Understand how dns is resolved

Mike_Lawson · July 7, 2024, 6:02am

Expected Behaviour:

I am trying to understand how Pihole actually works. I have a UniFi setup where each of the vlans point to 192.168.1.6 my primary dns and 1.1.1.1 as secondary. Running latest pihole on raspberry pi.

Actual Behaviour:

I seem to get some of the reporting through however not all. Given that there is an upstream dns resolver, is pihole simply recording the fact that clients are resolving to 1.1.1.1 or does it report on all occasions the actual dns query. The reason I ask is that I query the long term log and I cannot see some entries as an example a Whois enquiry I made. Do I need to do unbound for this BOOMEL

rdwebdesign · July 7, 2024, 6:12am

This is probably the reason you are not seeing all queries.

Using "primary" and "secondary" DNS servers will cause some queries to be sent to primary (Pi-hole) and others to the secondary (1.1.1.1).

This is how DNS works. The router advertises both servers. Then, the devices will choose which DNS they will use for each query.

Mike_Lawson · July 7, 2024, 7:20am

Ok I have set it to be 192.168.1.6 only but still cannot see in query lo. I have blocked hackaday.com as an example and it does not show in log as either blocked or in the reporting

Mike_Lawson · July 7, 2024, 7:21am

Mike_Lawson · July 7, 2024, 7:23am

rdwebdesign · July 7, 2024, 7:26am

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

Mike_Lawson · July 7, 2024, 7:34am

Apologies, where do I find the token that I share with you?

chrislph · July 7, 2024, 2:05pm

Enter the command in a terminal window on the Pi-hole, or else use the web admin interface and navigate to the section indicated. Create the log and enable the option to upload and generate a token URL. Share that token in here and a Pi-hole team member can take a look.

Mike_Lawson · July 7, 2024, 7:18pm

I have done that including tick the box for token, but unless I am missing something can't see anything that says token? Regards, BOOMEL

chrislph · July 7, 2024, 7:23pm

Then you click Generate debug log and let it do its thing. At the end it reports:

********************************************
********************************************
[✓] ** FINISHED DEBUGGING! **

   * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
[i] Debug script running in automated mode
    * Using curl for transmission.

*****************************************************************
*****************************************************************

[✓] Your debug token is: https://tricorder.pi-hole.net/epAUlKwY/
[i] Logs are deleted 48 hours after upload.

*****************************************************************
*****************************************************************

   * Provide the token above to the Pi-hole team for assistance at https://discourse.pi-hole.net
   * A local copy of the debug log can be found at: /var/log/pihole/pihole_debug.log

You can see the debug token URL in that middle section. That's the URL you post in here.

butchkemper · July 7, 2024, 7:54pm

Once the DNS information is changed in the router, each device on the network must reacquire the DHCP information to update the DNS address data.

If you are not familiar with how to cause the network devices to reacquire the DHCP information, the easiest way is to reboot the device.

Phones can be set to "airplane" mode, wait a minute, and then turn off "airplane" mode. The phone will sign back on to the WiFi and reacquire the DHCP data.

Butch

system · July 28, 2024, 7:55pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.