Since this is a dnsmasq behavior, and dnsmasq 2.80 is brought into pihole-FTL unaltered, this issue may be best addressed at the dnsmasq mailing list.
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Since this is a dnsmasq behavior, and dnsmasq 2.80 is brought into pihole-FTL unaltered, this issue may be best addressed at the dnsmasq mailing list.
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Doesn't look like it's incorrect. See the actual code that is used to identify the running services.
Specifically this lsof -iTCP -sTCP:LISTEN -P -n +c 10
Both reports from the same system in the same state.
pihole-FTL is not running on the system at all.
Yes I'm running multiple nameservers on the same system on individual interfaces.
dnsmasq will let me do that. pihole-FTL does not.
The actual users of the ports is:
sudo lsof -iTCP -sTCP:LISTEN -P -n +c 10
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nsd 498 nsd 5u IPv4 10188 0t0 TCP 192.168.55.1:53 (LISTEN)
nsd 498 nsd 6u IPv4 13063 0t0 TCP 127.0.0.1:8952 (LISTEN)
vncserver- 541 root 9u IPv4 14869 0t0 TCP *:5900 (LISTEN)
nsd 579 nsd 5u IPv4 10188 0t0 TCP 192.168.55.1:53 (LISTEN)
nsd 579 nsd 6u IPv4 13063 0t0 TCP 127.0.0.1:8952 (LISTEN)
nsd 584 nsd 5u IPv4 10188 0t0 TCP 192.168.55.1:53 (LISTEN)
nsd 584 nsd 6u IPv4 13063 0t0 TCP 127.0.0.1:8952 (LISTEN)
sshd 603 root 3u IPv4 13933 0t0 TCP *:22 (LISTEN)
lighttpd 616 www-data 4u IPv4 13230 0t0 TCP *:80 (LISTEN)
unbound 26553 unbound 4u IPv4 232301 0t0 TCP 192.168.55.9:53 (LISTEN)
unbound 26553 unbound 5u IPv4 232302 0t0 TCP 127.0.0.1:8953 (LISTEN)
dnsmasq 29864 dnsmasq 5u IPv4 252352 0t0 TCP 172.25.25.146:53 (LISTEN)
dnsmasq 29864 dnsmasq 7u IPv4 252354 0t0 TCP 127.0.0.1:53 (LISTEN)
systemd-re 31052 systemd-resolve 15u IPv4 145073 0t0 TCP *:5355 (LISTEN)
*** [ DIAGNOSING ]: Ports in use
[192.168.55.1:53] is in use by pihole-FTL
127.0.0.1:8952 nsd (IPv4)
*:5900 vncserver- (IPv4)
[192.168.55.1:53] is in use by pihole-FTL
127.0.0.1:8952 nsd (IPv4)
[192.168.55.1:53] is in use by pihole-FTL
127.0.0.1:8952 nsd (IPv4)
*:22 sshd (IPv4)
[*:80] is in use by lighttpd
[192.168.55.9:53] is in use by pihole-FTL
127.0.0.1:8953 unbound (IPv4)
[172.25.25.146:53] is in use by pihole-FTL
[127.0.0.1:53] is in use by pihole-FTL
*:5355 systemd-re (IPv4)
It seems to assume that any and all nameserver ports are owned by pihole-FTL, when in fact none are...
Yes, looking things over now. I don't think that code has worked in 3 years to be honest.
That never passes the name of the service to compare to. There's no way that you can not get "pihole-FTL" printed out.
This is clear now, the question is only why. This is not all that easy to find out without one of us replicating your setup. I will have to spin up a VM for doing this. Even then, it is still some work. If you could provide minimal configurations to achieve a (comparable) setup, it would help us getting things set up.
Here you have dnsmasq
running (PID 29864). I assume this is intended? I know I may be repeating myself, but I still do not see anywhere in the code of FTL (and I looked at a diff
of upstream and our dnsmasq
) pointing to a difference.
When you shut down the process with PID 29864, check with the lsof
command that no dnsmasq
is running and only then try to start pihole-FTL
... still the same issue?
Yes running dnsmasq as a temporary measure is intended, at the moment pihole-FTP refuses to bind the port and provides no nameservice. As the pi concerned is now the target for the DNS requests for my network, that behavior kills DNS network wide. So not a configuration I can live with for any significant period.
If you have access to a Pi to test on, the config is fairly simple.
I'm insmod'ing the dummy module:
netadmin@namepi:/etc/modprobe.d $ ls
blacklist-rtl8192cu.conf dummy.conf raspi-blacklist.conf
blacklist-rtl8xxxu.conf ipv6.conf
netadmin@namepi:/etc/modprobe.d $ cat dummy.conf
options dummy numdummies=2
netadmin@namepi:/etc/modprobe.d $
netadmin@namepi:/etc/modules-load.d $ ls
dummy.conf modules.conf
netadmin@namepi:/etc/modules-load.d $ cat dummy.conf
dummy
netadmin@namepi:/etc/modules-load.d $
That gives me two dummy interfaces.
Config files for systemd-network
netadmin@namepi:/etc/systemd/network $ ls
80-dhcp.network 90-loop0.network 91-loop1.network 99-default.link
netadmin@namepi:
netadmin@namepi:/etc/systemd/network $ cat 90-loop0.network
[Match]
Name=dummy0
[Network]
Description="nsd loopback"
DHCP=false
LLDP=false
LinkLocalAddressing=no
IPv6AcceptRA=no
Address=192.168.55.1/30
netadmin@namepi:/etc/systemd/network $ cat 91-loop1.network
[Match]
Name=dummy1
[Network]
Description="unbound loopback"
DHCP=false
LLDP=false
LinkLocalAddressing=no
IPv6AcceptRA=no
Address=192.168.55.9/30
netadmin@namepi
unbound configuration:
netadmin@namepi:/etc/unbound/unbound.conf.d $ ls
namepi-unbound.conf qname-minimisation.conf
namepi-unbound.conf.save root-auto-trust-anchor-file.conf
netadmin@namepi:/etc/unbound/unbound.conf.d $ cat namepi-unbound.conf
directory: "/etc/unbound"
username: unbound
logfile: "/etc/unbound/unbound.log" #uncomment to use logfile.
pidfile: "/etc/unbound/unbound.pid"
verbosity: 1 # uncomment and increase to get more logging.
#listen on specific interface
interface: 192.168.55.9
#answer queries from the all private addreses and local subnet.
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 192.168.0.0/16 allow
#also answer queries from the shoka.net address range.
access-control: 81.174.227.96/29 allow
#use ipv4 only
do-ip4: yes
do-ip6: no
#use udp and tcp
do-udp: yes
do-tcp: yes
netadmin@namepi
NSD config:
netadmin@namepi:/etc/nsd $ ls
local.shoka.net.zone nsd.conf.d nsd_server.key
local.shoka.net.zone.backup nsd_control.key nsd_server.pem
nsd.conf nsd_control.pem test.zone
#
# The following line includes additional configuration files from the
# /etc/nsd/nsd.conf.d directory.
# WARNING: The glob style doesn't work yet...
# HJM additions for locally accessible authoratitive server
server:
ip-address: 192.168.55.1
ip-transparent: yes
ip-freebind: yes
do-ip4: yes
do-ip6: no
server-count: 1
port: 53
username: nsd
zone:
name: local.shoka.net
zonefile: /etc/nsd/local.shoka.net.zone
include: "/etc/nsd/nsd.conf.d/*.conf"
netadmin@namepi:
The config points the dnsmasq/pihole-FTL to the unbound port as the upstream nameserver.
On the internet shoka.net is hosted by UK2.
That DNS config on UK2 includes ns.local.shoka.net that resolves to the local address of the NSD instance, so unbound recurses unto the NSD address. As long as you are local to that address that should work for testing for you as well, assuming you use the same ip addresses for the loopbacks.
You need a static route on your local network, to the 192.168.55.0/26 network, nexthop the real ip of the testing pi, to make that network accessible from the local net. I have local.shoka.net set as domain, and from clients on the network the can resolve the names in that zone directly.
To test that vou need a suitable zone file:
netadmin@namepi:/etc/nsd $ cat local.shoka.net.zone
$ORIGIN local.shoka.net.
$TTL 1h
local.shoka.net. IN SOA ns.local.shoka.net. harry.shoka.net. ( 2007120710 1d 2h 4w 1h )
local.shoka.net. IN NS ns
ns IN A 192.168.55.1
routepi IN A 172.25.25.148
timepi IN A 172.25.25.147
namepi IN A 172.25.25.146
Think that's all you need.
I'm going to try and build a V2.8 dnsmasq from source, and try that, to see if the issue is from dnsmasq upstream, or the conversion to pihole-FTL. I have a query out on the dnsmasq mailing list for hints on any issues they know of.
Try put listener IP's on one line eg:
pi@noads:~ $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::2113:xxx:xxx:5fb/64 scope link
valid_lft forever preferred_lft forever
pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-interfaces
listen-address=127.0.0.1,::1,10.0.0.2,fe80::2113:xxx:xxx:5fb
pi@noads:~ $ sudo service pihole-FTL restart
pi@noads:~ $
pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 30570/pihole-FTL
tcp 0 0 10.0.0.2:53 0.0.0.0:* LISTEN 30570/pihole-FTL
tcp6 0 0 ::1:53 :::* LISTEN 30570/pihole-FTL
tcp6 0 0 fe80::2113:xxxx:xxxx:53 :::* LISTEN 30570/pihole-FTL
udp 0 0 127.0.0.1:53 0.0.0.0:* 30570/pihole-FTL
udp 0 0 10.0.0.2:53 0.0.0.0:* 30570/pihole-FTL
udp6 0 0 ::1:53 :::* 30570/pihole-FTL
udp6 0 0 fe80::2113:xxxx:xxxx:53 :::* 30570/pihole-FTL
Try set below in Pi-hole settings:
That will change directive interface=XXX
into except-interface=nonexisting
in the file /etc/dnsmasq.d/01-pihole.conf
.
That way you can add interface
directive to your own config file eg:
pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-interfaces
listen-address=127.0.0.1,::1,10.0.0.2,fe80::2113:xxx:xxx:5fb
interface=dummy0
The systemctl
command is specifically for the systemd
init system.
The service
command/wrapper can cope with three different init systems, system-v, systemd and Upstart.
So to play safe when you dont know your init, better use service
pi@noads:~ $ man service
[..]
DESCRIPTION
service runs a System V init script, systemd unit, or upstart job
in as predictable an environment as possible, removing most enviβ
ronment variables and with the current working directory set to
/.
The SCRIPT parameter specifies a System V init script, located in
/etc/init.d/SCRIPT, or the name of a systemd unit, or the name of
an upstart job in /etc/init. The existence of a systemd unit or
upstart job of the same name as a script in /etc/init.d will
cause the unit/job to take precedence over the init.d script.
The supported values of COMMAND depend on the invoked script.
service passes COMMAND and OPTIONS to the init script unmodified.
For systemd units or upstart jobs, start, stop, status, and
reload are passed through to their systemctl/initctl equivalents.
For upstart jobs, restart will call the upstart 'stop' for the
job, followed immediately by the 'start', and will exit with the
return code of the start command.
All scripts should support at least the start and stop commands.
As a special case, if COMMAND is --full-restart, the script is
run twice, first with the stop command, then with the start comβ
mand. This option has no effect on upstart jobs.
service --status-all runs all init scripts, in alphabetical
order, with the status command. The status is [ + ] for running
services, [ - ] for stopped services and [ ? ] for services withβ
out a 'status' command. This option only calls status for
sysvinit jobs; upstart jobs can be queried in a similar manner
with initctl list.
[..]
xbian@avr ~ $ /sbin/init --version
init (upstart 1.13.2)
Copyright (C) 2006-2014 Canonical Ltd., 2011 Scott James Remnant
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Thanks for the help.
Unfortunately its not a fix. I've tried all three options, none function correctly.
However it points towards the root of the issue I believe.
I have dnsmasq version 2.79, standard distribution of raspbian. It works, as in can co-exist with other name servers on other interfaces on the same box.
I've spent all day building a dnsmasq version 2.80, with the same compile time options as the raspbian stock. It works as well. This is the root of the pihole-FTL fork.
pihole-FTL fails with all the options on that radio button.
So there is diverging code in the pihole-FTL implementation, to make those selection options available from the gui. Presumably that selection overrides the settings in dnsmasq.conf that
set the bind-interfaces directive, which is what is needed to allow co-existance with other name servers.
Can anyone point me to where those options are handled in the pihole-FTL code please?
Not that I'm a great coder, but I'm motivated to look.
In passing, stock dnsmasq very helpfully lists the compile time options set in the binary from the command dnsmasq -v . On pihole-FTL that only lists the version. Unless there is another switch to list the compile time options, that is probably not an improvement.
Harry
No, more details below.
They aren't. The web interface calls the CLI which edits /etc/dnsmasq.d/01-pihole.conf
and restarts pihole-FTL
afterwards.
You can find this here:
becoming effective here:
You can pass your options to the embedded dnsmasq
using
pihole-FTL -- -v
If this tells you that the log file is not writable (because you invoke FTL as the wrong user), use either
sudo -u pihole pihole-FTL -- -v
or chown
the file momentarily
I can get it to work/bind/listen with little effort:
pi@noads:~ $ sudo -u pihole pihole-FTL -- -v
Dnsmasq version pi-hole-2.80 Copyright (c) 2000-2018 Simon Kelley
Maybe the interfaces are reported a bit late for pihole-FTL
to bind to their IP's.
I believe below directive could solve instead of/replacing the bind-interfaces
directive:
bind-dynamic
pi@noads:~ $ man dnsmasq
[..]
--bind-dynamic
Enable a network mode which is a hybrid between --bind-
interfaces and the default. Dnsmasq binds the address of
individual interfaces, allowing multiple dnsmasq
instances, but if new interfaces or addresses appear, it
automatically listens on those (subject to any access-
control configuration). This makes dynamically created
interfaces work in the same way as the default. Impleβ
menting this option requires non-standard networking
APIs and it is only available under Linux. On other
platforms it falls-back to --bind-interfaces mode.
[..]
What file are you editing to apply these settings ?
Posting netstat
and systemctl status
output at certain stages would help ?
Maybe rogue settings (halfway down posting mine):
I'm using sudo netstat -ltunp | grep :53
to see the DNS socket allocation.
This is with dnsmasq loaded, and is a working DNS config
netadmin@namepi:~ $ sudo netstat -ltunp | grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 21514/dnsmasq
tcp 0 0 172.25.25.146:53 0.0.0.0:* LISTEN 21514/dnsmasq
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 127.0.0.1:53 0.0.0.0:* 21514/dnsmasq
udp 0 0 172.25.25.146:53 0.0.0.0:* 21514/dnsmasq
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
I want pihole-FTL to bind to the same sockets as dnsmasq does, obviously not while dnsmasq is bound to them.
pihole-FTL is using the same config as dnsmasq, 01-pihole.conf (standard pihole) and
02-pihole.conf, with my additional settings.
I have moved from bind-interfaces to bind-dynamic, as suggested up this thread, with no difference in behavior, dnsmasq starts without error, pihole-FTL errors claiming the port is occupied. I have some concerns that with this config, if I stop the unbound instance or the NSD instance, pihole-FTL will bind the freed ports, and prevent unbound or NSD from restarting, so it does not seem to be a good solution.
02-pihole.conf
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
###############################################################################
# This file contains additional directives for pihole-FTL #
# to integrate with the unbound and NSD nameservers also active on this Pi #
# #
# IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: #
# /etc/pihole/setupVars.conf #
###############################################################################
bind-dynamic
except-interface=dummy*
listen-address=172.25.25.146
listen-address=127.0.0.1
server=192.168.55.9
no-dhcp-interface=eth0
no-dhcp-interface=dummy0
no-dhcp-interface=dummy1
netadmin@namepi:/etc/dnsmasq.d $
To test pihole-FTL I stop dnsmasq, verify the port allocation is clear, start pihole-FTL, report it's status, report the the port configuration. Since so far there is then no nameserver listening on the pihole-FTL port, there is no functional name server. To recover name service, I stop the broken pihole-FTL process and restart dnsmasq. That restores the port allocation above.
I fully understand that the objective is to replace the standalone dnsmasq service with a pihole-FTL instance, so that the GUI admin functions as well, if for no other reason. However for my purposes I wish to configure a chain of DNS servers including an unbound instance and an NSD instance.
That setup should be possible, because dnsmasq manages to operate in it.
I attach a full record of a failed attempt to start pihole-FTL
HarrypiholeTestsequence.txt (10.8 KB)
I wouldn't use 02-pihole.conf
because Pi-hole already has similar name reserved for when activating Pi-hole's own DHCP service:
pi@noads:~ $ ll /etc/dnsmasq.d/
total 32
drwxr-xr-x 2 root root 4096 Jan 1 21:18 .
drwxr-xr-x 100 root root 12288 Dec 6 02:20 ..
-rw-r--r-- 1 root root 1633 Jan 1 20:06 01-pihole.conf
-rw-r--r-- 1 root root 479 Jun 9 2019 02-pihole-dhcp.conf
-rw-r--r-- 1 root root 304 May 10 2019 04-pihole-static-dhcp.conf
-rw-r--r-- 1 root root 211 Oct 2 2017 README
Choose something like:
99-my-settings.conf
And above listener IP's are still on two lines instead of coma separated on one line!
Why not kill the other possibly conflicting daemons, start pihole-FTL
on its own, and see what ports/sockets it binds to with netstat
?
That way you know where its conflicting if compare with the other daemons.
EDIT: One more, why do you have directive server=192.168.55.9
in that config file ?
You can achieve similar by just entering custom upstream DNS server in the Pi-hole admin page and it will be stored in 01-pihole.conf
.
For testing including netstat reports see the file attached to my last post.
This looked like a good prospect for a fix, if pihole-FTL was reading 02-pihole.conf twice and dnsmasq reading it once...
Not a fix though, at least renaming my extra config file does not fix things.
It's still possible that this is at the root of this issue though, I've been bitten by dnsmasq's treating absolutely everything in that directory as a config file, I renamed 02-xx.conf to 02-xx.conf.save expecting it to be ignored, but it wasn't.
dnsmasq, and presumably pihole-FTL will accept mutiple listen-address lines, and netstat verifies that the ports are bound as expected under dnsmasq (and nameserving works as expected, including inside the pihole server) but I've made the change anyway. The alternative syntax works in dnsmasq and pihole-FTL but does not fix the issue.
I have the upstream server defined in setupVar.conf;
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=172.25.25.146/24
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
WEBPASSWORD=<snip>
BLOCKING_ENABLED=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=192.168.55.9#53
PIHOLE_DNS_2=192.168.55.9#53
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false
The admin gui did not like a blank server two so I entered the same server twice.
Thus the two lines in setupVars.conf.
The gui then puts two server lines in 01-pihole-FTL.
current status is still:
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
netadmin@namepi:/etc/dnsmasq.d $ systemctl start pihole-FTL.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'pihole-FTL.service'.
Multiple identities can be used for authentication:
1. ,,, (pi)
2. shoka.net network manager,,, (netadmin)
3. shoka.net backup manager,,, (backman)
4. root
Choose identity to authenticate as (1-4): 2
Password:
==== AUTHENTICATION COMPLETE ===
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
netadmin@namepi:/etc/dnsmasq.d $ systemctl stop pihole-FTL
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to stop 'pihole-FTL.service'.
Multiple identities can be used for authentication:
1. ,,, (pi)
2. shoka.net network manager,,, (netadmin)
3. shoka.net backup manager,,, (backman)
4. root
Choose identity to authenticate as (1-4): 2
Password:
==== AUTHENTICATION COMPLETE ===
netadmin@namepi
The dnsmasg.d directory
netadmin@namepi:/etc/dnsmasq.d $ ls
01-pihole.conf 10-mypiholesetup.conf README
netadmin@namepi:/etc/dnsmasq.d $
Config files
(edited to remove comments, for brevity here. on the host all the comments are retained)
01-pihole.conf
addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
server=192.168.55.9#53
server=192.168.55.9#53
domain-needed
bogus-priv
interface=eth0
10-mypiholesetup.conf
bind-dynamic
except-interface=dummy*
listen-address=172.25.25.146,127.0.0.1
no-dhcp-interface=eth0
no-dhcp-interface=dummy0
no-dhcp-interface=dummy1
Those do not show pihole-FTL
running and what sockets it binded to.
Yeah it seems it does:
pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-dynamic
listen-address=127.0.0.1
listen-address=10.0.0.2
pi@noads:~ $ sudo service pihole-FTL restart
pi@noads:~ $
pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 17622/pihole-FTL
tcp 0 0 10.0.0.2:53 0.0.0.0:* LISTEN 17622/pihole-FTL
udp 0 0 127.0.0.1:53 0.0.0.0:* 17622/pihole-FTL
udp 5952 0 10.0.0.2:53 0.0.0.0:* 17622/pihole-FTL
pi@noads:~ $ cat /etc/dnsmasq.d/99-my-settings.conf
bind-dynamic
listen-address=127.0.0.1
listen-address=10.0.0.2
listen-address=fe80::xxxx:xxxx:4a85:5fb
pi@noads:~ $ sudo service pihole-FTL restart
pi@noads:~ $
pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 17779/pihole-FTL
tcp 0 0 10.0.0.2:53 0.0.0.0:* LISTEN 17779/pihole-FTL
tcp6 0 0 fe80::xxxx:xxxx:4a85:53 :::* LISTEN 17779/pihole-FTL
udp 0 0 127.0.0.1:53 0.0.0.0:* 17779/pihole-FTL
udp 0 0 10.0.0.2:53 0.0.0.0:* 17779/pihole-FTL
udp6 0 0 fe80::xxxx:xxxx:4a85:53 :::* 17779/pihole-FTL
Are you sure you can't configure a single upstream DNS server ?
pi@noads:~ $ grep PIHOLE_DNS /etc/pihole/setupVars.conf
PIHOLE_DNS_1=10.0.0.1#53
pi@noads:~ $ grep server= /etc/dnsmasq.d/01-pihole.conf
server=10.0.0.1#53
You seem to try start/stop pihole-FTL
with the "netadmin
" user:
Does that user have enough privileges to do so ?
Default, only the root
user can start stop.
I believe the directive DNSMASQ_LISTENING=single
might mess things up for you.
If I set that one, pihole-FTL
also binds unexpectedly to ::1:53
(compared to above netstat
):
pi@noads:~ $ grep DNSMASQ_LISTENING /etc/pihole/setupVars.conf
DNSMASQ_LISTENING=single
pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18010/pihole-FTL
tcp 0 0 10.0.0.2:53 0.0.0.0:* LISTEN 18010/pihole-FTL
tcp6 0 0 ::1:53 :::* LISTEN 18010/pihole-FTL
tcp6 0 0 fe80::2113:33ca:4a85:53 :::* LISTEN 18010/pihole-FTL
udp 0 0 127.0.0.1:53 0.0.0.0:* 18010/pihole-FTL
udp 0 0 10.0.0.2:53 0.0.0.0:* 18010/pihole-FTL
udp6 0 0 ::1:53 :::* 18010/pihole-FTL
udp6 0 0 fe80::2113:33ca:4a85:53 :::* 18010/pihole-FTL
If I set this one to listen to all:
pi@noads:~ $ grep DNSMASQ_LISTENING /etc/pihole/setupVars.conf
DNSMASQ_LISTENING=all
I get what I expected:
pi@noads:~ $ sudo netstat -nltup | grep 'Proto\|:53 '
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18285/pihole-FTL
tcp 0 0 10.0.0.2:53 0.0.0.0:* LISTEN 18285/pihole-FTL
tcp6 0 0 fe80::2113:33ca:4a85:53 :::* LISTEN 18285/pihole-FTL
udp 0 0 127.0.0.1:53 0.0.0.0:* 18285/pihole-FTL
udp 0 0 10.0.0.2:53 0.0.0.0:* 18285/pihole-FTL
udp6 0 0 fe80::2113:33ca:4a85:53 :::* 18285/pihole-FTL
This DNSMASQ_LISTENING
directive can be set in the admin GUI below:
looking at that listing again, its more confused than I realized. Sorry.
I'll try again.
**netadmin is slightly more powerful than the pi user. Can sudo. **
netadmin@namepi:/etc/dnsmasq.d $ groups netadmin
netadmin : netadmin adm dialout cdrom sudo audio video plugdev games input netdev pi spi i2c gpio backman
netadmin@namepi:/etc/dnsmasq.d $ groups pi
pi : pi adm dialout cdrom sudo audio video plugdev games users input netdev spi i2c gpio
netadmin@namepi:/etc/polkit-1/localauthority.conf.d $ cat 60-desktop-policy.conf
[Configuration]
AdminIdentities=unix-user:pi;unix-user:netadmin;unix-user:backman;unix-user:0
netadmin@namepi:/
Starting position, dnsmasq running, port status:
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq status
β dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-01-03 13:49:01 GMT; 6h ago
Process: 29213 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 29395 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 29386 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 29383 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 29394 (dnsmasq)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/dnsmasq.service
ββ29394 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --
Jan 03 13:49:00 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 13:49:00 namepi dnsmasq[29383]: dnsmasq: syntax check OK.
Jan 03 13:49:01 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
...skipping...
β dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-01-03 13:49:01 GMT; 6h ago
Process: 29213 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 29395 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 29386 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 29383 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 29394 (dnsmasq)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/dnsmasq.service
ββ29394 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --
Jan 03 13:49:00 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 13:49:00 namepi dnsmasq[29383]: dnsmasq: syntax check OK.
Jan 03 13:49:01 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
~
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 29394/dnsmasq
tcp 0 0 172.25.25.146:53 0.0.0.0:* LISTEN 29394/dnsmasq
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 127.0.0.1:53 0.0.0.0:* 29394/dnsmasq
udp 0 0 172.25.25.146:53 0.0.0.0:* 29394/dnsmasq
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
netadmin@namepi:
Stop the dnsmasq instance and verify the ports are freed:
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq status
β dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Fri 2020-01-03 19:59:42 GMT; 6s ago
Process: 31337 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 29395 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 29386 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 29383 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 29394 (code=exited, status=0/SUCCESS)
Jan 03 13:49:00 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 13:49:00 namepi dnsmasq[29383]: dnsmasq: syntax check OK.
Jan 03 13:49:01 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Jan 03 19:59:42 namepi systemd[1]: Stopping dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 19:59:42 namepi systemd[1]: Stopped dnsmasq - A lightweight DHCP and caching DNS server.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
netadmin@namepi:
Verify ports are still free, start pihole-FTL, pihole-FTL status
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL start
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL status
β pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
Active: active (exited) since Fri 2020-01-03 20:10:30 GMT; 6s ago
Docs: man:systemd-sysv-generator(8)
Process: 29364 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
Process: 31521 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
Jan 03 20:10:29 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 20:10:29 namepi pihole-FTL[31521]: Not running
Jan 03 20:10:29 namepi su[31550]: Successful su for pihole by root
Jan 03 20:10:29 namepi su[31550]: + ??? root:pihole
Jan 03 20:10:29 namepi su[31550]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 03 20:10:30 namepi pihole-FTL[31521]: dnsmasq: *failed to create listening socket for port 53: Address already in use*
Jan 03 20:10:30 namepi systemd[1]: Started LSB: pihole-FTL daemon.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
netadmin@namepi:/etc/dnsmasq.d $
name service is now broken on the network, no dns server on 172.25.25.146:53
Stop the non functional pihole-FTL instance, restart dnsmasq verify ports.
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq start
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq status
β dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-01-03 20:15:35 GMT; 13s ago
Process: 31337 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 31680 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 31670 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 31668 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 31679 (dnsmasq)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/dnsmasq.service
ββ31679 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-n
Jan 03 20:15:34 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 20:15:34 namepi dnsmasq[31668]: dnsmasq: syntax check OK.
Jan 03 20:15:35 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
netadmin@namepi:/etc/dnsmasq.d $ sudo netstat -ltunp | grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 31679/dnsmasq
tcp 0 0 172.25.25.146:53 0.0.0.0:* LISTEN 31679/dnsmasq
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 127.0.0.1:53 0.0.0.0:* 31679/dnsmasq
udp 0 0 172.25.25.146:53 0.0.0.0:* 31679/dnsmasq
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
netadmin@namepi:/etc/dnsmasq.d $
Name server bound to 172.25.25.146 and 127.0.0.1 all works.
Just to be sure ran the test again as root
netadmin@namepi:/etc/sudoers.d $ sudo su
root@namepi:/etc/sudoers.d# service dnsmasq stop
root@namepi:/etc/sudoers.d# netstat -ltunp | grep :53
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
root@namepi:/etc/sudoers.d# service pihole-FTL start
root@namepi:/etc/sudoers.d# service pihole-FTL status
β pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
Active: active (exited) since Fri 2020-01-03 20:49:42 GMT; 28s ago
Docs: man:systemd-sysv-generator(8)
Process: 32003 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
Process: 32220 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
Jan 03 20:49:42 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 20:49:42 namepi pihole-FTL[32220]: Not running
Jan 03 20:49:42 namepi su[32249]: Successful su for pihole by root
Jan 03 20:49:42 namepi su[32249]: + ??? root:pihole
Jan 03 20:49:42 namepi su[32249]: pam_unix(su:session): session opened for user pihole by (uid=0)
**Jan 03 20:49:42 namepi pihole-FTL[32220]: dnsmasq: failed to create listening socket for port 53: Address already in use**
Jan 03 20:49:42 namepi systemd[1]: Started LSB: pihole-FTL daemon.
root@namepi:/etc/sudoers.d# netstat -ltunp | grep :53
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
root@namepi:/etc/sudoers.d# service pihole-FTL stop
root@namepi:/etc/sudoers.d# service dnsmasq start
root@namepi:/etc/sudoers.d# service dnsmasq status
β dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-01-03 20:50:44 GMT; 5s ago
Process: 32160 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 32377 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 32367 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 32365 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 32376 (dnsmasq)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/dnsmasq.service
ββ32376 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-n
Jan 03 20:50:43 namepi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Jan 03 20:50:43 namepi dnsmasq[32365]: dnsmasq: syntax check OK.
Jan 03 20:50:44 namepi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
root@namepi:/etc/sudoers.d# netstat -ltunp | grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 32376/dnsmasq
tcp 0 0 172.25.25.146:53 0.0.0.0:* LISTEN 32376/dnsmasq
tcp 0 0 192.168.55.9:53 0.0.0.0:* LISTEN 26553/unbound
tcp 0 0 192.168.55.1:53 0.0.0.0:* LISTEN 498/nsd
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 31052/systemd-resol
udp 0 0 127.0.0.1:53 0.0.0.0:* 32376/dnsmasq
udp 0 0 172.25.25.146:53 0.0.0.0:* 32376/dnsmasq
udp 0 0 192.168.55.9:53 0.0.0.0:* 26553/unbound
udp 0 0 127.0.0.53:53 0.0.0.0:* 31052/systemd-resol
udp 0 0 192.168.55.1:53 0.0.0.0:* 498/nsd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 344/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 31052/systemd-resol
root@namepi:/etc/sudoers.d# whoami
root
root@namepi:/etc/sudoers.d# exit
exit
netadmin@namepi:/etc/sudoers.d $
No success. Out of idea for the moment.
Harry
You didnt mention if have changed listening behaviour yet ?
Can you post output for below when configured for pihole-FTL
to run (might want to redact some) ?
sudo grep -v '^#\|^$' -R /etc/dnsmasq.* | sort
And it would be nice if you could kill the other possibly conflicting daemons to get at least a netstat
output while pihole-FTL
is running.
I like that
That found some old dnsmasq configs and example configs in /etc
Removed the crap
Ran again...
netadmin@namepi:/etc/dnsmasq.d $ sudo grep -v '^#\|^$' -R /etc/dnsmasq.* | sort
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/black.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/gravity.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:server=192.168.55.9#53
/etc/dnsmasq.d/01-pihole.conf:server=192.168.55.9#53
/etc/dnsmasq.d/10-mypiholesetup.conf:bind-dynamic
/etc/dnsmasq.d/10-mypiholesetup.conf:except-interface=dummy*
/etc/dnsmasq.d/10-mypiholesetup.conf:listen-address=172.25.25.146,127.0.0.1
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=dummy0
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=dummy1
/etc/dnsmasq.d/10-mypiholesetup.conf:no-dhcp-interface=eth0
netadmin@namepi:
unfortunately
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL start
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL status
β pihole-FTL.service - LSB: pihole-FTL daemon
Loaded: loaded (/etc/init.d/pihole-FTL; generated; vendor preset: enabled)
Active: active (exited) since Fri 2020-01-03 21:13:21 GMT; 7s ago
Docs: man:systemd-sysv-generator(8)
Process: 32334 ExecStop=/etc/init.d/pihole-FTL stop (code=exited, status=0/SUCCESS)
Process: 32742 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
Jan 03 21:13:20 namepi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 03 21:13:20 namepi pihole-FTL[32742]: Not running
Jan 03 21:13:21 namepi su[303]: Successful su for pihole by root
Jan 03 21:13:21 namepi su[303]: + ??? root:pihole
Jan 03 21:13:21 namepi su[303]: pam_unix(su:session): session opened for user pihole by (uid=0)
Jan 03 21:13:21 namepi pihole-FTL[32742]: dnsmasq: failed to create listening socket for port 53: Address already in use
Jan 03 21:13:21 namepi systemd[1]: Started LSB: pihole-FTL daemon.
netadmin@namepi:/etc/dnsmasq.d $ sudo service pihole-FTL stop
netadmin@namepi:/etc/dnsmasq.d $ sudo service dnsmasq start