Using Pi as dhcp, not resolving hostnames "unknown" and not blocking ads

DORpapst · March 5, 2023, 8:32pm

The issue I am facing:
The issue looks like a standard problem, but still, I cant figure out what to do. I moved in to a new place with new router. I have a PiHole which is also used as DHCP-server.
The addressing scheme is 10.0.0.0/24, the routers IP address is x.138. The Pi hole is 10.0.0.1.

It seems to work for some devices, but it does not resolve all of my devices by its name, just showing "unknown" for all of them. (all but one are unknown) Interestingly, it seems like the "unknown" devices don't receive blocking, while the one device which blocks correctly (a Wifi connected Ubuntu notebook) is also resolved.
However, if I look into the settings of "unknown" devices, the seem to know that they rely on the Pi hole for DNS server, since it shows its IP-address.

Details about my system:
In the router, I set the DHCP to the IP-address of my Pi. I did not change the DNS settings.
The /etc/dhcpcd.conf looks like this:

# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Most distributions have NTP support.
#option ntp_servers

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private

# Example static IP configuration:
#interface eth0
#static ip_address=192.168.0.10/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
#static routers=192.168.0.1
#static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1

# It is possible to fall back to a static IP if DHCP fails:
# define static profile
#profile static_eth0
#static ip_address=192.168.1.23/24
#static routers=192.168.1.1
#static domain_name_servers=192.168.1.1

# fallback to static profile on eth0
#interface eth0
#fallback static_eth0
interface eth0
static ip_address=10.0.0.1/24
static routers=10.0.0.138
static domain_name_servers=9.9.9.9

The /etc/pihole/setupVars.conf looks like this:

PIHOLE_INTERFACE=eth0
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=local
WEBPASSWORD=
BLOCKING_ENABLED=true
DHCP_ACTIVE=true
DHCP_START=10.0.0.201
DHCP_END=10.0.0.251
DHCP_ROUTER=10.0.0.138
DHCP_LEASETIME=24
PIHOLE_DOMAIN=lan
DHCP_IPv6=false
DHCP_rapid_commit=false
PIHOLE_DNS_1=9.9.9.9
PIHOLE_DNS_2=149.112.112.112
PIHOLE_DNS_3=2620:fe::fe
PIHOLE_DNS_4=2620:fe::9
DNSSEC=false
REV_SERVER=false

So I activated the DHCP settings in the Pi Hole, as seen above. I did not actively change something about the IPv6 settings, since I am not sure if I need that (which would be a second, more irrelevant question)

What I have changed since installing Pi-hole:
Nothing but the settings I explained above.

Bucking_Horn · March 5, 2023, 8:53pm

Please provide a screenshot showing some of those unknown hosts.

Also, what's the result of the following command:

nslookup 10.0.0.x 10.0.0.1

Substitute 10.0.0.x with the actual IP of a device that is listed as unknown, preferably one from the screenshot.

DORpapst · March 5, 2023, 9:12pm

Thank you for your answer. Attached is a screenshot of the section "Currently active DHCP leases"

I just removed the Mac addresses in the beginning.
The outputs are like this, 2 of the unknown and the known one:

➜  ~ nslookup 10.0.0.215 10.0.0.1
** server can't find 215.0.0.10.in-addr.arpa: NXDOMAIN

➜  ~ nslookup 10.0.0.239 10.0.0.1
** server can't find 239.0.0.10.in-addr.arpa: NXDOMAIN

➜  ~ nslookup 10.0.0.218 10.0.0.1
218.0.0.10.in-addr.arpa	name = lukas-ubuntuknecht.lan.

Bucking_Horn · March 5, 2023, 9:14pm

Even when Pi-hole is acting as DHCP server, Pi-hole may not know about a hostname of a device if
a) the device does not present a hostname during DHCP lease negotiation
and
b) a name for the device's associated IP cannot be procured by other means, e.g. via Local DNS records defined in your Pi-hole

Typically, this may happen if a device like a smartphone is using privacy options to join your network, which probably would involve MAC address randomisation as well, i.e. the device does not present its real MAC address and no hostname, or perhaps a generic one that just reflects the spoofed MAC address.

Please verify that your devices don't use those privacy features when connecting to your home network.

DORpapst · March 5, 2023, 9:50pm

God, I can’t believe hoe I searched for this for hours without realising it’s the private iPhone address… if I deactivate that, then I can see the host name

However, there is no blocking on these devices, even though they have correct DNS, which seems weird to me

Do I actually need to set the DNS setting in my router as well if I already have set the DHCP to my pihole in its setting? Couldn’t find an answer to this

Bucking_Horn · March 5, 2023, 10:09pm

That may indicate that Pi-hole is being by-passed.

Browsers may do so when they have been configured to use DNS-over-HTTPS (DoH).
Make sure that DoH is disabled in your browsers.

Also, antivirus packages may sport some DNS feature, which would force DNS traffic of the machine they are installed to some alternate DNS servers.
You'd have to disable those features in your antivirus package.

And your router may advertise its own IPv6 address as local DNS resolver.
If that's the case, you'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server or to stop advertising its own.
You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

DORpapst · March 6, 2023, 9:24am

I just activated IPv6 in the DHCP settings of the Pi and now it seems to work fine. I have the same problem with not seeing host names for IPv6 Adresse now, but it’s all blocking and the IPv4 ones are working fine if iPhones are correctly configured.

So I guess it is now correctly configured?

Thank you for your help

Bucking_Horn · March 6, 2023, 4:09pm

If your issue is with your router advertising its own IPv6 address as local DNS resolver then no, it isn't configured correctly..

That won't address your issue, it will just make it less obvious.

Run ipconfig /all from a Windows machine in your network and take a look at the DNS server section.
Please share just that section.

DORpapst · March 6, 2023, 4:31pm

Thank you for your answer.
I am sorry to say, there is no windows machine existing in the house.
Is there a linux alternative for this?
I believe the command is "ip a" which in this case outputs:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 98:01:a7:8a:05:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.218/24 brd 10.0.0.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 84648sec preferred_lft 84648sec
    inet6 2001:<redacted>07e/128 scope global dynamic noprefixroute 
       valid_lft 1151sec preferred_lft 1151sec
    inet6 2001:<redacted>194/64 scope global temporary dynamic 
       valid_lft 1199sec preferred_lft 1199sec
    inet6 2001:<redacted>649/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 1199sec preferred_lft 1199sec
    inet6 fe80::f98f:1728:1be8:ea02/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

The devices in the house are just a linux computer, some iOS devices, some arduinos, the raspberry pi and occasionally guest's devices.

God, I have used PiHole for 5 years but thats also how long I haven't newly configured it, I feel like an idiot.

Just two questions in between:

is the " Enable IPv6 support (SLAAC + RA)" option necessary for me?
should I set up the DNS server in my router as well, or can this be untouched if I changed the DHCP settings in the router to point to my pi hole?

Bucking_Horn · March 6, 2023, 4:47pm

There certainly is, though it would depend on your Linux distro, possibly its release and its configured networking tool stack which file to look in.
Often, that is /etc/resolv.conf or /etc/systemd/resolved.conf, but you'd have to consult the documentation for your distros to find out about your host's DNS configuration.

No, not even if IPv6 would be your issue.

Ticking that option would have Pi-hole advertise its own IPv6 as DNS resolver, but it wouldn't affect your router's configuration.
If your router would continue to advertise its own IPv6 (something we yet want to find out by scrutinising your system's DNS servers), then your clients would learn about both those IPv6 addresses. They could switch between them at their own discretion, probably preferring your router, effectively by-passing Pi-hole.

If your system's DNS server list would confirm that your router is advertising its own IPv6 address as DNS server, you'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server or to stop advertising its own.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.

If your router doesn't support that either, your clients will always be able to bypass Pi-hole via IPv6.

DORpapst · March 6, 2023, 5:11pm

I can set both the IPv4 and the IPv6 address of DNS servers in my router. Its all together 4 addresses
IPv4 Server 1/2, IPv6 Server 1/2.

The output of my raspberry Pi's /etc/resolv.conf is:

# Generated by resolvconf
search home
nameserver 9.9.9.9
nameserver 2001<redacted>53
nameserver 2001<redacted>53

On one of the linux computers where the blocker seems to work:

nameserver 127.0.0.53
options edns0 trust-ad
search lan home

Bucking_Horn · March 6, 2023, 5:32pm

(I've obfuscated your public IPv6 addresses (range 2000::/3).)

That machine uses a local stub resolver at 127.0.0.53.
We would be interested in knowing the DNS resolvers that the stub is using.
If that stub would be systemd-resolved, the other file I've quoted may hold those.
If some different tool is involved, you'd have to search for your specific OS releases's DNS configuration options.
But maybe that's not necessary - see below.

Those may not be the router advertisements for DNS servers.
Are those IPv6 DNS options labelled SLAAC/NDP/RA/RDNSS or similar?

If not, then those may be the upstream DNS servers that your router is using.
If you only would be using Pi-hole as your router's upstream, you'd possibly be fine.

If your router would additionally distribute Pi-hole's IPv4 as local DNS server via DHCP, then you may close a partial DNS loop if Pi-hole's Conditional Forwarding would be enabled at the same time.

That file has two IPv6 nameservers.
What machine do they belong to?
Would one of them match an IPv6 address of your Pi-hole host machine?

DORpapst · March 6, 2023, 5:52pm

It does not say anything about SLAAC/NDP/RA/RDNSS, its just a website saying "set your custom IPv4/6 DNS servers", which is currently deactivated since I activated DHCP.

Concerning the two nameservers for IPv6: None of them is my pi holes address, but if I google them,I only get results from my Internet provider, those are apparently the Ipv6 nameservers of them.

Bucking_Horn · March 6, 2023, 6:06pm

Indeed, those seem to be Telenor DNS resolver's IPv6 addresses.

That would suggest your router is advertising your ISP's DNS servers.

My advice above remains fully applicable (emphasis added):

DORpapst · March 6, 2023, 6:14pm

So I just need to find out the IP address of my pi hole and put this into the DNS settings of my telenor router?
Which would be running "ifconfig"

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 [removed1]  prefixlen 128  scopeid 0x0<global>
        inet6 [removed2]   prefixlen 64  scopeid 0x20<link>
        inet6 [removed3]   prefixlen 64  scopeid 0x0<global>

and then put 10.0.0.1 as my IPv4 server and [removed1] and [removed2] as IPv6 servers?

Bucking_Horn · March 6, 2023, 6:23pm

I can't answer that:

Just note that there is a difference in your router's upstream DNS servers (commonly, a WAN kind of option) and its local DNS server settings for IPv6.
IPv6 uses router advertisements (RA) to propagate DNS servers.
You want to find out whether and how your router supports configuring them.
Commonly, that's a LAN kind of settings - aforementioned SLAAC/NDP/RA/RDNSS, plus DHCPv6, which are separate and independent from IPv4's DHCP.