Upgrade to v6 breaks local DNS

Rarest_Iowa · February 21, 2025, 3:07pm

The issue I am facing:
When running pihole -up from my server, the upgrade to v6 seems to progress normally, but it hangs when trying to perform DNS resolution. DNS resolution from the local system no longer functions.

Details about my system:
@pi-dns:~# cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"

@pi-dns:~# ss -tulnp
Netid  State   Recv-Q  Send-Q   Local Address:Port     Peer Address:Port  Process
udp    UNCONN  0       0              0.0.0.0:53            0.0.0.0:*      users:(("pihole-FTL",pid=757,fd=4))
udp    UNCONN  0       0           127.0.0.53:5353          0.0.0.0:*      users:(("dnscrypt-proxy",pid=675,fd=6))
udp    UNCONN  0       0                 [::]:53               [::]:*      users:(("pihole-FTL",pid=757,fd=6))
tcp    LISTEN  0       1024           0.0.0.0:80            0.0.0.0:*      users:(("lighttpd",pid=805,fd=4))
tcp    LISTEN  0       32             0.0.0.0:53            0.0.0.0:*      users:(("pihole-FTL",pid=757,fd=5))
tcp    LISTEN  0       128            0.0.0.0:22            0.0.0.0:*      users:(("sshd",pid=759,fd=3))
tcp    LISTEN  0       1024           0.0.0.0:443           0.0.0.0:*      users:(("lighttpd",pid=805,fd=5))
tcp    LISTEN  0       5            127.0.0.1:4711          0.0.0.0:*      users:(("pihole-FTL",pid=757,fd=10))
tcp    LISTEN  0       4096        127.0.0.53:5353          0.0.0.0:*      users:(("dnscrypt-proxy",pid=675,fd=7))
tcp    LISTEN  0       1024              [::]:80               [::]:*      users:(("lighttpd",pid=805,fd=6))
tcp    LISTEN  0       32                [::]:53               [::]:*      users:(("pihole-FTL",pid=757,fd=7))
tcp    LISTEN  0       128               [::]:22               [::]:*      users:(("sshd",pid=759,fd=4))
tcp    LISTEN  0       5                [::1]:4711             [::]:*      users:(("pihole-FTL",pid=757,fd=11))

The update to v6 seems to set DNSStubListener=no, but it's already disabled prior to the upgrade. There's also no indication that systemd-resolved is in use. The upgrade installer just hangs constantly trying to perform DNS resolution. If I Ctrl-C out of the process and attempt to ping anything, name resolution fails. Ping by IP works fine.

DNS forwarding works Client > pihole > dnscrypt > DNS provider with TLS.

What I have changed since installing Pi-hole:
All systems are operational prior to the attempt to upgrade. I've had to recover the server from backup and started using checkpoints in Hyper-V to test, but I cannot make sense of what's breaking during the upgrade installation.

https://tricorder.pi-hole.net/salF9aYk/

nero355 · February 21, 2025, 3:55pm

See here : 404 and no DNS after recent update - #9 by nero355

I think you know what to do and if not then let me know

Rarest_Iowa · February 21, 2025, 4:09pm

Interesting. I didn't open another terminal, but I did spend an embarrassing amount of time trying to force eth0 to use a public DNS resolver with no joy. I'm not a big fan of netplan, but it seems to be the main config tool for Ubuntu. Problem is that netplan shows my adapter DNS as 127.0.4.2 which isn't mapped anywhere. I'll dig the dnsCrypt to see if past me did something screwy with the config. I wouldn't put it past myself.

nero355 · February 21, 2025, 5:27pm

If you want you can remove all the Netplan stuff and just use NetworkManager or SystemD-NetworkD instead

Rarest_Iowa · February 22, 2025, 11:01am

I went through the process of attempting the upgrade again. I popped over to my second session when the DNS resolution hung during the v6 upgrade and changed /etc/resolv.conf to 1.1.1.1. I was able to ping google.com, in this case, went back to the PiHole session, and I noticed it finished up the upgrade. The version did show v6 across all of the components:

Core version is v6.0.3 (Latest: v6.0.3)
Web version is v6.0.1 (Latest: v6.0.1)
FTL version is v6.0.2 (Latest: v6.0.2)

I'm getting 403 Forbidden on the web console, and DNS resolution is failing from nslookup on other endpoints in my network. I restarted the PiHole server, tested again, same result. On a hunch, I modified resolv.conf again, verified DNS local to the PiHole was working, but the web endpoint and DNS resolution on the PiHole was still failing.

I reverted my VM back to a checkpoint just before the upgrade, and everything's working again. What is v6 actually changing? Everything looks identical when I check the service sockets.

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=757,fd=4))
udp UNCONN 0 0 127.0.0.53:5353 0.0.0.0:* users:(("dnscrypt-proxy",pid=675,fd=6))
udp UNCONN 0 0 [::]:53 [::]:* users:(("pihole-FTL",pid=757,fd=6))
tcp LISTEN 0 1024 0.0.0.0:80 0.0.0.0:* users:(("lighttpd",pid=805,fd=4))
tcp LISTEN 0 32 0.0.0.0:53 0.0.0.0:* users:(("pihole-FTL",pid=757,fd=5))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=759,fd=3))
tcp LISTEN 0 1024 0.0.0.0:443 0.0.0.0:* users:(("lighttpd",pid=805,fd=5))
tcp LISTEN 0 5 127.0.0.1:4711 0.0.0.0:* users:(("pihole-FTL",pid=757,fd=10))
tcp LISTEN 0 4096 127.0.0.53:5353 0.0.0.0:* users:(("dnscrypt-proxy",pid=675,fd=7))
tcp LISTEN 0 1024 [::]:80 [::]:* users:(("lighttpd",pid=805,fd=6))
tcp LISTEN 0 32 [::]:53 [::]:* users:(("pihole-FTL",pid=757,fd=7))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=759,fd=4))
tcp LISTEN 0 5 [::1]:4711 [::]:* users:(("pihole-FTL",pid=757,fd=11))

Any ideas?

nero355 · February 22, 2025, 11:39pm

Two things :

Edit /etc/pihole/pihole.toml and look for the "ports =" line.

Change the Ports to unused Ports or to just 1 port you want to use for example "port = 443s" and then run "systemctl restart pihole-FTL"

Do you have ANY Forward DNS Servers configured ?

Adjust that via the pihole command or via /etc/pihole/pihole.toml and try again

When you do that you need to restart your networking or the used DNS Resolver each time!

Rarest_Iowa · February 27, 2025, 10:51am

Looks like a new update was pushed that disabled lighthttpd. I prepped for everything like the previous updates, but when I ran pihole -up, it prompted to disable lighthttpd, which I did, and when the install finished, everything was working as expected.

The TLS cert in front of my web portal had to be replaced, but thankfully a new write up was struck and is detailed enough to get me all buttoned up!

Pi-hole v6: Creating Your Own Self-Signed SSL Certificates · GitHub

Thanks for your help, nero!

system · March 20, 2025, 10:51am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.