Pi-Hole won't resolve DNS requests

To clarify, it worked at one time without having to override anything? i.e. fresh clean install worked right out of the box?

new install worked without any errors but the problem is still the same before new install/reconfigure.

Maybee I must edit dnsmasq.conf?

You shouldn't have to edit anything. At one time Pi-Hole worked properly without errors, now it does not, so something was likely changed between the fresh install and now. Since the process to find what has changed may be lengthy and perhaps unsuccessful, your best approach may be to uninstall Pi-Hole completely (export your settings via teleporter first). Then run all the OS updates on the host just to get that up to latest (sudo apt update, sudo apt upgrade).

Then I would do a fresh install of Pi-Hole. Choose the default 7 block lists, put it on whatever IP address it has from your router. Don't set up IP forwarding, import anything from your teleporter, etc. Just the minimum install. See if that works. If not, troubleshoot from there.

1 Like

look here, setting is correct or?

Can you explain how to set PIHOLE DHCP correctly and which files in my system must I edit.

I don't run a Fritz Box, but there have been issues with DNS rebinding. The thread referenced below provides additional information - note there is a section on Fritz Box.

1 Like

We should do that after the Pi-Hole is working correctly, and you don't have to edit files in your system to do it.

ok, thanks

From your Pi-hole can you

dig pi-hole.net @localhost

This will rule out the router and leave it out of the equation for now and let us know if Pi-hole itself is properly resolving domains.

We've been thinking about this. Did you change this file on a client machine or on the Pi-Hole host device/platform?

I disabled systemd-resolved.service because I had problems with it.

Result of dig pi-hole.net @localhost:

; <<>> DiG 9.10.3-P4-Debian <<>> pi-hole.net @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31879
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi-hole.net. IN A

;; Query time: 34 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 09 09:01:11 BST 2018
;; MSG SIZE rcvd: 40

I tested,too:
nslookup 127.0.0.1
Server: 9.9.9.9
Address: 9.9.9.9#53

1.0.0.127.in-addr.arpa name = localhost.

Result of route:
default 192.168.178.1 0.0.0.0 UG 0 0 0 eth0
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

Result of lsof -i -P -n
dhclient 486 root 6u IPv4 12934 0t0 UDP *:68
pihole-FT 645 pihole 4u IPv4 13170 0t0 UDP *:53
pihole-FT 645 pihole 5u IPv4 13171 0t0 TCP *:53 (LISTEN)
pihole-FT 645 pihole 8u IPv4 11887 0t0 TCP *:4711 (LISTEN)
lighttpd 670 www-data 4u IPv4 13221 0t0 TCP *:80 (LISTEN)
lighttpd 670 www-data 8u IPv4 31934 0t0 TCP 192.168.178.22:80->192.168.178.22:39212 (ESTABLISHED)
firefox 1697 evil 117u IPv4 30375 0t0 TCP 192.168.178.22:39212->192.168.178.22:80 (ESTABLISHED)
firefox 1697 evil 119u IPv4 16124 0t0 TCP 192.168.178.22:51970->167.99.26.239:443 (ESTABLISHED)

I changed it on my Pihole machine "host device" @ resolv.conf.

Result of ping:
(Pihole IP) host

ping 192.168.178.22
PING 192.168.178.22 (192.168.178.22) 56(84) bytes of data.
64 bytes from 192.168.178.22: icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from 192.168.178.22: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 192.168.178.22: icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from 192.168.178.22: icmp_seq=4 ttl=64 time=0.042 ms
64 bytes from 192.168.178.22: icmp_seq=5 ttl=64 time=0.043 ms
^C
--- 192.168.178.22 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4087ms
rtt min/avg/max/mdev = 0.042/0.046/0.055/0.006 ms

Result of ping:
(Client IP)
ping 192.168.178.22

PING 192.168.178.22 (192.168.178.22) 56(84) bytes of data
From 192.168.178.21 icmp_seq=1 Destination Host unreachable

Output of:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:25:10:84 brd ff:ff:ff:ff:ff:ff
inet 192.168.178.22/24 brd 192.168.178.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 08:00:27:70:e6:c4 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 08:00:27:7b:7f:7b brd ff:ff:ff:ff:ff:ff

Output of:

sudo iptables -L

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpt:https reject-with tcp-reset
REJECT udp -- anywhere anywhere udp dpt:80 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:443 reject-with icmp-port-unreachable

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

I'll do "pihole -d" all green, no errors.

Debug token: g46qh6bztx

I probably made my Pihole work. :slight_smile:

With this settings in /etc/resolv. conf:

is set:
nameserver 127. 0. 0. 1
nameserver 9. 9. 9. 9

my pihole @ host works
and I can visit websites without errors. Adblocking is working :slight_smile:

Queries are all displayed. (localhost+DietPi)

Also I created in "/etc/ a file named: hosts.dnsmasq"

Add this to it:
192.168.178.22 DietPi
192.168.178.22 pi.hole

in "/etc/hosts"
127.0.0.1 localhost
192.168.178.22 DietPi
192.168.178.22 pi.hole

Also I add in "/etc/dnsmasq.conf":

####//DNSMASQ:
rebind-domain-ok=/pi.hole/

addn-hosts=/etc/hosts.dnsmasq

##//:conf-DIR://##
conf-dir=/etc/dnsmasq.d

in /etc/dnsmasq.d @ 01-pihole.conf:

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list

localise-queries

no-resolv

cache-size=10000

log-queries=extra
log-facility=/var/log/pihole.log

local-ttl=2

log-async

server=84.200.69.80
server=84.200.70.40
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D

interface=eth0

in "/etc/pihole/pihole-FTL.conf":

SOCKET_LISTENING=all
QUERY_DISPLAY=yes
AAAA_QUERY_ANALYSIS=yes
RESOLVE_IPV6=no
RESOLVE_IPV4=yes
MAXDBDAYS=365
DBINTERVAL=1.0
DBFILE=/etc/pihole/pihole-FTL.db
MAXLOGAGE=24
FTLPORT=4711
PRIVACYLEVEL=0
IGNORE_LOCALHOST=no
BLOCKINGMODE=IP-NODATA-AAAA
REGEX_DEBUGMODE=false

I created a file named 090firewall in /etc/network/if-up.d
(make it executable)
#!/bin/sh
set -e

NOTHING to do, when loopBACK is activated:

[ "$IFACE" != "lo" ] || exit 0

REMOVE OLD-CONFIG:

/sbin/iptables --flush
/sbin/iptables --delete-chain
/sbin/iptables -t mangle --flush
/sbin/iptables -t mangle --delete-chain
/sbin/iptables -t nat --flush
/sbin/iptables -t nat --delete-chain

DEFAULT PoLIcIEz:

/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

loopBACK AcTIvATeD:

/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

ALLOW CoNNeCTiONz:

/sbin/iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

ALLOW "ICMP":

/sbin/iptables -A INPUT -p icmp -j ACCEPT

PI-HOLE:

iptables -A INPUT -p tcp --destination-port 443 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp --destination-port 80 -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p udp --destination-port 443 -j REJECT --reject-with icmp-port-unreachable

NetworkManager isn't installed.

I got it :slight_smile:

Changed in "/etc/dnscrypt-proxy/dnscrypt-proxy.toml"

to: listen_addresses = ['127.0.0.1:54']

and

changed in PIHOLE_AdminPage under DNS

"CUSTOM_DNS1 to: "127.0.0.1#54"

Now dnscrypt-proxy + PIHOLE works great together.

It was the port :wink: Only port 54 is working at my config both together.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.