Community discussions

MikroTik App
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1165
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Pihole DNS service not running

Sun Mar 12, 2023 9:31 am

Hello,

I installed Pihole on my ax3 using Mikrotiks tutorial from their youtube channel and I managed to get container running and there was no problem during installation but i can't get DNS service to start at pihole web interface, i click "Enable blocking" and on dashboard i get "Active" but as soon as i change menu or refresh page i get "DNS service not running"

I tried to restart container but same thing. I can't get DNS service to run. I do have internet access and i can see ads on pages so i know it's not working.

Here is my config from ax3:
# mar/12/2023 08:18:24 by RouterOS 7.8
# software id = 
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = 
/container mounts
add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=/usb1-part1/etc-dnsmasq.d
add dst=/etc/pihole name=etc_pihole src=/usb1-part1/etc
/disk
add parent=usb1 partition-number=1 partition-offset=512 partition-size=\
    "62 264 442 368" type=partition
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge \
    vlan-filtering=yes
add name=dokeri
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=TRUNK
set [ find default-name=ether3 ] comment=VLAN10_TEA_RADNI_PC
set [ find default-name=ether4 ] comment=VLAN88_HOME
set [ find default-name=ether5 ] comment=VLAN88_HOME
/interface veth
add address=10.10.100.2/24 comment=Pihole gateway=10.10.100.1 name=veth1
/interface vlan
add interface=bridge name=VLAN10_TEA_PC vlan-id=10
add interface=bridge name=VLAN20_SECURITY vlan-id=20
add interface=bridge name=VLAN30_IOT vlan-id=30
add interface=bridge name=VLAN40_IPTV vlan-id=40
add interface=bridge name=VLAN88_HOME vlan-id=88
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=HOME
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk name=HOME
/interface wifiwave2
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\
    disabled .width=20/40mhz-Ce comment="5 GHz" configuration.country=Croatia \
    .mode=ap .ssid="Gazdin WiFi" .tx-power=4 disabled=no mtu=1500 security=\
    HOME
set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2412 \
    .skip-dfs-channels=10min-cac .width=20mhz comment="2.4 GHz" \
    configuration.country=Croatia .mode=ap .ssid="Gazdin WiFi" .tx-power=0 \
    disabled=no security=HOME
/ip pool
add name=dhcp_pool1 ranges=10.10.10.2-10.10.10.5
add name=dhcp_pool2 ranges=10.10.20.2-10.10.20.150
add name=dhcp_pool3 ranges=10.10.30.2-10.10.30.254
add name=dhcp_pool4 ranges=10.10.40.2-10.10.40.50
add name=dhcp_pool5 ranges=10.10.88.2-10.10.88.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=VLAN10_TEA_PC lease-time=1d name=\
    dhcp_VLAN10
add address-pool=dhcp_pool2 interface=VLAN20_SECURITY lease-time=1d name=\
    dhcp_VLAN20
add address-pool=dhcp_pool3 interface=VLAN30_IOT lease-time=1d name=\
    dhcp_VLAN30
add address-pool=dhcp_pool4 interface=VLAN40_IPTV lease-time=1d name=\
    dhcp_VLAN40
add address-pool=dhcp_pool5 interface=VLAN88_HOME lease-time=1d name=\
    dhcp_VLAN88
/port
set 0 name=serial0
/container
add envlist=pihole_envs interface=veth1 mounts=dnsmasq_pihole,etc_pihole \
    root-dir=usb1-part1/pihole
/container config
set registry-url=https://registry-1.docker.io tmpdir=usb1-part1/pull
/container envs
add key=TZ name=pihole_envs value=Zagreb/Europe
add key=WEBPASSWORD name=pihole_envs value=xxxxxxxxx
add key=DNSMASQ_USER name=pihole_envs value=xxxxxxxxx
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
    interface=ether2
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether4 pvid=88
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=ether5 pvid=88
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=wifi1 pvid=88
add bridge=bridge comment=defconf frame-types=\
    admit-only-untagged-and-priority-tagged interface=wifi2 pvid=88
add bridge=dokeri comment=Dokeri interface=veth1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=15360
/interface bridge vlan
add bridge=bridge tagged=bridge,ether2 untagged=wifi1,wifi2,ether4,ether5 \
    vlan-ids=88
add bridge=bridge tagged=bridge untagged=ether3 vlan-ids=10
add bridge=bridge tagged=bridge,ether2 vlan-ids=20
add bridge=bridge tagged=bridge,ether2 vlan-ids=30
add bridge=bridge tagged=bridge,ether2 vlan-ids=40
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=VLAN10_TEA_PC list=LAN
add interface=VLAN20_SECURITY list=LAN
add interface=VLAN30_IOT list=LAN
add interface=VLAN40_IPTV list=LAN
add interface=VLAN88_HOME list=LAN
add interface=VLAN88_HOME list=HOME
/ip address
add address=10.10.10.1/24 comment="VLAN10 _TEA_PC" interface=VLAN10_TEA_PC \
    network=10.10.10.0
add address=10.10.20.1/24 comment=VLAN20_SECURITY interface=VLAN20_SECURITY \
    network=10.10.20.0
add address=10.10.30.1/24 comment=VLAN30_IOT interface=VLAN30_IOT network=\
    10.10.30.0
add address=10.10.40.1/24 comment=VLAN40_IPTV interface=VLAN40_IPTV network=\
    10.10.40.0
add address=10.10.88.1/24 comment=VLAN88_HOME interface=VLAN88_HOME network=\
    10.10.88.0
add address=10.10.100.1/24 comment=Dokeri interface=dokeri network=\
    10.10.100.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
add address=10.10.20.0/24 gateway=10.10.20.1
add address=10.10.30.0/24 gateway=10.10.30.1
add address=10.10.40.0/24 gateway=10.10.40.1
add address=10.10.88.0/24 gateway=10.10.88.1
/ip dns
set allow-remote-requests=yes servers=10.10.100.2
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="Prekid prometa od VLAN10 na VLAN88" \
    in-interface=VLAN10_TEA_PC out-interface=VLAN88_HOME
add action=drop chain=forward comment="Prekid prometa od VLAN20 na VLAN88" \
    in-interface=VLAN20_SECURITY out-interface=VLAN88_HOME
add action=drop chain=forward comment="Prekid prometa od VLAN30 na VLAN88" \
    in-interface=VLAN30_IOT out-interface=VLAN88_HOME
add action=drop chain=forward comment="Prekid prometa od VLAN40 na VLAN88" \
    in-interface=VLAN40_IPTV out-interface=VLAN88_HOME
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment=Dokeri_net src-address=\
    10.10.100.0/24
add action=dst-nat chain=dstnat comment=Pihole_HTTP dst-address=10.10.88.1 \
    dst-port=81 protocol=tcp to-addresses=10.10.100.2 to-ports=80
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=hAP_ax3_router
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=HOME
EDIT: Here is screenshoot of the error that I also get:
Screenshot_2023-03-12-09-26-46-203_com.android.chrome-edit.jpg
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Pihole DNS service not running

Sun Mar 12, 2023 12:30 pm

This firewall rule is (I think) the reason.
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
As far as I can see from your config you did not specify to which interface list dockeri belongs ?
So it's definitely not LAN, therefore it gets dropped.
I could be wrong though.

Personal remark
I always change that rule as follows:
add action=drop chain=input comment="drop all coming from WAN" \
    in-interface-list=WAN
Everything which is considered WAN, is dropped for me. So if I add VPN interfaces or so, they are accepted.
Up for debate but that's how I do it.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1165
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Pihole DNS service not running

Sun Mar 12, 2023 2:25 pm

Hello,

I tried to add new bridge and interface to LAN list, as well as disable rule you mention (I enable it after testing) but it's still the same thing, DNS service won't stay active.
 
marsbeetle
newbie
Posts: 38
Joined: Sun Feb 19, 2023 9:57 am

Re: Pihole DNS service not running

Sun Mar 12, 2023 8:09 pm

It doesn’t look like your Pihole container can access the internet. Try adding an accept forward chain rule with src address of container out WAN interface so it can do DNS queries. It also helps sometimes just to temporarily enable logging on your drop rules to do troubleshooting. You would then see src container ip queries being dropped and info for creating your needed firewall rule.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1165
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Pihole DNS service not running

Sun Mar 12, 2023 8:58 pm

I make changes you suggested but nothing changed. I added logging to all drop firewall rules but there is no mention of container ip address.

Here is created firewall rule:
chain=forward action=accept src-address=10.10.100.2 out-interface=ether1 
      log=yes log-prefix="" 
 
marsbeetle
newbie
Posts: 38
Joined: Sun Feb 19, 2023 9:57 am

Re: Pihole DNS service not running

Sun Mar 12, 2023 9:16 pm

You would need to restart the container to see any logs. Make sure the rule you just added is above your forward drop rule.
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1165
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Pihole DNS service not running

Mon Mar 13, 2023 8:00 am

New firewall rule is above drop rules, and i tried to restart container, i even tried to reinstall it and same thing is happening. Only thing different now is that i can see in logs that pihole tried to contact google DNS

Here is part of a log that you can see something is happening:
 06:49:10 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:39587->8.8.8.8:53, len 56
 06:49:10 firewall,info forward: in:dokeri out:ether1, connection-state:new,snat src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:39587->8.8.8.8:53, NAT (10.10.100.2:39587->10.246.201.247:39587)->8.8.8.8:53, len 56
 06:49:10 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto TCP (SYN), 10.10.100.2:52066->140.82.121.4:443, len 60
 06:49:10 firewall,info input: in:ether1 out:(unknown 0), connection-state:new src-mac 18:e8:29:32:49:38, proto UDP, 169.254.73.56:38374->255.255.255.255:10002, len 190
 06:49:11 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:34634->8.8.8.8:53, len 60
 06:49:11 firewall,info forward: in:dokeri out:ether1, connection-state:new,snat src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:34634->8.8.8.8:53, NAT (10.10.100.2:34634->10.246.201.247:34634)->8.8.8.8:53, len 60
 06:49:11 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto TCP (SYN), 10.10.100.2:35088->140.82.121.6:443, len 60
 06:49:11 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:53756->8.8.8.8:53, len 56
 06:49:11 firewall,info forward: in:dokeri out:ether1, connection-state:new,snat src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:53756->8.8.8.8:53, NAT (10.10.100.2:53756->10.246.201.247:53756)->8.8.8.8:53, len 56
 06:49:11 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto TCP (SYN), 10.10.100.2:34766->140.82.121.3:443, len 60
 06:49:12 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:52029->8.8.8.8:53, len 60
 06:49:12 firewall,info forward: in:dokeri out:ether1, connection-state:new,snat src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:52029->8.8.8.8:53, NAT (10.10.100.2:52029->10.246.201.247:52029)->8.8.8.8:53, len 60
 06:49:12 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto TCP (SYN), 10.10.100.2:52166->140.82.121.5:443, len 60
 06:49:13 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:48820->8.8.8.8:53, len 56
 06:49:13 firewall,info forward: in:dokeri out:ether1, connection-state:new,snat src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:48820->8.8.8.8:53, NAT (10.10.100.2:48820->10.246.201.247:48820)->8.8.8.8:53, len 56
 06:49:13 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto TCP (SYN), 10.10.100.2:34770->140.82.121.3:443, len 60
 06:49:13 firewall,info input: in:ether1 out:(unknown 0), connection-state:new src-mac b8:69:f4:4b:2d:39, proto UDP, 0.0.0.0:5678->255.255.255.255:5678, len 152
 06:49:13 firewall,info input: in:ether1 out:(unknown 0), connection-state:new src-mac 2c:c8:1b:92:34:ba, proto UDP, 10.246.200.23:5678->255.255.255.255:5678, len 151
 06:49:13 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:51806->8.8.8.8:53, len 60
 06:49:13 firewall,info forward: in:dokeri out:ether1, connection-state:new,snat src-mac 06:c5:77:f6:05:7d, proto UDP, 10.10.100.2:51806->8.8.8.8:53, NAT (10.10.100.2:51806->10.246.201.247:51806)->8.8.8.8:53, len 60
 06:49:13 firewall,info forward: in:dokeri out:ether1, connection-state:new src-mac 06:c5:77:f6:05:7d, proto TCP (SYN), 10.10.100.2:52170->140.82.121.5:443, len 60
And when i go to update Gravity i get this output:
[i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [✓] Preparing new gravity database
  [i] Using libz compression

  [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: Retrieval successful
  [i] Imported 188295 domains, ignoring 1 non-domain entries
      Sample of non-domain entries:
        - 0.0.0.0
  [i] List has been updated

  [✗] Unable to update timestamp of adlist with ID 1 in database /etc/pihole/gravity.db
  
  [✓] Cleaning up stray matter
  [✗] DNS service is NOT running
Here is debug output of pihole:
This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net.

The intent of this script is to allow users to self-diagnose their installations.  This is accomplished by running tests against our software and providing the user with links to FAQ articles when a problem is detected.  Since we are a small team and Pi-hole has been growing steadily, it is our hope that this will help us spend more time on development.

NOTE: All log files auto-delete after 48 hours and ONLY the Pi-hole developers can access your data via the given token. We have taken these extra steps to secure your data and will work to further reduce any personal information gathered.

*** [ INITIALIZING ]
[i] 2023-03-13:06:04:44 debug log has been initialized.
[i] System has been running for 1 days, 12 hours, 22 minutes

*** [ INITIALIZING ] Sourcing setup variables
[i] Sourcing /etc/pihole/setupVars.conf...

*** [ DIAGNOSING ]: Core version
[✓] Version: v5.15.5
[i] Remotes: origin	https://github.com/pi-hole/pi-hole.git (fetch)
             origin	https://github.com/pi-hole/pi-hole.git (push)
[i] Branch: master
[i] Commit: v5.15.5-0-gd86b325

*** [ DIAGNOSING ]: Web version
[✓] Version: v5.18.4
[i] Remotes: origin	https://github.com/pi-hole/AdminLTE.git (fetch)
             origin	https://github.com/pi-hole/AdminLTE.git (push)
[i] Branch: master
[i] Commit: v5.18.4-0-gb29a423

*** [ DIAGNOSING ]: FTL version
[✓] Version: v5.21
[i] Branch: master
[i] Commit: f380afda

*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.59

*** [ DIAGNOSING ]: php version
[i] 7.4.33

*** [ DIAGNOSING ]: Operating system
[i] Pi-hole Docker Container: 2023.02.2
[✓] Distro:  Debian
[✓] Version: 11
[✓] dig return code: 0
[i] dig response: "Raspbian=10,11 Ubuntu=20,22 Debian=10,11 Fedora=36,37 CentOS=8,9"
[✓] Distro and version supported

*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected

*** [ DIAGNOSING ]: FirewallD
[✓] Firewalld service not detected

*** [ DIAGNOSING ]: Processor
[✓] aarch64

*** [ DIAGNOSING ]: Disk usage
   Filesystem      Size  Used Avail Use% Mounted on
   /dev/sda1        58G  341M   58G   1% /
   tmpfs            64M     0   64M   0% /dev
   tmpfs           452M  5.9M  446M   2% /run
   tmpfs           452M  5.2M  447M   2% /tmp

*** [ DIAGNOSING ]: Network interfaces and addresses
   1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
       link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
       inet 127.0.0.1/8 scope host lo
          valid_lft forever preferred_lft forever
       inet6 ::1/128 scope host 
          valid_lft forever preferred_lft forever
   2: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
       link/ether 06:c5:77:f6:05:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0
       inet 10.10.100.2/24 scope global eth0
          valid_lft forever preferred_lft forever
       inet6 fe80::4c5:77ff:fef6:57d/64 scope link 
          valid_lft forever preferred_lft forever

*** [ DIAGNOSING ]: Network routing table
   default via 10.10.100.1 dev eth0 
   10.10.100.0/24 dev eth0 proto kernel scope link src 10.10.100.2 

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
    10.10.100.2/24

[✓] IPv6 address(es) bound to the eth0 interface:
    fe80::4c5:77ff:fef6:57d/64

[i] Default IPv4 gateway(s):
     10.10.100.1
   * Pinging first gateway 10.10.100.1...
[✓] Gateway responded.
[i] Default IPv6 gateway(s):

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve www.profit-qd.protrobit.site on lo (127.0.0.1)
[✗] Failed to resolve www.profit-qd.protrobit.site on eth0 (10.10.100.2)
[✓] doubleclick.com is 142.251.39.78 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve  on lo (::1)
[✗] Failed to resolve  on eth0 (fe80::4c5:77ff:fef6:57d)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)

*** [ DIAGNOSING ]: Pi-hole processes
[✓] lighttpd daemon is active
[✗] pihole-FTL daemon is inactive

*** [ DIAGNOSING ]: Pi-hole-FTL full status
[i] systemctl:  command not found

*** [ DIAGNOSING ]: Lighttpd configuration test
[✓] No error in lighttpd configuration

*** [ DIAGNOSING ]: Setup variables
    PIHOLE_INTERFACE=eth0
    IPV4_ADDRESS=0.0.0.0
    IPV6_ADDRESS=0:0:0:0:0:0
    PIHOLE_DNS_1=8.8.8.8
    QUERY_LOGGING=true
    INSTALL_WEB_SERVER=true
    INSTALL_WEB_INTERFACE=true
    LIGHTTPD_ENABLED=true
    PIHOLE_DNS_2=
    CACHE_SIZE=10000
    DNS_FQDN_REQUIRED=true
    DNS_BOGUS_PRIV=true
    DNSMASQ_LISTENING=local
    BLOCKING_ENABLED=true

*** [ DIAGNOSING ]: Dashboard headers
[✓] Web interface X-Header: X-Pi-hole: The Pi-hole Web interface is working!

*** [ DIAGNOSING ]: Pi-hole FTL Query Database


*** [ DIAGNOSING ]: Gravity Database
-rw-rw-r-- 1 pihole pihole 13M Mar 13 05:47 /etc/pihole/gravity.db

*** [ DIAGNOSING ]: Info table
   property              value                                   
   --------------------  ----------------------------------------
   version               15                                      
   updated               1676505626                              
   gravity_count         177888                                  
   Last gravity run finished at: Thu Feb 16 00:00:26 Zagreb 2023

   ----- First 10 Gravity Domains -----
   localhost.localdomain
   eu1.clevertap-prod.com
   wizhumpgyros.com
   coccyxwickimp.com
   webmail-who-int.000webhostapp.com
   010sec.com
   01mspmd5yalky8.com
   0byv9mgbn0.com
   ns6.0pendns.org
   dns.0pengl.com


*** [ DIAGNOSING ]: Groups
   id    enabled  name                                                date_added           date_modified        description                                       
   ----  -------  --------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   0           1  Default                                             2023-02-16 00:00:03  2023-02-16 00:00:03  The default group                                 

*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)

*** [ DIAGNOSING ]: Clients

*** [ DIAGNOSING ]: Adlists
   id     enabled  group_ids     address                                                                                               date_added           date_modified        comment                                           
   -----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1            1  0             https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts                                      2023-02-16 00:00:03  2023-02-16 00:00:03  Migrated from /etc/pihole/adlists.list            

*** [ DIAGNOSING ]: contents of /etc/pihole

-rw-r--r-- 1 root root 0 Mar 13 05:47 /etc/pihole/custom.list

-rw-r--r-- 1 root root 65 Mar 13 05:47 /etc/pihole/local.list

-rw-r--r-- 1 root root 241 Mar 13 05:47 /etc/pihole/logrotate
   /var/log/pihole/pihole.log {
   	su root root
   	daily
   	copytruncate
   	rotate 5
   	compress
   	delaycompress
   	notifempty
   	nomail
   }
   /var/log/pihole/FTL.log {
   	su root root
   	weekly
   	copytruncate
   	rotate 3
   	compress
   	delaycompress
   	notifempty
   	nomail
   }

-rw-rw-r-- 1 pihole root 172 Mar 13 05:48 /etc/pihole/pihole-FTL.conf
   PRIVACYLEVEL=0
   MACVENDORDB=/macvendor.db
   LOCAL_IPV4=0.0.0.0

-rw-r--r-- 1 root root 382 Mar 13 05:49 /etc/pihole/versions
   CORE_VERSION=v5.15.5
   CORE_BRANCH=master
   CORE_HASH=d86b325d
   GITHUB_CORE_VERSION=v5.15.5
   GITHUB_CORE_HASH=d86b325d
   WEB_VERSION=v5.18.4
   WEB_BRANCH=master
   WEB_HASH=b29a423b
   GITHUB_WEB_VERSION=v5.18.4
   GITHUB_WEB_HASH=b29a423b
   FTL_VERSION=v5.21
   FTL_BRANCH=master
   FTL_HASH=f380afda
   GITHUB_FTL_VERSION=v5.21
   GITHUB_FTL_HASH=f380afda
   DOCKER_VERSION=2023.02.2
   GITHUB_DOCKER_VERSION=2023.02.2

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d

-rw-r--r-- 1 root root 1.4K Mar 13 05:48 /etc/dnsmasq.d/01-pihole.conf
   addn-hosts=/etc/pihole/local.list
   addn-hosts=/etc/pihole/custom.list
   localise-queries
   no-resolv
   log-queries
   log-facility=/var/log/pihole/pihole.log
   log-async
   cache-size=10000
   server=8.8.8.8
   domain-needed
   expand-hosts
   bogus-priv
   local-service

-rw-r--r-- 1 root root 2.2K Mar 13 05:48 /etc/dnsmasq.d/06-rfc6761.conf
   server=/test/
   server=/localhost/
   server=/invalid/
   server=/bind/
   server=/onion/

*** [ DIAGNOSING ]: contents of /etc/lighttpd

-rw-r--r-- 1 root root 2.2K Jan 19  2022 /etc/lighttpd/lighttpd.conf
   server.modules = (
   	"mod_indexfile",
   	"mod_access",
   	"mod_alias",
    	"mod_redirect",
   )
   server.document-root        = "/var/www/html"
   server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
   server.errorlog             = "/var/log/lighttpd/error.log"
   server.pid-file             = "/run/lighttpd.pid"
   server.username             = "www-data"
   server.groupname            = "www-data"
   server.port                 = 80
   server.feature-flags       += ("server.h2proto" => "enable")
   server.feature-flags       += ("server.h2c"     => "enable")
   server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
   server.http-parseopts = (
     "header-strict"           => "enable",# default
     "host-strict"             => "enable",# default
     "host-normalize"          => "enable",# default
     "url-normalize-unreserved"=> "enable",# recommended highly
     "url-normalize-required"  => "enable",# recommended
     "url-ctrls-reject"        => "enable",# recommended
     "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
     "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
   )
   index-file.names            = ( "index.php", "index.html" )
   url.access-deny             = ( "~", ".inc" )
   static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "/usr/share/lighttpd/create-mime.conf.pl"
   include "/etc/lighttpd/conf-enabled/*.conf"
   server.modules += (
   	"mod_dirlisting",
   	"mod_staticfile",
   )

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf.d
/etc/lighttpd/conf.d does not exist.

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf-enabled
total 4.0K
lrwxrwxrwx 1 root root  32 Feb 15 23:59 05-setenv.conf -> ../conf-available/05-setenv.conf
lrwxrwxrwx 1 root root  35 Feb 15 23:59 10-accesslog.conf -> ../conf-available/10-accesslog.conf
lrwxrwxrwx 1 root root  33 Feb 15 23:59 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
-rw-r--r-- 1 root root 223 Mar 13 05:48 15-pihole-admin-redirect-docker.conf
lrwxrwxrwx 1 root root  38 Feb 15 23:59 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf

lrwxrwxrwx 1 root root 38 Feb 15 23:59 /etc/lighttpd/conf-enabled/15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf
   server.errorlog := "/var/log/lighttpd/error-pihole.log"
   $HTTP["url"] =~ "^/admin/" {
       server.document-root = "/var/www/html"
       server.stream-response-body = 1
       accesslog.filename = "/var/log/lighttpd/access-pihole.log"
       accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
       fastcgi.server = (
           ".php" => (
               "localhost" => (
                   "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
                   "bin-path" => "/usr/bin/php-cgi",
                   "min-procs" => 1,
                   "max-procs" => 1,
                   "bin-environment" => (
                       "TZ" => "Zagreb/Europe",
                       "PIHOLE_DOCKER_TAG" => "",
                       "PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
                       "CORS_HOSTS" => "",
                       "VIRTUAL_HOST" => "hAP_ax3_router",
                       "PHP_FCGI_CHILDREN" => "4",
                       "PHP_FCGI_MAX_REQUESTS" => "10000",
                   ),
                   "bin-copy-environment" => (
                       "PATH", "SHELL", "USER"
                   ),
                   "broken-scriptfilename" => "enable",
               )
           )
       )
       setenv.add-response-header = (
           "X-Pi-hole" => "The Pi-hole Web interface is working!",
           "X-Frame-Options" => "DENY",
           "X-XSS-Protection" => "0",
           "X-Content-Type-Options" => "nosniff",
           "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
           "X-Permitted-Cross-Domain-Policies" => "none",
           "Referrer-Policy" => "same-origin"
       )
       $HTTP["url"] =~ "^/admin/\." {
           url.access-deny = ("")
       }
       $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
           $HTTP["referer"] =~ "/admin/settings\.php" {
               setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
           }
       }
   }
   else $HTTP["url"] == "/admin" {
       url.redirect = ("" => "/admin/")
   }
   $HTTP["host"] == "pi.hole" {
       $HTTP["url"] == "/" {
           url.redirect = ("" => "/admin/")
       }
   }
   server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )

*** [ DIAGNOSING ]: contents of /etc/cron.d

-rw-r--r-- 1 root root 1.7K Feb 15 23:59 /etc/cron.d/pihole
   48 4   * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log
   00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
   @reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate
   2 13  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker
   @reboot root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker reboot

*** [ DIAGNOSING ]: contents of /var/log/lighttpd

-rw-r--r-- 1 www-data www-data 69 Mar 13 05:48 /var/log/lighttpd/error-pihole.log
   -----head of error-pihole.log------
   2023-03-13 05:48:22: server.c.1513) server started (lighttpd/1.4.59)

   -----tail of error-pihole.log------
   2023-03-13 05:48:22: server.c.1513) server started (lighttpd/1.4.59)

*** [ DIAGNOSING ]: contents of /var/log/pihole

-rw-r--r-- 1 pihole pihole 0 Mar 13 05:48 /var/log/pihole/FTL.log
   -----head of FTL.log------

   -----tail of FTL.log------

*** [ DIAGNOSING ]: contents of /dev/shm
total 0

*** [ DIAGNOSING ]: contents of /etc

-rw-r--r-- 1 root root 36 Mar 13 05:48 /etc/dnsmasq.conf
   conf-dir=/etc/dnsmasq.d
   user=admin

-rw-r--r-- 1 root root 42 Mar 13 05:47 /etc/resolv.conf
   nameserver 10.10.100.2
   nameserver 8.8.8.8

*** [ DIAGNOSING ]: Pi-hole diagnosis messages

*** [ DIAGNOSING ]: Locale
    LANG=

*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 pihole pihole 0 Mar 13 05:48 /var/log/pihole/pihole.log
   -----head of pihole.log------

   -----tail of pihole.log------

********************************************
********************************************
[✓] ** FINISHED DEBUGGING! **

   * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
   * A local copy of the debug log can be found at: /var/log/pihole/pihole_debug.log
 
holvoetn
Forum Guru
Forum Guru
Posts: 5403
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Pihole DNS service not running

Mon Mar 13, 2023 8:44 am

The fact it can retrieve the block list, means it can get out.
 
marsbeetle
newbie
Posts: 38
Joined: Sun Feb 19, 2023 9:57 am

Re: Pihole DNS service not running

Mon Mar 13, 2023 8:51 am

It seems to be a pihole specific configuration issue now that it can access the internet. I use adguard so i'm not too familiar with pihole but i saw this post on github which might contain some helpful information - https://github.com/pi-hole/docker-pi-hole/issues/1166
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1165
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Pihole DNS service not running

Mon Mar 13, 2023 3:58 pm

Little update:

So i tried to reinstall pihole but instead admin i put root under DNSMASQ_USER and now i can login with admin and password i specified in envs and service is running and there is no error anymore when i tried to do some changes but i can see only 2 clients, 10.10.100.1 and 10.10.100.2. Other clients use 10.10.88.1 and 8.8.8.8 as DNS server. Under IP/DNS I entered 10.10.100.2 to be used as DNS
 
gigabyte091
Forum Guru
Forum Guru
Topic Author
Posts: 1165
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Pihole DNS service not running

Tue Mar 14, 2023 6:21 am

Okay, so i think i solved it, so i put IP of a pihole under IP/DHCP Server/Networks and now it's working, at least on VLAN88.

I think there is no need to put it to another VLANs because on other networks i have cameras, IoT devices and IPTV.

One more question that interest me is can i remove pihole address from IP/DNS/Servers as it didn't make any difference when it was entered ?

Who is online

Users browsing this forum: aboiles and 13 guests