When I try to restart the dnsmasq, I'm getting error

I have installed pihole on the Raspberr Pi 3.
OS : Raspbian GNU/Linux 9.9 (stretch)
Kernel : Linux nextbox 4.19.58-v7+ #1245 SMP Fri Jul 12 17:25:51 BST 2019 armv7l GNU/Linux

Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
library versions: OpenSSL 1.0.2s  28 May 2019, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_sysroot=no

• Pi-hole version is v4.3.1 (Latest: v4.3.1)
• AdminLTE version is v4.3 (Latest: v4.3)
• FTL version is v4.3.1 (Latest: v4.3.1)

I also want to install OpenVPN in the same board, but when I try to restart the dnsmasq I get the following error :

sudo /etc/init.d/dnsmasq restart

[....] Restarting dnsmasq (via systemctl): dnsmasq.serviceJob for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xe" for details.
 failed!

sudo systemctl status dnsmasq.service

● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sat 2019-08-10 22:34:13 BST; 38s ago
  Process: 32756 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=1/FAILURE)
      CPU: 12ms

Aug 10 22:34:13 nextbox systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Aug 10 22:34:13 nextbox dnsmasq[32756]: dnsmasq: bad option at line 44 of /etc/dnsmasq.d/01-pihole.conf
Aug 10 22:34:13 nextbox systemd[1]: dnsmasq.service: Control process exited, code=exited status=1
Aug 10 22:34:13 nextbox systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.
Aug 10 22:34:13 nextbox systemd[1]: dnsmasq.service: Unit entered failed state.
Aug 10 22:34:13 nextbox systemd[1]: dnsmasq.service: Failed with result 'exit-code'.

cat /etc/dnsmasq.d/01-pihole.conf

# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

###############################################################################
#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
#                                                                             #
#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
#                      /etc/pihole/setupVars.conf                             #
#                                                                             #
#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
###############################################################################

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list


localise-queries


no-resolv



cache-size=10000

log-queries
log-facility=/var/log/pihole.log

local-ttl=2

log-async

# If a DHCP client claims that its name is "wpad", ignore that.
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
server=9.9.9.9
server=149.112.112.112
interface=eth0

Line 44 line is :

sed -n '44p' /etc/dnsmasq.d/01-pihole.conf

dhcp-name-match=set:wpad-ignore,wpad

Why is this happening ?
I can't handle dnsmasq separately ( of course as root ) ?
So far I haven't teased anything special, but I just want to restart the dnsmasq.

Thank you.

pihole uses custom commands for certain things. this is one of those things

sudo pihole restartdns

This command should indicate that dnsmasq in inactive (dead), since dnsmasq should not be running as a separate process with the current version of Pi-Hole (since V4.0). pihole-FTL has dnsmasq embedded in it and should be the running process on port 53.

What is the output of the following command from the Pi terminal: - the result should be dnsmasq-pi-hole-2.80 for the current master version of Pi-Hole.

dig chaos txt version.bind +short

Thank you both for your answers.

To be honest, I was offline ( so "out-of-date" about latest pihole news ) for a while. So, I recently (easily) installed the PiHole on Raspberry Pi, without reading about its latest changes ( release notes ). And these, in my view, were very important, serious and decisive :

https://pi-hole.net/2018/02/22/coming-soon-ftldns-pi-holes-own-dns-dhcp-server/

https://pi-hole.net/2018/03/24/help-us-beta-test-ftldns/

https://pi-hole.net/2018/04/24/blocking-via-regex-now-available-in-ftldns/

https://pi-hole.net/2018/08/06/pi-hole-v4-0-released-with-ftldns-improved-blocking-modes-regex-docker-and-more/

So, from version 4 onwards, they changed (let's not say everything), but very basic things!
It no longer installs the dnsmasq, but it is included in the new so-called "FTLDNS" of the pihole modules.

This for me, where I use the Raspberry Pi for additional other functions of the local network - besides the security and blocking that your pihole offers -, it is very important.
For example, the above problem occurred as I was trying (carefree ) to install and configure the OpenVPN correctly, and did not know that the dnsmasq no longer exists.
The following answers helped me and made me suspect that things have now changed :

https://discourse.pi-hole.net/t/error-with-dnsmasq-bad-option-at-line-44/18630/2?u=piopen

https://discourse.pi-hole.net/t/pihole-ftl-failed-to-create-listening-socket-for-port-53/17207/2?u=piopen

https://discourse.pi-hole.net/t/problem-setting-up-openvpn-and-resolving-to-the-server/11384/2?u=piopen

In my opinion, this change (though it might initially bother me), shows me you've taken it very seriously, don't be afraid to dirty your hands even more to optimize your very useful, important, necessary and amazing project! Probably this integration if done right, will have much better - more optimal - results!

However, an amazing documentation is provided :

https://github.com/pi-hole/pi-hole/wiki/Pi-hole---OpenVPN-server

https://docs.pi-hole.net/guides/vpn/overview/

https://discourse.pi-hole.net/t/pi-hole-with-openvpn-vps-debian/861

Before proceeding with the procedure I followed, I would like to ask the following question:

If I want to make special/extra configurations in the dnsmasq for the sake of the OpenVPN, where can i do them ?

I see how all the configuration files are here:

sudo tree /etc/dnsmasq.d/

/etc/dnsmasq.d/
├── 01-pihole.conf
├── 02-pihole-dhcp.conf
├── 04-pihole-static-dhcp.conf
└── README

So, can I add one more configuration file there ( e.g. openvpn.conf ) and will it work?
Or do I need to add the configuration settings I want to any of the above existing configuration files?

The right guide for my case is here : Optional: Dual operation: LAN & VPN at the same time, right ;
Because I want to install OpenVPN on my (home) Raspberry Pi which running on it and they Pihole as well.

Here are my configuration steps:

1. In the OpenVPN server configuration file /etc/openvpn/server.conf, I added the following :

push "route 192.168.2.0 255.255.255.0"
#push "dhcp-option DNS 192.168.2.123"

# With the following two lines, the OpenVPN server will force clients
# to have it as the default gateway as well as to use
# the nameserver he suggests.
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1""

What do you have to say about my above configuration? Is correct ?
About my dhcp-option configuration ?

Then, I make the following settings on the dnsmasq server - now in the FTLDNS:
sudo vi /etc/dnsmasq.d/openvpn.conf

...
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1, 10.8.0.1, 192.168.2.2

# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
bind-interfaces
....

I make the above configurations because I want the Raspberry Pi box with the OpenVPN server ( and Pi-Hole ) to also run the nameserver debts for OpenVPN clients. For more security.

As for the last important step who mentioned ( - to work properly with the Pi-Hole - to allow it ), as you can see below, I chose "Listen on all interfaces" and no "Listen on all interfaces, permit all origins" that you are suggesting and for the now seems to work fine!

Also see the Pi-Hole settings from here :

cat /etc/pihole/setupVars.conf

WEBPASSWORD=****
DHCP_ACTIVE=true
DHCP_START=192.168.2.10
DHCP_END=192.168.2.251
DHCP_ROUTER=192.168.2.1
DHCP_LEASETIME=24
PIHOLE_DOMAIN=lan
DHCP_IPv6=false
DHCP_rapid_commit=false
BLOCKING_ENABLED=true
DNSMASQ_LISTENING=local
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
CONDITIONAL_FORWARDING=false
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.2.2/24
IPV6_ADDRESS=
PIHOLE_DNS_1=9.9.9.9
PIHOLE_DNS_2=149.112.112.112
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true

What is your opinion? It's wrong ?
Why should I put the setting you are suggesting?

Thank you very much!

References :

• https://discourse.pi-hole.net/t/problem-setting-up-openvpn-and-resolving-to-the-server/11384/2?u=piopen

Add the new file and leave the existing files alone. If you change the existing files your changes will be overwritten on next repair or update of Pi-Hole.

@jfb Thanks for your answer.

So, what I did about configuration of FTLDNS ( or otherwise for dnsmasq ) is appropriate and works.
Nice, thanks!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.