Help Setting Up DNSCrypt with PiHole

mibere · May 19, 2018, 5:35pm

Execute tail -f /var/log/pihole-FTL.log

In a second SSH connection execute

sudo service pihole-FTL stop

followed by

sudo service pihole-FTL start

Any clues, warnings or errors in the tail-output?

Blackconvoy · May 19, 2018, 6:09pm

Not sure if this matters, but I'm doing this through VNC/the RBP Desktop.

I get the following result. I don't see anything weird other than "found no readable FTL config file"

[2018-05-19 10:43:07.785] ########## FTL started! ##########
[2018-05-19 10:43:07.790] FTL branch: FTLDNS
[2018-05-19 10:43:07.790] FTL version:
[2018-05-19 10:43:07.795] FTL commit: fa0045e
[2018-05-19 10:43:07.796] FTL date: 2018-05-12 15:43:49 -0400
[2018-05-19 10:43:07.797] FTL user: pihole
[2018-05-19 10:43:07.797] Notice: Found no readable FTL config file
[2018-05-19 10:43:07.798] Using default settings
[2018-05-19 10:43:07.798] Starting config file parsing (/etc/pihole/pihole-FTL.conf)
[2018-05-19 10:43:07.799] SOCKET_LISTENING: only local
[2018-05-19 10:43:07.799] AAAA_QUERY_ANALYSIS: Show AAAA queries
[2018-05-19 10:43:07.800] MAXDBDAYS: max age for stored queries is 365 days
[2018-05-19 10:43:07.801] RESOLVE_IPV6: Resolve IPv6 addresses
[2018-05-19 10:43:07.803] RESOLVE_IPV4: Resolve IPv4 addresses
[2018-05-19 10:43:07.804] DBINTERVAL: saving to DB file every minute
[2018-05-19 10:43:07.804] DBFILE: Using /etc/pihole/pihole-FTL.db
[2018-05-19 10:43:07.805] MAXLOGAGE: Importing up to 24.0 hours of log data
[2018-05-19 10:43:07.810] PRIVACYLEVEL: Set to 0
[2018-05-19 10:43:07.811] IGNORE_LOCALHOST: Show queries from localhost
[2018-05-19 10:43:07.812] BLOCKINGMODE: Pi-hole's IP for blocked domains
[2018-05-19 10:43:07.813] BLOCKINGREGEX: Not set
[2018-05-19 10:43:07.814] Finished config file parsing
[2018-05-19 10:43:07.871] Database successfully initialized
[2018-05-19 10:43:07.875] Imported 0 queries from the long-term database
[2018-05-19 10:43:07.886] -> Total DNS queries: 0
[2018-05-19 10:43:07.887] -> Cached DNS queries: 0
[2018-05-19 10:43:07.887] -> Forwarded DNS queries: 0
[2018-05-19 10:43:07.888] -> Exactly blocked DNS queries: 0
[2018-05-19 10:43:07.888] -> Wildcard blocked DNS queries: 0
[2018-05-19 10:43:07.889] -> Unknown DNS queries: 0
[2018-05-19 10:43:07.896] -> Unique domains: 0
[2018-05-19 10:43:07.901] -> Unique clients: 0
[2018-05-19 10:43:07.902] -> Known forward destinations: 0
[2018-05-19 10:43:07.903] Successfully accessed setupVars.conf

mibere · May 19, 2018, 6:57pm

If your FTL is down I would expect an entry in the log file.

This is ok, the file /etc/pihole/pihole-FTL.conf is optional.

I don't know much about the command journalctl, but is there anything interesting in the output of
journalctl -u pihole-FTL.service -b --no-pager

Blackconvoy · May 19, 2018, 7:11pm

That says:

Hint: You are currently not seeing messages from other users and the system.
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
No journal files were opened due to insufficient permissions.

mibere · May 19, 2018, 7:19pm

sudo journalctl -u pihole-FTL.service -b --no-pager ?

Blackconvoy · May 19, 2018, 7:25pm

Apologies, I actually saw that it needed sudo and thought I re-ran the command with it. I've been distracted trying to help a friend build his first PC over the phone, which is less than pleasant.

You have my full attention now.

-- Logs begin at Thu 2018-05-17 20:52:44 PDT, end at Sat 2018-05-19 12:24:29 PDT. --
May 17 20:53:14 Corpus_Colossus systemd[1]: Starting LSB: pihole-FTL daemon...
May 17 20:53:16 Corpus_Colossus pihole-FTL[293]: Not running
May 17 20:53:17 Corpus_Colossus pihole-FTL[293]: chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
May 17 20:53:32 Corpus_Colossus su[676]: Successful su for pihole by root
May 17 20:53:32 Corpus_Colossus su[676]: + ??? root:pihole
May 17 20:53:32 Corpus_Colossus su[676]: pam_unix(su:session): session opened for user pihole by (uid=0)
May 17 20:53:38 Corpus_Colossus pihole-FTL[293]: dnsmasq: illegal repeated keyword at line 35 of /etc/dnsmasq.d/[default-config]01-pihole.conf.dpkg-old
May 17 20:53:39 Corpus_Colossus systemd[1]: Started LSB: pihole-FTL daemon.
May 19 10:42:34 Corpus_Colossus systemd[1]: Stopping LSB: pihole-FTL daemon...
May 19 10:42:34 Corpus_Colossus pihole-FTL[11714]: Not running
May 19 10:42:34 Corpus_Colossus systemd[1]: Stopped LSB: pihole-FTL daemon.
May 19 10:43:06 Corpus_Colossus systemd[1]: Starting LSB: pihole-FTL daemon...
May 19 10:43:06 Corpus_Colossus pihole-FTL[11752]: Not running
May 19 10:43:06 Corpus_Colossus pihole-FTL[11752]: chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
May 19 10:43:06 Corpus_Colossus su[11775]: Successful su for pihole by root
May 19 10:43:06 Corpus_Colossus su[11775]: + ??? root:pihole
May 19 10:43:06 Corpus_Colossus su[11775]: pam_unix(su:session): session opened for user pihole by (uid=0)
May 19 10:43:07 Corpus_Colossus pihole-FTL[11752]: dnsmasq: illegal repeated keyword at line 35 of /etc/dnsmasq.d/[default-config]01-pihole.conf.dpkg-old
May 19 10:43:08 Corpus_Colossus systemd[1]: Started LSB: pihole-FTL daemon.

Blackconvoy · May 19, 2018, 7:27pm

Looks like maybe that is the problem? The readme file in there straight up says it won't read things ending in dpkg-old. Is there a way to rename this file so I can keep a copy AND not have it read by the system?

mibere · May 19, 2018, 7:33pm

Never read about a file named /etc/dnsmasq.d/[default-config]01-pihole.conf.dpkg-old.
Nevertheless, what is line 35 in /etc/dnsmasq.d/01-pihole.conf ?

Did you already try pihole -r > Repair?

Blackconvoy · May 19, 2018, 7:38pm

That is what I named the file to keep as a back-up copy of the original file. There is a readme file in this directory that says

"All files in this directory will be read by dnsmasq as
configuration files, except if their names end in
".dpkg-dist",".dpkg-old" or ".dpkg-new"
This can be changed by editing /etc/default/dnsmasq"

So, I added .dpkg-old to the end of the file copy I made ([default-config]01-pihole.conf) so that it would not be read, but it looks like it is being read anyway? I also have a similar file in here for dnscrypt called "[default-config]02-dnscrypt.conf.dpkg-old".

Please let me know if you think these are causing issues and should be removed or somehow renamed to be ignored.

In any case, line 35 appears to be:

"cache-size=10000"

I have tried pihole -r and same result.

mibere · May 19, 2018, 7:43pm

There is a similar posting

Blackconvoy · May 19, 2018, 8:35pm

Ok, say I deleted [default-config]01-pihole.conf.dpkg-old because it was clearly causing problems.

I re-ran pihole -r and am getting the same result, so I re-ran sudo journalctl -u pihole-FTL.service -b --no-pager and now get:

-- Logs begin at Sat 2018-05-19 12:53:50 PDT, end at Sat 2018-05-19 12:55:50 PDT. --
May 19 12:54:02 Corpus_Colossus systemd[1]: Starting LSB: pihole-FTL daemon...
May 19 12:54:04 Corpus_Colossus pihole-FTL[271]: Not running
May 19 12:54:05 Corpus_Colossus pihole-FTL[271]: chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
May 19 12:54:21 Corpus_Colossus su[674]: Successful su for pihole by root
May 19 12:54:21 Corpus_Colossus su[674]: + ??? root:pihole
May 19 12:54:21 Corpus_Colossus su[674]: pam_unix(su:session): session opened for user pihole by (uid=0)
May 19 12:54:23 Corpus_Colossus pihole-FTL[271]: dnsmasq: failed to create listening socket for port 53: Address already in use
May 19 12:54:23 Corpus_Colossus systemd[1]: Started LSB: pihole-FTL daemon.

I'm assuming "May 19 12:54:23 Corpus_Colossus pihole-FTL[271]: dnsmasq: failed to create listening socket for port 53: Address already in use" is the issue, so read the link you sent and found /etc/dnsmasq.conf, but I'm not sure what to do with this file. It is huge and has tons of options.

One line that I see that may be relevant is:

"Listen on this specific port instead of the standard DNS port
(53). Setting this to zero completely disables DNS function,
leaving only DHCP and/or TFTP.
port=5353"

That's all currently commented out, should I uncomment and change it to port=5354?

mibere · May 19, 2018, 8:53pm

As there is already a program running on port 53, find out which one
sudo netstat -tulpen | grep ":53\s"

Blackconvoy · May 19, 2018, 8:59pm

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 0 13360 285/dnscrypt-proxy
udp 0 0 0.0.0.0:5353 0.0.0.0:* 108 9702 245/avahi-daemon: r
udp 0 0 127.0.0.1:53 0.0.0.0:* 0 13359 285/dnscrypt-proxy
udp6 0 0 :::5353 :::* 108 9703 245/avahi-daemon: r

Edit: Isn't this the exact same problem I had before? I'm also not clear on why dnscrypt-proxy is running on port 5353 still. Should I uncomment the "listen_addresses = ['127.0.0.1:5354', '[::1]:5354']" line in dnscrypt-proxy.toml?

mibere · May 19, 2018, 9:23pm

Remove a # at the beginning of line listen_addresses =
Then you have to restart dnscrypt-proxy with (adapt the path if needed)
sudo /opt/dnscrypt-proxy/dnscrypt-proxy -service restart

Check again with sudo netstat -tulpen | grep ":53\s"

Blackconvoy · May 19, 2018, 9:42pm

Running sudo netstat -tulpen | grep 53 after restarting dnscrypt-proxy gives:

tcp 0 0 127.0.0.1:5354 0.0.0.0:* LISTEN 0 26388 1903/dnscrypt-proxy
tcp6 0 0 ::1:5354 :::* LISTEN 0 26391 1903/dnscrypt-proxy
udp 0 0 0.0.0.0:5353 0.0.0.0:* 108 9702 245/avahi-daemon: r
udp 0 0 127.0.0.1:5354 0.0.0.0:* 0 26387 1903/dnscrypt-proxy
udp6 0 0 :::5353 :::* 108 9703 245/avahi-daemon: r
udp6 0 0 ::1:5354 :::* 0 26389 1903/dnscrypt-proxy

Edit: Now pihole says DNS service not running and I can no longer access any websites/ping/resolve on the RBP.

mibere · May 19, 2018, 9:49pm

The file /etc/pihole/setupVars.conf should contain the lines

PIHOLE_DNS_1=127.0.0.1#5354
PIHOLE_DNS_2=

and no further PIHOLE_DNS lines.

/etc/dnsmasq.d/01-pihole.conf should contain server=127.0.0.1#5354

Now sudo service pihole-FTL restart

Blackconvoy · May 19, 2018, 9:58pm

That worked! Thank you so much for your help!

system · June 9, 2018, 9:58pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.