The issue I am facing:
All queries are being "REFUSED" regardless of what server I use.
If I enter docker command line (docker exec -it pihole /bin/bash) and type
*nslookup*
*server 8.8.8.8*
*testdomains.com*
...it works. If I set pihole DNS to use Google (or manually 8.8.8.8) it fails.
If I query my upstream servers manually via nslookup, queries work:
root@openmediavault:/etc/docker# nslookup
> server 10.74.90.135
Default server: 10.74.90.135
Address: 10.74.90.135#53
> testdomains.com
** server can't find testdomains.com: REFUSED
^C
root@openmediavault:/etc/docker# nslookup
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> testdomains.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: testdomains.com
Address: 69.89.31.216
> server 10.74.1.1
Default server: 10.74.1.1
Address: 10.74.1.1#53
> testdomains.com
Server: 10.74.1.1
Address: 10.74.1.1#53
Non-authoritative answer:
Name: testdomains.com
Address: 69.89.31.216
Details about my system:
What I have changed since installing Pi-hole:
Nothing presently.
I was using pihole for DNS and DHCP, and have temporarily updated DNSMASQ to point to my router (10.74.1.1) for DNS to regain access, which in turn is using 8.8.8.8
Debug Token : https://tricorder.pi-hole.net/en2gesDk/
EDIT : I've spun up a new (raw) piHole docker on a separate IP with NO config barring using Google as upstream, and it's working - so something has got very broken in my existing docker - just not sure what.
Your debug log shows these messages:
[2024-04-01 15:07:58.043 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: cdn-01.yumenetworks.com
[2024-04-01 15:07:58.366 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: cdn-01.yumenetworks.com
[2024-04-01 15:14:55.994 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: goosebumpsradio.com
[2024-04-01 15:14:56.340 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: goosebumpsradio.com
[2024-04-01 15:24:22.528 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: frnafinance.fr
[2024-04-01 15:24:22.821 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: frnafinance.fr
[2024-04-01 15:25:06.337 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: hil.valuez.top
[2024-04-01 15:25:06.575 1485M] WARNING in dnsmasq core: possible DNS-rebind attack detected: hil.valuez.top
I found the problem - an upstream server on the network had a failed process which (combined with some EDNS settings) had broken upstream resolution. I've sorted that now,. The goosebumpsradio.com address was one of Pihole testing itself (it came up one of the diag logs)
system
Closed
April 22, 2024, 6:11pm
5
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.