Talk:Pi-hole
DHCP not working
After several hours battling this, I came to the conclusion that pi-hole-serverAUR 5.15.5-1
has problems with the DHCP server, and is not working at all.
Diagnostic
Weird permissions on /etc/dnsmasq.d/
Upon installing pihole-FTL, /etc/dnsmasq.d/
get the following files:
jorge in đ hp-laptop-server in /etc/dnsmasq.dđ ⯠ls -lFgh Permissions Size User Group Date Modified Name .rw-r--r-- 2,3k root root 8 mar 03:25 î 01-pihole.conf .rw-r--r-- 2,2k root root 5 mar 01:41 î 06-rfc6761.conf
However, if you try to add an static DHCP entry in your pihole configuration, the web interface greets you with an error because the file used to store this data does not exist and is not allowed to be accessed by pihole from the web interface. But once you touch it, you need to change its permissions to user pihole, group pihole otherwise dnsmasq won't be able to read-write the file:
cat /run/log/pihole-ftl/pihole-FTL.log
# ... [2023-03-08 00:32:00.230 13042M] FATAL ERROR in dnsmasq core: cannot read /etc/dnsmasq.d//04-pihole-static-dhcp.conf: Permission denied
Thus, you end with something like this:
jorge in đ hp-laptop-server in /etc/dnsmasq.dđ ⯠ls -lFgh Permissions Size User Group Date Modified Name .rw-r--r-- 2,3k root root 8 mar 03:25 î 01-pihole.conf .rw------- 97 pihole pihole 8 mar 14:17 î 04-pihole-static-dhcp.conf .rw-r--r-- 2,2k root root 5 mar 01:41 î 06-rfc6761.conf
And still, somehow the entries won't show on the web interface, Showing 0 to 0 of 0 entries
Firewall seems fine
Probably the firewall configuration of the machine is doing something that blocks the DHCP server from working, I got this with ufw and ports 67 UDP and 68 UDP are open :
sudo ufw status verbose
Status: active Logging: on (full) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- Anywhere ALLOW IN 192.168.1.0/24 22 LIMIT IN Anywhere 53 (DNS) ALLOW IN Anywhere 80,443/tcp (WWW Full) ALLOW IN Anywhere 67/udp ALLOW IN Anywhere 68/udp ALLOW IN Anywhere 22 (v6) LIMIT IN Anywhere (v6) 53 (DNS (v6)) ALLOW IN Anywhere (v6) 80,443/tcp (WWW Full (v6)) ALLOW IN Anywhere (v6) 67/udp (v6) ALLOW IN Anywhere (v6) 68/udp (v6) ALLOW IN Anywhere (v6)
Broadcast seems fine
I ran nmap -sP 192.168.1.0/24
in my personal computer and on the "laptop server" and I got 5 hosts up for my personal computer and 4 hosts up for the "laptop server".
There is no DHCP server anywhere in my network
I ask Chat GPT for a nmap command to check for DHCP servers in my network, I got something useless, so I had to improvise a bit and came up with this:
sudo nmap -sU -p 67 --script=dhcp-discover 192.168.1.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-08 14:43 CST Nmap scan report for 192.168.1.1 Host is up (0.00033s latency). PORT STATE SERVICE 67/udp closed dhcps MAC Address: 64:58:AD:88:44:DB (China Mobile IOT Company Limited) Nmap scan report for pi.hole (192.168.1.2) Host is up (0.0012s latency). PORT STATE SERVICE 67/udp closed dhcps MAC Address: 78:E3:B5:60:7F:76 (Hewlett Packard) Nmap scan report for 192.168.1.20 Host is up (0.0070s latency). PORT STATE SERVICE 67/udp closed dhcps MAC Address: 42:49:AB:C5:15:95 (Unknown) Nmap scan report for 192.168.1.10 Host is up (0.000052s latency). PORT STATE SERVICE 67/udp closed dhcps Nmap done: 256 IP addresses (4 hosts up) scanned in 3.07 seconds
"Hewlett Packard" is the "laptop server" in question, nothing seems listening on port 67 even thought pihole-FTL is up and running and its DHCP server option is turned on:
cat /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=eno1 IPV4_ADDRESS=192.168.1.2/16 IPV6_ADDRESS= INSTALL_WEB_INTERFACE=true QUERY_LOGGING=true BLOCKING_ENABLED=true DNS_FQDN_REQUIRED=true DNS_BOGUS_PRIV=true DNSSEC=false REV_SERVER=false DNSMASQ_LISTENING=all WEBUIBOXEDLAYOUT=boxed WEBTHEME=default-dark DHCP_ACTIVE=true DHCP_START=192.168.1.4 DHCP_END=192.168.1.254 DHCP_ROUTER=192.168.1.1 DHCP_LEASETIME=12 PIHOLE_DOMAIN=lan DHCP_IPv6=true DHCP_rapid_commit=true WEBPASSWORD= TEMPERATUREUNIT=C REV_SERVER_CIDR=192.168.0.0/16 REV_SERVER_TARGET=192.168.1.2 REV_SERVER_DOMAIN= PIHOLE_DNS_1=4.2.2.1 PIHOLE_DNS_2=4.2.2.2 PIHOLE_DNS_3=84.200.69.80 PIHOLE_DNS_4=84.200.70.40 PIHOLE_DNS_5=2001:1608:10:25:0:0:1c04:b12f PIHOLE_DNS_6=2001:1608:10:25:0:0:9249:d69b PIHOLE_DNS_7=1.1.1.1 PIHOLE_DNS_8=1.0.0.1 PIHOLE_DNS_9=2606:4700:4700::1111 PIHOLE_DNS_10=2606:4700:4700::1001
sudo systemctl status pihole-FTL.service
â pihole-FTL.service - Pi-hole FTLDNS engine Loaded: loaded (/usr/lib/systemd/system/pihole-FTL.service; enabled; preset: disabled) Active: active (running) since Wed 2023-03-08 14:16:12 CST; 32min ago Process: 53377 ExecStartPre=/usr/bin/chown -R pihole:pihole /etc/pihole (code=exited, status=0/SUCCESS) Process: 53378 ExecStartPre=/usr/bin/chown root:root /etc/pihole/logrotate (code=exited, status=0/SUCCESS) Process: 53379 ExecStartPre=/usr/bin/sh -c /usr/bin/rm -f /dev/shm/FTL-* (code=exited, status=0/SUCCESS) Main PID: 53380 (pihole-FTL) Tasks: 19 (limit: 4598) Memory: 7.4M CPU: 2.577s CGroup: /system.slice/pihole-FTL.service ââ53380 /usr/bin/pihole-FTL no-daemon
Pihole won't respond to any DHCP inquire
I installed dhcping and tested for the last time if Pihole was responding to any DHCP inquire at all, unsurprisingly it is not:
sudo dhcping -c 192.168.1.10 \ â -s 192.168.1.2 \ â -h 04:d9:f5:7d:50:2a no answer
In short...
DHCP in pihole-FTL is not working as expected.
Cannot edit whitelists, domains or adlists
Cannot edit whitelists, domains or adlists
I hope this saves someone the hours of headache it caused me. After getting pi-hole-serverAUR 5.17.1-3
up and running, adlists/whitelists/domains could not be edited using the WebUI, as it fails with a helpful "there was an error
" message. pihole
for Arch does not have the necessary -a addlist
switch to add a list using terminal.
Diagnostic
Basic troubleshooting
pihole status
showed all services and databases up, and pihole
logs did not reveal any errors either. Primary DNS functions of pihole
seemed to be up and running.
Log scouring
Seeing as pihole
logs did not reveal anything, I turned my attention to lighttpd
web server the WebUI uses. cat /var/log/lighttpd/error-pihole.log
revealed the following error popping up:
cat /var/log/lighttpd/error-pihole.log
> server started (lighttpd/1.4.69) > FastCGI-stderr:PHP Warning: SQLite3::prepare(): Unable to prepare statement: 1, no such table: query_storage in /srv/http/pihole/admin/api_db.php on line 94 > (mod_fastcgi.c.449) FastCGI-stderr:PHP Fatal error: Uncaught Error: Call to a member function bindValue() on bool in /srv/http/pihole/admin/api_db.php:95 > (mod_fastcgi.c.449) FastCGI-stderr:Stack trace: > (mod_fastcgi.c.449) FastCGI-stderr:#0 {main} > (mod_fastcgi.c.449) FastCGI-stderr: thrown in /srv/http/pihole/admin/api_db.php on line 95
lighttpd
troubleshooting
At least I had an error message to go off of now. Further Google-fu suggested this to be an issue with PDO
and sqlite
PHP plugins. I had no clue what this meant having never dealt with PHP in my life.
PHP plugins
Having followed the install instructions on this wiki, I had also installed php-sqlite
as part of WebUI install. Everything was in default configuration, I initially suspected openbase_dir
settings so removed them in case they were causing database access issues. No luck there.
Further Google-fu revealed that this may be a plugin related problem. Specifically, the pdo_sqlite
and sqlite3
plugins. I still had no clue whatsoever, so I checked /etc/php/php.ini
. In that expansive config file, I came across the following section:
cat /etc/php/php.ini
... ;;;;;;;;;;;;;;;;;;;;;; ; Dynamic Extensions ; ;;;;;;;;;;;;;;;;;;;;;; ... ;extension=pdo_sqlite ;extension=pgsql ;extension=pspell ;extension=shmop ;extension=snmp ;extension=soap ;extension=sockets ;extension=sodium ;extension=sqlite3 ...
Light at the end of the tunnel
This struck me as odd, so I uncommented the lines highlighted above:
cat /etc/php/php.ini
... ;;;;;;;;;;;;;;;;;;;;;; ; Dynamic Extensions ; ;;;;;;;;;;;;;;;;;;;;;; ... extension=pdo_sqlite ... extension=sqlite3 ...
and bounced the Pi-hole service:
systemctl restart pihole-FTL.service
Success!
This time cat /var/log/lighttpd/error-pihole.log
revealed no funky errors. WebUI was now also able to view/edit whitelists, domains or adlists.
Conclusion
Even though I followed the wiki instructions to a tee, the default config was not in a complete working state. I hope my solution saves someone hours of being turfed around that it caused me. Someone ought to update the wiki too, I am nowhere near brave enough to do so.
Sazey (talk) 15:40, 8 July 2023 (UTC)
Unbound documentation
Just following the upstream documentation on unbound is not sufficient to get all queries resolved by localhost:5335, I cannot manage to get this working on my setup. Sir-Photch (talk) 09:05, 14 October 2023 (UTC)