Usual dnssec confusion

jeffschips · July 9, 2021, 8:36pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

Using Pi-hole v5.1.2 on raspberry pi.
Do not have unbound installed.
Using Quad9 (filtered, DNSSEC) under upstream dns servers.
Unchecking "use dnssec" everything works fine since I'm assuming Quad9 is doing the dnssec validation (although if so that leads to confusion as to whether or not a user should still check "on" use dnnsec as the instructions seem to indicate I should, regardless if using a Dnssec-capable dns server.) checking at https://dnssec.vs.uni-due.de/ shows thumbs up in this scenario.

Actual Behaviour:

Using the above setup, when I click "on" use dnssec together with Quad9 (filtered, DNSSEC) only https://dnssec.vs.uni-due.de/ shows a thumbs up, any other side cannot reach.

Debug Token:

Cannot upload debug log with "use dnssec" box checked as doing so does not give me an internet connection. Pleas advise as I do have the logs locally.

##Addtional information:
when updating Gravity see following messages:

Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✗] Status: Connection Refused
  [i] Target: https://mirror1.malwaredomains.com/files/justdomains
  [✗] Status: Connection Refused
  [✗] List download failed: using previously cached list

when attempting to update via ssh pihole -up get these errors although I can see web pages elsewhere:

pihole -up
  [i] Checking for updates...
fatal: unable to access 'https://github.com/pi-hole/pi-hole.git/': Could not resolve host: github.com
  [i] Pi-hole Core:	up to date
fatal: unable to access 'https://github.com/pi-hole/AdminLTE.git/': Could not resolve host: github.com
  [i] Web Interface:	up to date
  [i] FTL:		update available

  [i] FTL out of date, it will be updated by the installer.

  [✓] Root user check

 
  [✓] Update local cache of available packages
  [i] Existing PHP installation detected : PHP version 7.3.19-1~deb10u1
  [i] Performing unattended setup, no whiptail dialogs will be displayed
  [✓] Disk space check

  [✓] Checking apt-get for upgraded packages... up to date!

  [i] Installer Dependency checks...
  [✓] Checking for dhcpcd5
  [✓] Checking for git
  [✓] Checking for iproute2
  [✓] Checking for whiptail
  [✓] Checking for dnsutils

dig: couldn't get address for 'ns1.pi-hole.net': failure

  Unable to complete update, please contact Pi-hole Support

jfb · July 9, 2021, 10:06pm

Let's check and see if your Pi-hole host is using Pi-hole for DNS.

cat /etc/resolv.conf

jeffschips · July 9, 2021, 11:35pm

Thank you for the prompt response. The result of that command is:
cat /etc/resolv.conf

Generated by resolvconf

nameserver 192.168.50.1

Now, my router is 192.168.50.1
My pihole is 192.168.50.7
and in my router I have set the lan dns server as 192.168.50.7 and also in the router the WAN dns setting the same.

jfb · July 10, 2021, 12:22am

Edit file /etc/dhcpcd.conf and change the nameserver to Cloudflare or Quad 9 or other of your choice.

Then restart dhcpcd.

This will make the Pi independent of Pi-hole status.

jeffschips · July 24, 2021, 6:08pm

Thank you I will try and report back.

system · August 14, 2021, 6:09pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.