Upstream DNS ignored

I've got Pi-hole as my primary DNS and listening on port 53.

I've also got Bind listening on port 5353, this is handling my internal DNS and passing upstream to Google.

In the setupVars.conf file I've got:

PIHOLE_DNS_1=192.168.0.8#5353

but this seems to be ignored.

My Bind server is definitely working and will resolve proxy.digi.lab:

# dig proxy.digi.lab @192.168.0.8 -p 5353

; <<>> DiG 9.16.27-Debian <<>> proxy.digi.lab @192.168.0.8 -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35138
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; QUESTION SECTION:
;proxy.digi.lab.                        IN      A

;; ANSWER SECTION:
proxy.digi.lab.         300     IN      A       10.5.1.5

;; Query time: 0 msec
;; SERVER: 192.168.0.8#5353(192.168.0.8)

But Pi-hole can't resolve it:

# dig proxy.digi.lab @192.168.0.8 -p 53

; <<>> DiG 9.16.27-Debian <<>> proxy.digi.lab @192.168.0.8 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1739
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

; EDE: 12 (NSEC Missing)
;; QUESTION SECTION:
;proxy.digi.lab.                        IN      A

;; Query time: 12 msec
;; SERVER: 192.168.0.8#53(192.168.0.8)

I'm definitely looking at the right ports:

UNCONN 0      0                            192.168.0.8:5353       0.0.0.0:*     users:(("named",pid=23929,fd=30))                                  
UNCONN 0      0                            192.168.0.8:5353       0.0.0.0:*     users:(("named",pid=23929,fd=31))                                  
UNCONN 0      0                              127.0.0.1:5353       0.0.0.0:*     users:(("named",pid=23929,fd=25))                                  
UNCONN 0      0                              127.0.0.1:5353       0.0.0.0:*     users:(("named",pid=23929,fd=24))                                  
UNCONN 0      0                                0.0.0.0:53         0.0.0.0:*     users:(("pihole-FTL",pid=24653,fd=4),("pihole-FTL",pid=24633,fd=4))
UNCONN 0      0                                  [::1]:5353             *:*     users:(("named",pid=23929,fd=34))                                  
UNCONN 0      0                                  [::1]:5353             *:*     users:(("named",pid=23929,fd=35))                                  
UNCONN 0      0                                      *:53               *:*     users:(("pihole-FTL",pid=24653,fd=6),("pihole-FTL",pid=24633,fd=6))

This setup was working till this morning when I upgraded to:

Pi-hole v5.14.2 FTL v5.19.2 Web Interface v5.17

To double check, I set the upstream to an IP which isn't assigned:

PIHOLE_DNS_1=192.168.0.6

And Pi-hole can still resolve IPs.

Is this something I've broken or is this a bug in the latest version?

I've just checked the log file and found this:

[2022-11-28 12:00:20.801 25027M] New upstream server: 8.8.4.4:53 (1/512)
[2022-11-28 12:00:20.802 25027M] New upstream server: 8.8.8.8:53 (2/512)

The two Google IPs are only mentioned in the optional servers config file and some database files, not in the main config file.

# grep 8\.8\.4\.4 *
dns-servers.conf:Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844
grep: gravity.db: binary file matches
grep: gravity_old.db: binary file matches
list.1.raw.githubusercontent.com.domains:adserver-clarium-1718981494.us-west-1.elb.amazonaws.com
list.1.raw.githubusercontent.com.domains:olxpl.id84884043.mba
list.1.raw.githubusercontent.com.domains:www.olxpl.id84884043.mba
grep: migration_backup: Is a directory
grep: pihole-FTL.db: binary file matches

I've sorted it, DNSSEC was enabled so it was doing the upstream request and then ignoring the response as Bind isn't setup for DNSSEC.

My fault, but what a pain to debug!

I still don't know where it got the two google servers from.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.