from the
# /etc/nsd/nsd.conf.d directory.

# WARNING: The glob style doesn't work yet...

# HJM additions for locally accessible authoratitive server

server:
ip-address: 192.168.55.1
ip-transparent: yes
ip-freebind: yes
do-ip4: yes
do-ip6: no
server-count: 1
port: 53
username: nsd

zone:
	name: local.shoka.net
	zonefile: /etc/nsd/local.shoka.net.zone

include: "/etc/nsd/nsd.conf.d/*.conf"
netadmin@namepi:

The config points the dnsmasq/pihole-FTL to the unbound port as the upstream nameserver.
On the internet shoka.net is hosted by UK2.

That DNS config on UK2 includes ns.local.shoka.net that resolves to the local address of the NSD instance, so unbound recurses unto the NSD address. As long as you are local to that address that should work for testing for you as well, assuming you use the same ip addresses for the loopbacks.

You need a static route on your local network, to the 192.168.55.0/26 network, nexthop the real ip of the testing pi, to make that network accessible from the local net. I have local.shoka.net set as domain, and from clients on the network the can resolve the names in that zone directly.

To test that vou need a suitable zone file:

netadmin@namepi:/etc/nsd $ cat local.shoka.net.zone
$ORIGIN local.shoka.net.
$TTL 1h
local.shoka.net.	IN	SOA	ns.local.shoka.net. harry.shoka.net. ( 2007120710 1d 2h 4w 1h )
local.shoka.net. 	IN	NS	ns
ns			IN	A	192.168.55.1
routepi		 	IN	A	172.25.25.148
timepi	 		IN	A	172.25.25.147
namepi	 		IN	A	172.25.25.146

Think that's all you need.

I'm going to try and build a V2.8 dnsmasq from source, and try that, to see if the issue is from dnsmasq upstream, or the conversion to pihole-FTL. I have a query out on the dnsmasq mailing list for hints on any issues they know of.

Try put listener IP's on one line eg:

pi@noads:~ $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::2113:xxx:xxx:5fb/64 scope link
       valid_lft forever preferred_lft forever

pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-interfaces
listen-address=127.0.0.1,::1,10.0.0.2,fe80::2113:xxx:xxx:5fb

pi@noads:~ $ sudo service pihole-FTL restart
pi@noads:~ $

pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      30570/pihole-FTL
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      30570/pihole-FTL
tcp6       0      0 ::1:53                  :::*                    LISTEN      30570/pihole-FTL
tcp6       0      0 fe80::2113:xxxx:xxxx:53 :::*                    LISTEN      30570/pihole-FTL
udp        0      0 127.0.0.1:53            0.0.0.0:*                           30570/pihole-FTL
udp        0      0 10.0.0.2:53             0.0.0.0:*                           30570/pihole-FTL
udp6       0      0 ::1:53                  :::*                                30570/pihole-FTL
udp6       0      0 fe80::2113:xxxx:xxxx:53 :::*                                30570/pihole-FTL

Try set below in Pi-hole settings:

image

That will change directive interface=XXX into except-interface=nonexisting in the file /etc/dnsmasq.d/01-pihole.conf.
That way you can add interface directive to your own config file eg:

pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-interfaces
listen-address=127.0.0.1,::1,10.0.0.2,fe80::2113:xxx:xxx:5fb
interface=dummy0

The systemctl command is specifically for the systemd init system.
The service command/wrapper can cope with three different init systems, system-v, systemd and Upstart.
So to play safe when you dont know your init, better use service :wink:

pi@noads:~ $ man service
[..]
DESCRIPTION
       service runs a System V init script, systemd unit, or upstart job
       in as predictable an environment as possible, removing most envi‐
       ronment  variables  and with the current working directory set to
       /.

       The SCRIPT parameter specifies a System V init script, located in
       /etc/init.d/SCRIPT, or the name of a systemd unit, or the name of
       an upstart job in /etc/init. The existence of a systemd  unit  or
       upstart  job  of  the  same  name as a script in /etc/init.d will
       cause the unit/job to take precedence  over  the  init.d  script.
       The  supported  values  of  COMMAND depend on the invoked script.
       service passes COMMAND and OPTIONS to the init script unmodified.
       For  systemd  units  or  upstart  jobs,  start, stop, status, and
       reload are passed through to their systemctl/initctl equivalents.
       For  upstart  jobs,  restart will call the upstart 'stop' for the
       job, followed immediately by the 'start', and will exit with  the
       return code of the start command.

       All  scripts should support at least the start and stop commands.
       As a special case, if COMMAND is --full-restart,  the  script  is
       run  twice, first with the stop command, then with the start com‐
       mand. This option has no effect on upstart jobs.

       service --status-all  runs  all  init  scripts,  in  alphabetical
       order,  with the status command.  The status is [ + ] for running
       services, [ - ] for stopped services and [ ? ] for services with‐
       out  a  'status'  command.   This  option  only  calls status for
       sysvinit jobs; upstart jobs can be queried in  a  similar  manner
       with initctl list.
[..]

xbian@avr ~ $ /sbin/init --version
init (upstart 1.13.2)
Copyright (C) 2006-2014 Canonical Ltd., 2011 Scott James Remnant

This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Thanks for the help.
Unfortunately its not a fix. I've tried all three options, none function correctly.

However it points towards the root of the issue I believe.

I have dnsmasq version 2.79, standard distribution of raspbian. It works, as in can co-exist with other name servers on other interfaces on the same box.

I've spent all day building a dnsmasq version 2.80, with the same compile time options as the raspbian stock. It works as well. This is the root of the pihole-FTL fork.

pihole-FTL fails with all the options on that radio button.

So there is diverging code in the pihole-FTL implementation, to make those selection options available from the gui. Presumably that selection overrides the settings in dnsmasq.conf that
set the bind-interfaces directive, which is what is needed to allow co-existance with other name servers.

Can anyone point me to where those options are handled in the pihole-FTL code please?
Not that I'm a great coder, but I'm motivated to look.

In passing, stock dnsmasq very helpfully lists the compile time options set in the binary from the command dnsmasq -v . On pihole-FTL that only lists the version. Unless there is another switch to list the compile time options, that is probably not an improvement.

Harry

No, more details below.

They aren't. The web interface calls the CLI which edits /etc/dnsmasq.d/01-pihole.conf and restarts pihole-FTL afterwards.

You can find this here:

becoming effective here:

You can pass your options to the embedded dnsmasq using

pihole-FTL -- -v

If this tells you that the log file is not writable (because you invoke FTL as the wrong user), use either

sudo -u pihole pihole-FTL -- -v

or chown the file momentarily

I can get it to work/bind/listen with little effort:

pi@noads:~ $ sudo -u pihole pihole-FTL -- -v
Dnsmasq version pi-hole-2.80  Copyright (c) 2000-2018 Simon Kelley

Maybe the interfaces are reported a bit late for pihole-FTL to bind to their IP's.
I believe below directive could solve instead of/replacing the bind-interfaces directive:

bind-dynamic

pi@noads:~ $ man dnsmasq
[..]
       --bind-dynamic
              Enable  a network mode which is a hybrid between --bind-
              interfaces and the default. Dnsmasq binds the address of
              individual   interfaces,   allowing   multiple   dnsmasq
              instances, but if new interfaces or addresses appear, it
              automatically  listens  on those (subject to any access-
              control configuration). This makes  dynamically  created
              interfaces  work  in the same way as the default. Imple‐
              menting this  option  requires  non-standard  networking
              APIs  and  it  is  only  available under Linux. On other
              platforms it falls-back to --bind-interfaces mode.
[..]

What file are you editing to apply these settings ?

Posting netstat and systemctl status output at certain stages would help ?
Maybe rogue settings (halfway down posting mine):

I'm using sudo netstat -ltunp | grep :53 to see the DNS socket allocation.

This is with dnsmasq loaded, and is a working DNS config

netadmin@namepi:~ $ sudo netstat -ltunp | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      21514/dnsmasq       
tcp        0      0 172.25.25.146:53        0.0.0.0:*               LISTEN      21514/dnsmasq       
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 127.0.0.1:53            0.0.0.0:*                           21514/dnsmasq       
udp        0      0 172.25.25.146:53        0.0.0.0:*                           21514/dnsmasq       
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol

I want pihole-FTL to bind to the same sockets as dnsmasq does, obviously not while dnsmasq is bound to them.

pihole-FTL is using the same config as dnsmasq, 01-pihole.conf (standard pihole) and
02-pihole.conf, with my additional settings.
I have moved from bind-interfaces to bind-dynamic, as suggested up this thread, with no difference in behavior, dnsmasq starts without error, pihole-FTL errors claiming the port is occupied. I have some concerns that with this config, if I stop the unbound instance or the NSD instance, pihole-FTL will bind the freed ports, and prevent unbound or NSD from restarting, so it does not seem to be a good solution.
02-pihole.conf

# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################
#        This file contains additional directives for pihole-FTL              #
# to integrate with the unbound and NSD nameservers also active on this Pi    #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
###############################################################################

bind-dynamic
except-interface=dummy*
listen-address=172.25.25.146
listen-address=127.0.0.1
server=192.168.55.9
no-dhcp-interface=eth0
no-dhcp-interface=dummy0
no-dhcp-interface=dummy1
netadmin@namepi:/etc/dnsmasq.d $

To test pihole-FTL I stop dnsmasq, verify the port allocation is clear, start pihole-FTL, report it's status, report the the port configuration. Since so far there is then no nameserver listening on the pihole-FTL port, there is no functional name server. To recover name service, I stop the broken pihole-FTL process and restart dnsmasq. That restores the port allocation above.

I fully understand that the objective is to replace the standalone dnsmasq service with a pihole-FTL instance, so that the GUI admin functions as well, if for no other reason. However for my purposes I wish to configure a chain of DNS servers including an unbound instance and an NSD instance.

That setup should be possible, because dnsmasq manages to operate in it.

I attach a full record of a failed attempt to start pihole-FTL

HarrypiholeTestsequence.txt (10.8 KB)

I wouldn't use 02-pihole.conf because Pi-hole already has similar name reserved for when activating Pi-hole's own DHCP service:

pi@noads:~ $ ll /etc/dnsmasq.d/
total 32
drwxr-xr-x   2 root root  4096 Jan  1 21:18 .
drwxr-xr-x 100 root root 12288 Dec  6 02:20 ..
-rw-r--r--   1 root root  1633 Jan  1 20:06 01-pihole.conf
-rw-r--r--   1 root root   479 Jun  9  2019 02-pihole-dhcp.conf
-rw-r--r--   1 root root   304 May 10  2019 04-pihole-static-dhcp.conf
-rw-r--r--   1 root root   211 Oct  2  2017 README

Choose something like:

99-my-settings.conf

And above listener IP's are still on two lines instead of coma separated on one line!

Why not kill the other possibly conflicting daemons, start pihole-FTL on its own, and see what ports/sockets it binds to with netstat ?
That way you know where its conflicting if compare with the other daemons.

EDIT: One more, why do you have directive server=192.168.55.9 in that config file ?
You can achieve similar by just entering custom upstream DNS server in the Pi-hole admin page and it will be stored in 01-pihole.conf.

For testing including netstat reports see the file attached to my last post.

This looked like a good prospect for a fix, if pihole-FTL was reading 02-pihole.conf twice and dnsmasq reading it once...

Not a fix though, at least renaming my extra config file does not fix things.

It's still possible that this is at the root of this issue though, I've been bitten by dnsmasq's treating absolutely everything in that directory as a config file, I renamed 02-xx.conf to 02-xx.conf.save expecting it to be ignored, but it wasn't.

dnsmasq, and presumably pihole-FTL will accept mutiple listen-address lines, and netstat verifies that the ports are bound as expected under dnsmasq (and nameserving works as expected, including inside the pihole server) but I've made the change anyway. The alternative syntax works in dnsmasq and pihole-FTL but does not fix the issue.

I have the upstream server defined in setupVar.conf;

PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=172.25.25.146/24
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
WEBPASSWORD=<snip>
BLOCKING_ENABLED=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=192.168.55.9#53
PIHOLE_DNS_2=192.168.55.9#53
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false

The admin gui did not like a blank server two so I entered the same server twice.
Thus the two lines in setupVars.conf.

The gui then puts two server lines in 01-pihole-FTL.

current status is still:

netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:/etc/dnsmasq.d $ systemctl start pihole-FTL.service 
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'pihole-FTL.service'.
Multiple identities can be used for authentication:
 1.  ,,, (pi)
 2.  shoka.net network manager,,, (netadmin)
 3.  shoka.net backup manager,,, (backman)
 4.  root
Choose identity to authenticate as (1-4): 2
Password: 
==== AUTHENTICATION COMPLETE ===
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:/etc/dnsmasq.d $ systemctl stop pihole-FTL
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to stop 'pihole-FTL.service'.
Multiple identities can be used for authentication:
 1.  ,,, (pi)
 2.  shoka.net network manager,,, (netadmin)
 3.  shoka.net backup manager,,, (backman)
 4.  root
Choose identity to authenticate as (1-4): 2
Password: 
==== AUTHENTICATION COMPLETE ===
netadmin@namepi

The dnsmasg.d directory

netadmin@namepi:/etc/dnsmasq.d $ ls
01-pihole.conf  10-mypiholesetup.conf  README
netadmin@namepi:/etc/dnsmasq.d $

Config files
(edited to remove comments, for brevity here. on the host all the comments are retained)

01-pihole.conf

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
server=192.168.55.9#53
server=192.168.55.9#53
domain-needed
bogus-priv
interface=eth0

10-mypiholesetup.conf

bind-dynamic
except-interface=dummy*
listen-address=172.25.25.146,127.0.0.1
no-dhcp-interface=eth0
no-dhcp-interface=dummy0
no-dhcp-interface=dummy1

Those do not show pihole-FTL running and what sockets it binded to.

Yeah it seems it does:

pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-dynamic
listen-address=127.0.0.1
listen-address=10.0.0.2

pi@noads:~ $ sudo service pihole-FTL restart
pi@noads:~ $

pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      17622/pihole-FTL
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      17622/pihole-FTL
udp        0      0 127.0.0.1:53            0.0.0.0:*                           17622/pihole-FTL
udp     5952      0 10.0.0.2:53             0.0.0.0:*                           17622/pihole-FTL

pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-dynamic
listen-address=127.0.0.1
listen-address=10.0.0.2
listen-address=fe80::xxxx:xxxx:4a85:5fb

pi@noads:~ $ sudo service pihole-FTL restart
pi@noads:~ $

pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      17779/pihole-FTL
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      17779/pihole-FTL
tcp6       0      0 fe80::xxxx:xxxx:4a85:53 :::*                    LISTEN      17779/pihole-FTL
udp        0      0 127.0.0.1:53            0.0.0.0:*                           17779/pihole-FTL
udp        0      0 10.0.0.2:53             0.0.0.0:*                           17779/pihole-FTL
udp6       0      0 fe80::xxxx:xxxx:4a85:53 :::*                                17779/pihole-FTL

Are you sure you can't configure a single upstream DNS server ?

pi@noads:~ $ grep PIHOLE_DNS /etc/pihole/setupVars.conf
PIHOLE_DNS_1=10.0.0.1#53

pi@noads:~ $ grep server= /etc/dnsmasq.d/01-pihole.conf
server=10.0.0.1#53

You seem to try start/stop pihole-FTL with the "netadmin" user:

Does that user have enough privileges to do so ?
Default, only the root user can start stop.

I believe the directive DNSMASQ_LISTENING=single might mess things up for you.
If I set that one, pihole-FTL also binds unexpectedly to ::1:53 (compared to above netstat):

pi@noads:~ $ grep DNSMASQ_LISTENING /etc/pihole/setupVars.conf
DNSMASQ_LISTENING=single

pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      18010/pihole-FTL
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      18010/pihole-FTL
tcp6       0      0 ::1:53                  :::*                    LISTEN      18010/pihole-FTL
tcp6       0      0 fe80::2113:33ca:4a85:53 :::*                    LISTEN      18010/pihole-FTL
udp        0      0 127.0.0.1:53            0.0.0.0:*                           18010/pihole-FTL
udp        0      0 10.0.0.2:53             0.0.0.0:*                           18010/pihole-FTL
udp6       0      0 ::1:53                  :::*                                18010/pihole-FTL
udp6       0      0 fe80::2113:33ca:4a85:53 :::*                                18010/pihole-FTL

If I set this one to listen to all:

pi@noads:~ $ grep DNSMASQ_LISTENING /etc/pihole/setupVars.conf
DNSMASQ_LISTENING=all

I get what I expected:

pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      18285/pihole-FTL
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      18285/pihole-FTL
tcp6       0      0 fe80::2113:33ca:4a85:53 :::*                    LISTEN      18285/pihole-FTL
udp        0      0 127.0.0.1:53            0.0.0.0:*                           18285/pihole-FTL
udp        0      0 10.0.0.2:53             0.0.0.0:*                           18285/pihole-FTL
udp6       0      0 fe80::2113:33ca:4a85:53 :::*                                18285/pihole-FTL

This DNSMASQ_LISTENING directive can be set in the admin GUI below:

image

looking at that listing again, its more confused than I realized. Sorry.
I'll try again.

**netadmin is slightly more powerful than the pi user. Can sudo. **

netadmin@namepi:/etc/dnsmasq.d $ groups netadmin
netadmin : netadmin adm dialout cdrom sudo audio video plugdev games input netdev pi spi i2c gpio backman
netadmin@namepi:/etc/dnsmasq.d $ groups pi
pi : pi adm dialout cdrom sudo audio video plugdev games users input netdev spi i2c gpio


netadmin@namepi:/etc/polkit-1/localauthority.conf.d $ cat 60-desktop-policy.conf 
[Configuration]
AdminIdentities=unix-user:pi;unix-user:netadmin;unix-user:backman;unix-user:0
netadmin@namepi:/

Starting position, dnsmasq running, port status:

netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-01-03 13:49:01 GMT; 6h ago
  Process: 29213 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 29395 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 29386 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 29383 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 29394 (dnsmasq)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/dnsmasq.service
           └─29394 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --

Jan 03 13:49:00 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 13:49:00 namepi dnsmasq[29383]: dnsmasq: syntax check OK.
Jan 03 13:49:01 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
...skipping...
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-01-03 13:49:01 GMT; 6h ago
  Process: 29213 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 29395 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 29386 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 29383 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 29394 (dnsmasq)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/dnsmasq.service
           └─29394 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --

Jan 03 13:49:00 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 13:49:00 namepi dnsmasq[29383]: dnsmasq: syntax check OK.
Jan 03 13:49:01 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
~

netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      29394/dnsmasq       
tcp        0      0 172.25.25.146:53        0.0.0.0:*               LISTEN      29394/dnsmasq       
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 127.0.0.1:53            0.0.0.0:*                           29394/dnsmasq       
udp        0      0 172.25.25.146:53        0.0.0.0:*                           29394/dnsmasq       
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:

Stop the dnsmasq instance and verify the ports are freed:

netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Fri 2020-01-03 19:59:42 GMT; 6s ago
  Process: 31337 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 29395 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 29386 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 29383 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 29394 (code=exited, status=0/SUCCESS)

Jan 03 13:49:00 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 13:49:00 namepi dnsmasq[29383]: dnsmasq: syntax check OK.
Jan 03 13:49:01 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Jan 03 19:59:42 namepi systemd[1]: Stopping dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 19:59:42 namepi systemd[1]: Stopped dnsmasq - A lightweight DHCP and caching DNS server.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:

Verify ports are still free, start pihole-FTL, pihole-FTL status

netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL start
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2020-01-03 20:10:30 GMT; 6s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 29364 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 31521 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Jan 03 20:10:29 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 20:10:29 namepi pihole-FTL[31521]: Not running
Jan 03 20:10:29 namepi su[31550]: Successful su for pihole by root
Jan 03 20:10:29 namepi su[31550]: + ??? root:pihole
Jan 03 20:10:29 namepi su[31550]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 03 20:10:30 namepi pihole-FTL[31521]: dnsmasq: *failed to create listening socket for port 53: Address already in use*
Jan 03 20:10:30 namepi systemd[1]: Started LSB: pihole-FTL daemon.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:/etc/dnsmasq.d $

name service is now broken on the network, no dns server on 172.25.25.146:53

Stop the non functional pihole-FTL instance, restart dnsmasq verify ports.

netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq start
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-01-03 20:15:35 GMT; 13s ago
  Process: 31337 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 31680 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 31670 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 31668 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 31679 (dnsmasq)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/dnsmasq.service
           └─31679 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-n

Jan 03 20:15:34 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 20:15:34 namepi dnsmasq[31668]: dnsmasq: syntax check OK.
Jan 03 20:15:35 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      31679/dnsmasq       
tcp        0      0 172.25.25.146:53        0.0.0.0:*               LISTEN      31679/dnsmasq       
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 127.0.0.1:53            0.0.0.0:*                           31679/dnsmasq       
udp        0      0 172.25.25.146:53        0.0.0.0:*                           31679/dnsmasq       
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:/etc/dnsmasq.d $

Name server bound to 172.25.25.146 and 127.0.0.1 all works.

Just to be sure ran the test again as root

netadmin@namepi:/etc/sudoers.d $ sudo su
root@namepi:/etc/sudoers.d# service dnsmasq stop
root@namepi:/etc/sudoers.d# netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
root@namepi:/etc/sudoers.d# service pihole-FTL start
root@namepi:/etc/sudoers.d# service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2020-01-03 20:49:42 GMT; 28s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 32003 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 32220 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Jan 03 20:49:42 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 20:49:42 namepi pihole-FTL[32220]: Not running
Jan 03 20:49:42 namepi su[32249]: Successful su for pihole by root
Jan 03 20:49:42 namepi su[32249]: + ??? root:pihole
Jan 03 20:49:42 namepi su[32249]: pam_unix(su:session): session opened for user pihole by (uid=0)
**Jan 03 20:49:42 namepi pihole-FTL[32220]: dnsmasq: failed to create listening socket for port 53: Address already in use**
Jan 03 20:49:42 namepi systemd[1]: Started LSB: pihole-FTL daemon.
root@namepi:/etc/sudoers.d# netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
root@namepi:/etc/sudoers.d# service pihole-FTL stop
root@namepi:/etc/sudoers.d# service dnsmasq start
root@namepi:/etc/sudoers.d# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-01-03 20:50:44 GMT; 5s ago
  Process: 32160 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 32377 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 32367 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 32365 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 32376 (dnsmasq)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/dnsmasq.service
           └─32376 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-n

Jan 03 20:50:43 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 20:50:43 namepi dnsmasq[32365]: dnsmasq: syntax check OK.
Jan 03 20:50:44 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
root@namepi:/etc/sudoers.d# netstat -ltunp | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      32376/dnsmasq       
tcp        0      0 172.25.25.146:53        0.0.0.0:*               LISTEN      32376/dnsmasq       
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 127.0.0.1:53            0.0.0.0:*                           32376/dnsmasq       
udp        0      0 172.25.25.146:53        0.0.0.0:*                           32376/dnsmasq       
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
root@namepi:/etc/sudoers.d# whoami
root
root@namepi:/etc/sudoers.d# exit
exit
netadmin@namepi:/etc/sudoers.d $ 

No success. Out of idea for the moment.

Harry

You didnt mention if have changed listening behaviour yet ?
Can you post output for below when configured for pihole-FTL to run (might want to redact some) ?

sudo grep -v '^#\|^$' -R /etc/dnsmasq.* | sort

And it would be nice if you could kill the other possibly conflicting daemons to get at least a netstat output while pihole-FTL is running.

I like that :slight_smile:
That found some old dnsmasq configs and example configs in /etc
Removed the crap

Ran again...

netadmin@namepi:/etc/dnsmasq.d $ sudo grep -v '^#\|^$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=192.168.55.9#53
/etc/dnsmasq.d/01-pihole.conf:server=192.168.55.9#53
/etc/dnsmasq.d/10-mypiholesetup.conf:bind-dynamic
/etc/dnsmasq.d/10-mypiholesetup.conf:except-interface=dummy*
/etc/dnsmasq.d/10-mypiholesetup.conf:listen-address=172.25.25.146,127.0.0.1
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=dummy0
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=dummy1
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=eth0
netadmin@namepi:

unfortunately

netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL start
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2020-01-03 21:13:21 GMT; 7s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 32334 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 32742 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)

Jan 03 21:13:20 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 21:13:20 namepi pihole-FTL[32742]: Not running
Jan 03 21:13:21 namepi su[303]: Successful su for pihole by root
Jan 03 21:13:21 namepi su[303]: + ??? root:pihole
Jan 03 21:13:21 namepi su[303]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 03 21:13:21 namepi pihole-FTL[32742]: dnsmasq: failed to create listening socket for port 53: Address already in use
Jan 03 21:13:21 namepi systemd[1]: Started LSB: pihole-FTL daemon.
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq start

Above one tells me you havent changed listening behaviour yet or you've edited the 01-pihole.conf manually.

Here is mine with listening behaviour set to "Listen on all interfaces, permit all origins" set via the admin web GUI:

pi@noads:~ $ sudo grep -v '^#\|^$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:wpad-ignore
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:wpad-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:except-interface=nonexisting
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=149.112.112.10
/etc/dnsmasq.d/01-pihole.conf:server=9.9.9.10

Notice the interface= line being replaced by except-interface=nonexisting

I don't remember editing 01-pihole.conf directly but its certainly possible. Especially building dnsmasq2.80 and getting it working.

I also set all those admin options and tested, and none worked.

Looking at the GUI I left it set to eth0 after testing.

I've set it back to "Listen on all interfaces, permit all origins"

netadmin@namepi:/etc/dnsmasq.d $ sudo grep -v '^#\|^$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:except-interface=nonexisting
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=192.168.55.9#53
/etc/dnsmasq.d/01-pihole.conf:server=192.168.55.9#53
/etc/dnsmasq.d/10-mypiholesetup.conf:bind-dynamic
/etc/dnsmasq.d/10-mypiholesetup.conf:except-interface=dummy*
/etc/dnsmasq.d/10-mypiholesetup.conf:listen-address=172.25.25.146,127.0.0.1
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=dummy0
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=dummy1
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=eth0
netadmin@namepi:/etc/dnsmasq.d $

unfortunately

netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2020-01-03 21:39:01 GMT; 7min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 377 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 754 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/pihole-FTL.service

Jan 03 21:39:00 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 21:39:00 namepi pihole-FTL[754]: Not running
Jan 03 21:39:00 namepi su[784]: Successful su for pihole by root
Jan 03 21:39:00 namepi su[784]: + ??? root:pihole
Jan 03 21:39:00 namepi su[784]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 03 21:39:01 namepi pihole-FTL[754]: dnsmasq: failed to create listening socket for port 53: Address already in use
Jan 03 21:39:01 namepi systemd[1]: Started LSB: pihole-FTL daemon.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:

Harry

With troubleshooting, try to minimize eg put below in the 10-mypiholesetup.conf file:

bind-dynamic
listen-address=172.25.25.146,127.0.0.1

Or try bind to 172.25.25.146 only:

bind-dynamic
listen-address=172.25.25.146
netadmin@namepi:/etc/dnsmasq.d $ cat 10-mypiholesetup.conf 
bind-dynamic
listen-address=172.25.25.146,127.0.0.1
netadmin@namepi:
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq restart
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-01-03 21:44:38 GMT; 12s ago
  Process: 862 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
  Process: 909 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
  Process: 900 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 897 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
 Main PID: 908 (dnsmasq)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/dnsmasq.service
           └─908 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new

Jan 03 21:44:37 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 21:44:37 namepi dnsmasq[897]: dnsmasq: syntax check OK.
Jan 03 21:44:38 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      908/dnsmasq         
tcp        0      0 172.25.25.146:53        0.0.0.0:*               LISTEN      908/dnsmasq         
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 127.0.0.1:53            0.0.0.0:*                           908/dnsmasq         
udp        0      0 172.25.25.146:53        0.0.0.0:*                           908/dnsmasq         
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL start
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL status
● pihole-FTL.service - LSB: pihole-FTL daemon
   Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
   Active: active (exited) since Fri 2020-01-03 21:39:01 GMT; 7min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 377 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
  Process: 754 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/pihole-FTL.service

Jan 03 21:39:00 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 21:39:00 namepi pihole-FTL[754]: Not running
Jan 03 21:39:00 namepi su[784]: Successful su for pihole by root
Jan 03 21:39:00 namepi su[784]: + ??? root:pihole
Jan 03 21:39:00 namepi su[784]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 03 21:39:01 namepi pihole-FTL[754]: dnsmasq: failed to create listening socket for port 53: Address already in use
Jan 03 21:39:01 namepi systemd[1]: Started LSB: pihole-FTL daemon.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp        0      0 192.168.55.9:53         0.0.0.0:*               LISTEN      26553/unbound       
tcp        0      0 192.168.55.1:53         0.0.0.0:*               LISTEN      498/nsd             
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      31052/systemd-resol 
udp        0      0 192.168.55.9:53         0.0.0.0:*                           26553/unbound       
udp        0      0 127.0.0.53:53           0.0.0.0:*                           31052/systemd-resol 
udp        0      0 192.168.55.1:53         0.0.0.0:*                           498/nsd             
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           344/avahi-daemon: r 
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           31052/systemd-resol 
netadmin@namepi:/etc/dnsmasq.d $

Nope sorry

Ps, I'm missing below file from that grep:

pi@noads:~ $ cat /etc/dnsmasq.conf
conf-dir=/etc/dnsmasq.d

EDIT: Hahahaha, all the configs in the world dont matter if dont have that one :wink:

yep, I moved everything matching /etc/dnsmasq.* out.
Does not seem to matter, but I'll put a minimal dnsmasq.conf back