Please follow the below template, it will help us to help you!
Expected Behaviour:
[Pihole blocklists should update and pull domains into blocklist. Dashboard should show total number of domains in blocklist. Nslookup on hosts on the LAN using the pihole for dns queries should return the ip address of entered domain. Eg. nslookup google.com]
Actual Behaviour:
_[When trying to update block lists, connections are refused. Example:
[i] Target: raw.githubusercontent.com (hosts)
[✗] Status: Connection Refused
[✗] List download failed: no cached list available
New pihole dashboard shows 0 domains in blocklist, nslookup ran from hosts on LAN no longer work. eg:
What are your upstream DNS servers currently set to in Pi-Hole? From the web admin > settings > dns page? The section of the page should look something like this:
Thanks for the reply! There are no settings selected on that page due to me configuring the pihole to use cloudflare's DNS over HTTPS. I configured that about a week ago and everything was working even with no upstream server selected. The steps I took to configure the DNS over HTTPS are in that link I posted. That may be the issue. Hopefully not though because DNS over HTTPS seemed like a cool (and more secure) configuration.
Your instructions have it setup on port 54, so it would be 127.0.0.1#54.
Note in the older versions of Pi-Hole, you could not have a custom port, so if you mapped it elsewhere in a configuration file, it would not have shown on the DNS server page. With the newer version (V4.0) of Pi-Hole it will display as a custom IPV4.
Here is what my screen shows using unbound as a local resolver on port 5353, for comparison:
You can also check your settings by running this command and seeing which "server" lines are populated:
cat /etc/dnsmasq.d/01-pihole.conf
If fixing the server assignment doesn't work, I recommend that as a short term fix you select Cloudflare (at the bottom of your web GUI for DNS server settings) as your upstream DNS and see if that gets your Pi-Hole running again. May have to restart dnsmasq from the Settings > System page.
Exactly I did have the configuration to go through a proxy on port 54, but that was set in the config files for pihole, not in the admin console. When I made that change all of the upstream servers disappeared. Perhaps it wasn't actually working and the blocking of domains was from the blocklist that was already loaded. Whats even more weird is the internet still worked. I was able to make this post connected to the pihole. I selected the cloudflare upstream dns and all is working again. I suppose the dns over https isn't working properly now though.
Will do! So when I reconfigure, I should put the custom dns address to loopback.address#54? Is there a reason a # is used instead of a colon? I see in the release notes a bunch of new stuff implemented in v4. For instance it says that the domains for the blocklists are no longer automatically whitelisted. I did not notice them being whitelisted automatically before, and they are not whitelisted now and can still be accessed. What is that supposed to do? Also, it says the new default blocking mode is NULL. Not sure what that means either.
Yes, loopback address - # - 54. The convention for ports is to use #.
I once read why, but can't recall the details. I'm sure one of the devs can shed light on this.
In the past, the return for a Pi-Holed IP was the IP of the Pi-Hole. This caused some problems with slow loading pages, among other things. Now there are four options (discussed here: Blocking mode - Pi-hole documentation). The developers chose NULL as the default (returns 0.0.0.0) because this is the most reliable solution in most setups.
The # is used for ports originally because that is the separator that dnsmasq uses for ports in its config file.
The block lists are not automatically whitelisted now to avoid confusion about why certain domains would be whitelisted without the user doing anything, and it was rare that a list would block another list.
Thanks for checking and glad all works. I just hadn't seen that particular configuration before and it is slightly different than unbound. So, I learned something. Thanks.
I wouldn't know any other way to do it as I just followed that guide. Not sure why they suggest port 54 instead of 53 either. I haven't heard of Unbound. I'll look that up next!
Because you removed the first two upstream DNS servers, the script does not find the first server and therefore assumes there are no servers. Remove the commented out lines and change the 3 to a 1.