UDP DNS reply: Timeout - no response from upstream DNS server

Help
1

Expected Behaviour:

I have recently started a fresh v6 install on a fresh bookworm image.

Pihole installation seems to go just fine, and I'm manually assigning the pihole as DNS server to some of my devices. As soon as I save those details, no connections go through.

Actual Behaviour:

Here's what the pihole query log shows: https://imgur.com/XNkQu1h
Update: I've changed this cloudflare and there's no change in behavior.

I've tried changing between various DNS providers but it doesn't change the result: "No reply received".

Here's the FTL log: https://imgur.com/GANqVTG

, where it also says there's no response from the upstream DNS server.

There was also a brief moment of hope when I found this thread (https://www.reddit.com/r/pihole/comments/1islibw/ntp_error_after_pihole_v6_update/) as I thought an NTP error was causing issues; my router is set for US west coast time manually, so I thought the pihole trying to force a different time was the issue. However, unchecking ntp.ipv4.active and the other settings didn't fix it.

Any help to get this back up and running would be appreciated. I think my situation may be similar to what is described here: DNS does not resolve for UDP - #3 by petergeelhoed
but I'm not sure what I should try to resolve any potential network issues should this round of pihole debugging not succeed.

Debug Token:

https://tricorder.pi-hole.net/WiBjMPxy/

Thank you!!

Pihole + Cloudflared - incorrect setup?
2

Your debug log shows Pi-hole to be operational, but it cannot communicate with public DNS servers:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[âś“] www.olx.pl-oferta2320592.shop is NOERROR on lo (127.0.0.1)
[âś“] www.olx.pl-oferta2320592.shop is NOERROR on eth0 (192.168.1.86)
[âś—] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)

Run from your Pi-hole machine, please share the output of:

nslookup discourse.pi-hole.net

nslookup discourse.pi-hole.net 8.8.8.8
1 Like
3

Thanks for the response. Here are the outputs from my Pi-hole machine:

nslookup discourse.pi-hole.net
Server: 192.168.1.254
Address: 192.168.1.254#53

Non-authoritative answer:
Name: discourse.pi-hole.net
Address: 157.180.42.82

nslookup discourse.pi-hole.net 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: discourse.pi-hole.net
Address: 157.180.42.82

7/5/25: I tried adding OpenDNS and Cloudflare in addition to GoogleDNS with no change in effect.

4

And below from above failed attempt?

nslookup doubleclick.com 8.8.8.8

5

Here you go:

nslookup doubleclick.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: doubleclick.com
Address: 192.178.164.101
Name: doubleclick.com
Address: 192.178.164.113
Name: doubleclick.com
Address: 192.178.164.138
Name: doubleclick.com
Address: 192.178.164.139
Name: doubleclick.com
Address: 192.178.164.100
Name: doubleclick.com
Address: 192.178.164.102
Name: doubleclick.com
Address: 2607:f8b0:4023:2009::65
Name: doubleclick.com
Address: 2607:f8b0:4023:2009::8a
Name: doubleclick.com
Address: 2607:f8b0:4023:2009::66
Name: doubleclick.com
Address: 2607:f8b0:4023:2009::71
6

I went ahead and tried a different workaround: booting up a different PC with a brand new Ubuntu install, then installing pi-hole. No difference in result, I'm still getting no response from the upstream DNS server.
Part of me thinks it's my router but it worked just fine with my pi-hole back on V5, making me think it's something there.

7

I’m running out of ideas unless somebody here has some.

I turned on the more extensive debugger and it gives me a lot of “dnsmasq received signal 17”; what would that be?

My most recent debug can be found here: https://tricorder.pi-hole.net/NSy7uknD/

8

Is pi-hole running in a docker container?

If not, please show the output of sudo iptables -L -t nat and sudo iptables -L.

ip addr and ip route wouldn't hurt either.

9

Pihole is running on Ubuntu 24.04.
Here's the output for those commands you suggested.
Thanks!


$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 $ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether c8:60:00:70:1e:db brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.85/24 brd 192.168.1.255 scope global dynamic noprefixroute enp2s0
       valid_lft 34312sec preferred_lft 34312sec
    inet6 fe80::6e18:c8bc:2bd4:f862/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

$ ip route
default via 192.168.1.254 dev enp2s0 proto dhcp src 192.168.1.85 metric 100 
192.168.1.0/24 dev enp2s0 proto kernel scope link src 192.168.1.85 metric 100
10

It looks like your pi-hole machine is set with a DHCP lease. Can you try to set it to a static IP address and see what changes?

Everything else looks good otherwise.

11

That’s…. Interesting? The addresses is set as static on the router for the Ubuntu machine that pihole is on. I just went into the wired connection settings on Ubuntu and set it as manual there with the same address and right now it’s not reconnecting to the internet.

12

Can you send the output of sudo netplan get

13

Sure, I reset the Ubuntu network configuration to 'automatic' and have this:

$ sudo netplan get

** (process:72134): WARNING **: 20:50:18.173: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others.
network:
  version: 2
  renderer: NetworkManager
  ethernets:
    enp2so:
      addresses:
      - "192.168.1.85/24"
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
      routes:
      - to: "default"
        via: "192.168.1.254"
    NM-5cb42b05-6b53-440c-ba3c-1c03dec98f49:
      renderer: NetworkManager
      match:
        name: "enp2s0"
        macaddress: "C8:60:00:70:1E:DB"
      dhcp4: true
      wakeonlan: true
      networkmanager:
        uuid: "5cb42b05-6b53-440c-ba3c-1c03dec98f49"
        name: "Profile 1"
        passthrough:
          connection.timestamp: "1752259573"
          ipv6.addr-gen-mode: "default"
          ipv6.method: "dhcp"
          ipv6.ip6-privacy: "-1"
          proxy._: ""
14

All you should have to do is edit your /etc/netplan/01-network-manager-all.yaml file and change the dhcp4 option to false

Then run sudo netplan generate and sudo netplan try

If your ip route command does not have the word "dhcp" in it, that means it's worked. Then try DNS resolution again.

15 
$ sudo netplan generate
$ sudo netplan try
systemd-networkd is not running, output might be incomplete.
Failed to reload network settings: Unit dbus-org.freedesktop.network1.service not found.
Falling back to a hard restart of systemd-networkd.service
Do you want to keep these settings?


Press ENTER before the timeout to accept the new configuration


Changes will revert in 111 seconds
Configuration accepted.
~$ ip route
default via 192.168.1.254 dev enp2s0 proto dhcp src 192.168.1.85 metric 100 
192.168.1.0/24 dev enp2s0 proto kernel scope link src 192.168.1.85 metric 100

Immediately after I did that, the pi-hole gave me this error:
2025-07-14 21:51:01 CONNECTION_ERROR Connection error (**1.1.1.1#53**): failed to send UDP request (**Network unreachable**)

16

Are you using Ubuntu with a desktop environment by chance? If so, I'm quite sure this is the root cause.

We can try one other thing to see if it will work. Replace the contents of your netplan file with this instead:

network:
  version: 2
  ethernets:
    enp2so:
      addresses:
      - "192.168.1.85/24"
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
      routes:
      - to: "default"
        via: "192.168.1.254"

Then run the generate and try command once again.

17

This is an Ubuntu desktop environment, 24.04.

I changed the contents of the netplan as suggested but have the same results as above.

$ sudo nano /etc/netplan/01-network-manager-all.yaml
$ sudo netplan generate

** (generate:136831): WARNING **: 18:09:30.577: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others.
goyo@goyo-pihole:~$ sudo netplan try

** (process:136980): WARNING **: 18:09:34.017: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others.

** (generate:136982): WARNING **: 18:09:34.025: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others.

** (process:136980): WARNING **: 18:09:34.842: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others.

** (process:136980): WARNING **: 18:09:34.984: Permissions for /etc/netplan/01-network-manager-all.yaml are too open. Netplan configuration should NOT be accessible by others.
Do you want to keep these settings?


Press ENTER before the timeout to accept the new configuration


Changes will revert in 118 seconds
Configuration accepted.
$ ip route
default via 192.168.1.254 dev enp2s0 proto dhcp src 192.168.1.85 metric 100 
192.168.1.0/24 dev enp2s0 proto kernel scope link src 192.168.1.85 metric 100

Same pihole error in the FTL log too:
2025-07-15 18:09:34.976 WARNING Connection error (1.1.1.1#53): failed to send UDP request (Network unreachable)

18

Is this a fresh Ubuntu install? No other apps besides pi-hole?

What's the output of ping 8.8.8.8

This is your router IP right?

19

Yes, this is a fresh ubuntu install. I've added steam to it but have yet to do anything else. For reference, I ran into the original problem with a Raspberry Pi 1B+, tried switching to an Ubuntu install on a different desktop.

And yes, 192.168.1.254 is the router.

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=4.46 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=6.11 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=4.80 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=3.45 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=118 time=4.20 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 3.446/4.604/6.113/0.876 ms
20

Since the ping was successful, you should have no issues with internet connectivity.

Lets try nslookup google.com 8.8.8.8 and see if that works.

If that fails, something is intercepting/blocking your DNS traffic to your upstream servers. Maybe check your router's firewall rules?