Grady
August 3, 2023, 8:30pm
1
The issue here is my iPhone, which has the Pihole DNS set, isn't blocking ads (on yahoo.com or cnn.com, as examples). These same ads from these same sites are being blocked on other devices, such as my laptop.
This is what made me think there was an issue somewhere with the Pihole or even Unbound that was causing this one device to behave differently than the others.
jfb
August 3, 2023, 8:38pm
2
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
pihole -d
or do it through the Web interface:
Tools > Generate Debug Log
Also, what is the IP of the iPhone?
Grady
August 3, 2023, 8:45pm
3
jfb
August 3, 2023, 8:51pm
4
These settings will make it difficult to troubleshoot your problem.
*** [ DIAGNOSING ]: Setup variables
...
QUERY_LOGGING=false
INSTALL_WEB_SERVER=false
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=false
No dnsmasq log and no query log to review to see the queries from that client.
Grady
August 3, 2023, 9:00pm
5
Where do I turn those on? I didn't turn them off, if they were on by default.
jfb
August 3, 2023, 9:07pm
6
On the web admin GUI:
Select "enable query logging." The screen capture shows "disable" because I have it enabled. Yours will be the opposite.
That will take care of the query logging.
For the lighttpd enable, run pihole -r
and select the reconfigure option. In the menus, select enable the web server.
Grady
August 3, 2023, 9:09pm
7
Ah, this options says it resets Pihole? Will this be rebuilding it from it scratch?
jfb
August 3, 2023, 9:16pm
8
If you prefer, edit file /etc/pihole/setupVars.conf
and set
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
Then restart FTL with sudo service pihole-FTL restart
Grady
August 3, 2023, 9:18pm
9
So this is already set to true
.
INSTALL_WEB_SERVER
is set to false
.
Grady
August 3, 2023, 9:21pm
11
Okay, set both to TRUE
, restarted with sudo service pihole-FTL restart
, and ran pihole -d
.
https://tricorder.pi-hole.net/L2qJK0Lk/
jfb
August 3, 2023, 9:24pm
12
Now if you look in the dnsmasq log at var/log/pihole/pihole.log you will see the queries from all clients. You can look for the IP of the iPhone and see if the queries from that device are reaching Pi-hole, and if so, how they are being processed by Pi-hole.
Grady
August 3, 2023, 9:49pm
13
What would cause a site to reply with SERVFAIL
when using the Pihole for DNS but when using Cloudflare or Google or any other upstream provider for DNS, it resolves just fine?
jfb
August 3, 2023, 9:55pm
15
SERVFAIL indicates that the upstream DNS resolver was unable to complete the transaction.
What is the output of the following command from the Pi terminal?
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
Grady
August 3, 2023, 10:00pm
16
/etc/unbound/unbound.conf:include: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/qname-minimisation.conf:server:
/etc/unbound/unbound.conf.d/qname-minimisation.conf: qname-minimisation: yes
/etc/unbound/unbound.conf.d/use-own-identity.conf:server:
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-identity: no
/etc/unbound/unbound.conf.d/use-own-identity.conf: identity: ""
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-version: no
/etc/unbound/unbound.conf.d/use-own-identity.conf: version: ""
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-trustanchor: no
/etc/unbound/unbound.conf.d/use-expired-records.conf:server:
/etc/unbound/unbound.conf.d/use-expired-records.conf:
/etc/unbound/unbound.conf.d/use-expired-records.conf:
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired: yes
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired-ttl: 0
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired-ttl-reset: yes
/etc/unbound/unbound.conf.d/use-multithreaded-udp.conf:server:
/etc/unbound/unbound.conf.d/use-multithreaded-udp.conf: so-reuseport: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/use-large-buffers.conf:server:
/etc/unbound/unbound.conf.d/use-large-buffers.conf: so-rcvbuf: 8m
/etc/unbound/unbound.conf.d/use-large-buffers.conf: so-sndbuf: 8m
/etc/unbound/unbound.conf.d/use-safe-edns-buffer.conf:server:
/etc/unbound/unbound.conf.d/use-safe-edns-buffer.conf: edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/use-optimized-threads.conf:server:
/etc/unbound/unbound.conf.d/use-optimized-threads.conf: num-threads: 4
/etc/unbound/unbound.conf.d/use-prefetch.conf:server:
/etc/unbound/unbound.conf.d/use-prefetch.conf: prefetch: yes
/etc/unbound/unbound.conf.d/use-prefetch.conf: prefetch-key: yes
/etc/unbound/unbound.conf.d/use-optimized-caches.conf:server:
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: msg-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: rrset-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: infra-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: key-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: rrset-cache-size: 128m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: msg-cache-size: 64m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: key-cache-size: 64m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: neg-cache-size: 64m
/etc/unbound/unbound.conf.d/use-unbound-control.conf:remote-control:
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/use-unbound-control.conf: server-key-file: /etc/unbound/unbound_server.key
/etc/unbound/unbound.conf.d/use-unbound-control.conf: server-cert-file: /etc/unbound/unbound_server.pem
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-key-file: /etc/unbound/unbound_control.key
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-cert-file: /etc/unbound/unbound_control.pem
/etc/unbound/unbound.conf.d/use-extended-statistics.conf:server:
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: verbosity: 1
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: statistics-interval: 600
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: extended-statistics: yes
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: statistics-cumulative: yes
You can up verbosity like described below:
Is this all there is when things go south? (EDIT: with verbosity set to 3?)
If so, increase verbosity to get more details?
pi@ph5b:~ $ man unbound.conf
[..]
verbosity: <number>
The verbosity number, level 0 means no verbosity, only erβ
rors. Level 1 gives operational information. Level 2 gives
detailed operational information. Level 3 gives query level
information, output per query. Level 4 gives algorithm
β¦
Ow and I still see duplicates:
Grady
August 3, 2023, 10:06pm
19
Ow and I still see duplicates:
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: verbosity: 1
I don't know where these are coming from I didn't make these files, such as use-extended-statistics.conf
or add anything into them.
I dont know either.
You can check whats in the Unbound package with below:
dpkg -L unbound
And search wih below if that use-extended-statistics.conf file comes with some other package:
dpkg -S use-extended-statistics.conf