Update failed - DNS not running (Ubuntu 16.04.5 LTS)

Zanthius · October 7, 2018, 1:56pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

Update to v4 and it to work

Actual Behaviour:

Getting error - DNS not running

Debug Token:

h5amq7kjum

Hi - I updated my pihole today to the new V4 using the pihole -up command
The update failed (sorry it scrolled off the screen), so i'm not sure at which point.
Running pihole -r gives the following output: root@dnsfilter:~# pihole -r [✓] Root user check .;;,. . - Pastebin.com

It's showing that dnsmasq isn't running - confirmed with systemctl status dnsmasq
So I start the service and try to access the webpage

I get a page with the words - Lost connection to API in the 4 boxes up the top and FTL offline in the status box.
The FTL service is running, so I restarted it.
Showing the status of the FTL service gives me the following:

I note the line - Oct 08 00:13:19 dnsfilter pihole-FTL[5317]: dnsmasq: failed to create listening socket for port 53: Permission denied

I'm running it in a lxc container and it's been working fine up to this update.

Any ideas?

jfb · October 7, 2018, 2:31pm

In V4, dnsmasq is embedded in pihole-FTL, so dnsmasq no longer runs as a separate process. pihole-FTL should be listening on port 53.

https://docs.pi-hole.net/ftldns/dns-resolver/

What is the output of the following from the Pi-Hole host terminal:

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'

Zanthius · October 7, 2018, 11:39pm

I get the following:

root@dnsfilter:~# netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp6       0      0 :::80                   :::*                    LISTEN      -

I have now stopped the dnsmasq service and restarted FTL, but still getting the same error when looking at the status of FTL

Oct 08 10:08:54 dnsfilter pihole-FTL[7716]: dnsmasq: failed to create listening socket for port 53: Permission denied

jfb · October 7, 2018, 11:57pm

These related Ubuntu threads may be of assistance:

Zanthius · October 8, 2018, 1:49am

After a bit more investigation, it was found the user pihole does not have enough privileges to start FTL.
The command:
setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip /usr/bin/pihole-FTL
Gave an error:

Failed to set capabilities on file `/usr/bin/pihole-FTL' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file

It may be because it's within a LXC container, but changing the /etc/init.d/pihole-FTL file from

su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"

to

/usr/bin/pihole-FTL

looks to have resolved it.

Is there a fallback to using the setcap command for containers that could be setup? I know it was designed for Pi's, but many of us are running this on normal servers since it's so good.

Mcat12 · October 9, 2018, 1:07am

Your environment might not support Linux capabilities, so the recommended fix is to remove the setcap line and run Pi-hole as root (you did this second part with your changes).

system · October 30, 2018, 1:08am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.