Ubuntu 22.04. Disable pihole feature not working. How to fix?

m3110w · August 28, 2023, 1:15pm

I'm on Ubuntu 22.04 and pihole up to date. Pi-hole v5.17.1 FTL v5.23 Web Interface v5.20.1. AMD laptop. No network, only the laptop and nothing else. No router. I get all my internet from a wifi hotspot. My wifi hotspot is an Android phone with a SIM card.

Pihole is working but the Disable pihole feature not working.

Please refer to this thread for details: Ubuntu 22.04 "Disable Pihole" not working...? - #26 by m3110w You can skip to the last post of the thread.

At the end of this thread JFB wrote: "Your DHCP server (the router) is not distributing the IP of Pi-hole for DNS. It is advertising its own IP. This is something you will need to fix in your router settings, and I can't give you step by step directions for that. You will need to refer to your router manual:"

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   * Received 548 bytes from wlp4s0:192.168.1.1
     Offered IP address: 192.168.1.140
     Server IP address: N/A
     Relay-agent IP address: N/A
     BOOTP server: (empty)
     BOOTP file: (empty)
     DHCP options:
      Message type: DHCPOFFER (2)
      server-identifier: 192.168.1.1
      lease-time: 27613 ( 7h 40m 13s )
      netmask: 255.255.0.0
      router: 192.168.1.1
      dns-server: 192.168.1.1
      dns-server: 192.168.1.1
      --- end of options ---
    
   DHCP packets received on interface enp5s0: 0
   DHCP packets received on interface lo: 0
   DHCP packets received on interface wlp4s0: 1

So if I don't have a router and I'm only using a wifi hotspot, can this issue be fixed? Is there some way to change the IP and DHCP settings on my Android phone that serves as my wifi hotspot?

Bucking_Horn · August 28, 2023, 9:28pm

I very much doubt that.
Without a routing device, you would be unable to use the internet (and consequently, there wouldn't be any need to employ Pi-hole).

If that debug log excerpt above is current, it shows us two things:

a. The device at 192.168.1.1 is acting as your router as well as DNS server for its DHCP clients.
b. There is a 192.168.0.0/16 network.

That would suggest that any device on that 192.168.0.0/16 network is not using Pi-hole for DNS, but 192.168.1.1.

What configuration did you apply to expect that it would be Pi-hole that is blocking your DNS requests?

Run from the your Pi-hole host machine, what's the result of

echo ">stats >quit" | nc localhost 4711

m3110w · August 29, 2023, 9:40am

Here's the results:

advait@advait-Bravo-15-A4DDR:~$ sudo echo ">stats >quit" | nc localhost 4711
[sudo] password for advait:
domains_being_blocked 199280
dns_queries_today 46536
ads_blocked_today 974
ads_percentage_today 2.093003
unique_domains 696
queries_forwarded 9335
queries_cached 35290
clients_ever_seen 1
unique_clients 1
dns_queries_all_types 46536
reply_UNKNOWN 922
reply_NODATA 2187
reply_NXDOMAIN 50
reply_CNAME 6453
reply_IP 36849
reply_DOMAIN 28
reply_RRNAME 8
reply_SERVFAIL 0
reply_REFUSED 0
reply_NOTIMP 0
reply_OTHER 0
reply_DNSSEC 0
reply_NONE 0
reply_BLOB 39
dns_queries_all_replies 46536
privacy_level 0
status enabled
advait@advait-Bravo-15-A4DDR:~$

So is the routing happening in my hotspot (an Android phone) or in my Ubuntu laptop where pihole is installed?

"What configuration did you apply to expect that it would be Pi-hole that is blocking your DNS requests?"
I'm not a technical person so this question makes no sense to me.

Bucking_Horn · September 11, 2023, 8:47pm

Likely on both, as any network connected device will make initial routing decisions based on its routing table. Yet whatever device is living at 192.168.1.1, that is acting as your router/gateway for your network, i.e. it's forwarding all traffic to IP addresses not on the same link/network segment to the appropriate targets.

For Pi-hole to filter DNS requests, a client's DNS requests have to reach Pi-hole, either directly or indirectly.

As explained, we know from your above debug log excerpt that your router's DHCP server at 192.168.1.1 is telling DHCP clients to use it as DNS resolver, i.e. clients will use 192.168.1.1 as DNS server.

Simultaneously, the amount of your overall DNS requests from your >stats results suggest that Pi-hole is used for DNS.

So the question is why/how do you expect clients to use Pi-hole for DNS:
Do you run your Pi-hole on your router at 192.168.1.1?
Did you point your router to use Pi-hole as its upstream DNS server?
Did you point your laptop client to Pi-hole's IP for DNS?

m3110w · September 12, 2023, 5:57am

I think I should have explained at the beginning that I did not set up my Pihole. I hired an online Linux person to do it. He took over my screen and spent about a half hour entering in lots of terminal commands. I had no clue whatsoever what he was doing but at the end my Pihole was working and blocking domains. I have no clue how he set it up or how he configured it.

So it looks like I'll need to hire another Linux expert to fix this issue. Let me know if the issue can be easily fixed with a few simple commands. Although I don't think that's possible here.

[[
So the question is why/how do you expect clients to use Pi-hole for DNS:
Do you run your Pi-hole on your router at 192.168.1.1?
Did you point your router to use Pi-hole as its upstream DNS server?
Did you point your laptop client to Pi-hole's IP for DNS?
]]
Sorry but I'm totally unable to answer these questions. I'll hire someone to fix it. Thanks for your efforts to help.

See also Ubuntu 22.04. Unable to get Pihole to stop blocking

m3110w · September 12, 2023, 6:02am

Here's the Debug link https://tricorder.pi-hole.net/jBH55Ynu/

I think I should have explained at the beginning that I did not set up my Pihole. I hired an online Linux person to do it. He took over my screen and spent about a half hour entering in lots of terminal commands. I had no clue whatsoever what he was doing but at the end my Pihole was working and blocking domains. I have no clue how he set it up or how he configured it.

Bucking_Horn · September 12, 2023, 9:21am

We have not been able to pinpoint what your issue is yet.

Your most recent debug log shows your Pi-hole to reside at 192.168.130.24:

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the wlp4s0 interface:
    192.168.130.24/24

It also shows that the machine hosting Pi-hole points DNS to the localhost loopback address, where Pi-hole is listening:

*** [ DIAGNOSING ]: contents of /etc
(...)
-rw-r--r-- 1 root root 21 Jul  8 21:35 /etc/resolv.conf
   nameserver 127.0.0.1

There is an instance of dnsmasq running on that machine, which normally would cause conflicts with Pi-hole over port 53/DNS. However, care has been taken to move dnsmasq to another (virtual bridge) network interface:

*** [ DIAGNOSING ]: Ports in use
(...)
[✗] udp:192.168.122.1:53 is in use by dnsmasq

   4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
       inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
          valid_lft forever preferred_lft forever

In addition, there is a custom configuration file at /etc/dnsmasq.d/libvirt-daemon to have it coexist with Pi-hole:

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d
   (...)
   local-service

(...)

lrwxrwxrwx 1 root root 39 Jun 14 17:16 /etc/dnsmasq.d/libvirt-daemon -> /etc/dnsmasq.d-available/libvirt-daemon
   bind-interfaces
   except-interface=virbr0

As far as Pi-hole is concerned, this looks currently valid on first glance, though it may provoke unintended side effects if you would use Pi-hole's Settings| DNS UI to switch between different Interface settings.
(There may also be implications on the dnsmasq side, depending on the configuration files that dnsmasq would be using, but I can't really comment on those. Just note that by default, pihole-FTL and dnsmasq would use the same configuration files at the same location.).

I can't tell whether and why it would be required to have a separate DNS resolver (dnsmasq) to coexist on your system.

The common approach would be to uninstall or at least disable dnsmasq, so Pi-hole would be the sole DNS resolver on your system.

While this may be worth investigating, none of it would contribute to your observation of sites being blocked despite you having disabled Pi-hole.

My guess would be that something else is blocking access, like a browser based extension or a filtering upstream DNS server.

The latter does not seem to be the case for you, as your debug log shows Pi-hole to be configured for G**gle's DNS resolvers.

To further analyse this, please run the following commands twice - once with Pi-hole's blocking enabled, and once after temporarily disabling Pi-hole's blocking:

nslookup pi.hole

nslookup flurry.com

nslookup flurry.com 192.168.130.24

m3110w · September 12, 2023, 11:53am

Here's the results - enabled and disabled. Does this help?

advait@advait-Bravo-15-A4DDR:~$ ---PIHOLE ENABLED---
---PIHOLE: command not found
advait@advait-Bravo-15-A4DDR:~$ nslookup pi.hole
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	pi.hole
Address: 127.0.0.1
Name:	pi.hole
Address: ::1

advait@advait-Bravo-15-A4DDR:~$ nslookup flurry.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	flurry.com
Address: 0.0.0.0
Name:	flurry.com
Address: ::

advait@advait-Bravo-15-A4DDR:~$ nslookup flurry.com 192.168.130.24
Server:		192.168.130.24
Address:	192.168.130.24#53

Name:	flurry.com
Address: 0.0.0.0
Name:	flurry.com
Address: ::

advait@advait-Bravo-15-A4DDR:~$ ---PIHOLE DISABLED---
---PIHOLE: command not found
advait@advait-Bravo-15-A4DDR:~$ nslookup pi.hole
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	pi.hole
Address: 127.0.0.1
Name:	pi.hole
Address: ::1

advait@advait-Bravo-15-A4DDR:~$ nslookup flurry.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
Name:	flurry.com
Address: 74.6.136.150
Name:	flurry.com
Address: 34.225.127.72
Name:	flurry.com
Address: 98.136.103.23
Name:	flurry.com
Address: 212.82.100.150
Name:	flurry.com
Address: 54.161.105.65

advait@advait-Bravo-15-A4DDR:~$ nslookup flurry.com 192.168.130.24
Server:		192.168.130.24
Address:	192.168.130.24#53

Non-authoritative answer:
Name:	flurry.com
Address: 74.6.136.150
Name:	flurry.com
Address: 34.225.127.72
Name:	flurry.com
Address: 98.136.103.23
Name:	flurry.com
Address: 212.82.100.150
Name:	flurry.com
Address: 54.161.105.65

advait@advait-Bravo-15-A4DDR:~$ ---HOPE THIS HELPS!---

Bucking_Horn · September 12, 2023, 4:07pm

Those results for the first command show that your Pi-hole is receiving DNS requests
The other two show your Pi-hole is blocking flurry.com (0.0.0.0) when blocking is enabled, and when you disable Pi-hole's blocking, Pi-hole is answering the IPs as expected, i.e. it isn't blocking DNS resolution.

This reinforces my earlier guess...

You want to make sure that your browser is not blocking the sites you want to access.

m3110w · September 13, 2023, 8:30am

I ran some tests and on Firefox and Chrome sponsored links are blocked. On the MS Edge Bing browser app sponsored links are allowed. On all 3 browsers ads on web pages are mostly blocked.

Any idea of what Firefox and Chrome are doing vs Edge?

Looks like Pihole is not blocking the sponsored links served up by the Microsoft Ad network. That sound right?

Bucking_Horn · September 13, 2023, 8:59am

That would depend on the actual domains targeted by the links and whether they are contained in any of your blocklists, and the current state of your Pi-hole.

Our previous tests have demonstrated that disabling Pi-hole via its UI is working as expected.

If you still cannot access certain sites despite PI-hole's blocking being disabled, you'd have to look beyond Pi-hole.

Browsers and browser extensions (e.g. uBlock Origin) may filter HTTP(S) requests (not just domains) for several reasons, and they may do so before such a request leaves the machine it runs on, i.e. they may prevent a DNS requests being issued to Pi-hole at all.
Other client software may filter traffic as well, e.g. a local firewall or antivirus software may prevent connections.

m3110w · September 13, 2023, 10:26am

Well the simple solution is I'll use the Edge browser when I need to go to a sponsored link (which I sometimes need to do). Thanks for the help. When I get time I'll research the settings in Firefox and Chrome to try and find the culprit.

nprampage · September 13, 2023, 1:07pm

You might find the difference in Edge vs. Chrome is that Edge is using some sort of "privacy" option that is actually intercepting/redirecting your DNS queries away from Pihole, FYI.

m3110w · September 13, 2023, 3:32pm

Thanks for the warning. I'll only use Edge for those rare occasions where I need to. Otherwise I'm always on Firefox.

system · October 4, 2023, 3:33pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.