Talk:Pi-hole

From ArchWiki
Latest comment: 14 October 2023 by Sir-Photch in topic Unbound documentation

DHCP not working

After several hours battling this, I came to the conclusion that pi-hole-serverAUR 5.15.5-1 has problems with the DHCP server, and is not working at all.

Diagnostic

Weird permissions on /etc/dnsmasq.d/

Upon installing pihole-FTL, /etc/dnsmasq.d/ get the following files:

 jorge in 🌐 hp-laptop-server in /etc/dnsmasq.d🔒
 ❯ ls -lFgh
 Permissions Size User Group Date Modified Name
 .rw-r--r--  2,3k root root   8 mar 03:25   01-pihole.conf
 .rw-r--r--  2,2k root root   5 mar 01:41   06-rfc6761.conf

However, if you try to add an static DHCP entry in your pihole configuration, the web interface greets you with an error because the file used to store this data does not exist and is not allowed to be accessed by pihole from the web interface. But once you touch it, you need to change its permissions to user pihole, group pihole otherwise dnsmasq won't be able to read-write the file:

cat /run/log/pihole-ftl/pihole-FTL.log
# ...
[2023-03-08 00:32:00.230 13042M] FATAL ERROR in dnsmasq core: cannot read /etc/dnsmasq.d//04-pihole-static-dhcp.conf: Permission denied

Thus, you end with something like this:

 jorge in 🌐 hp-laptop-server in /etc/dnsmasq.d🔒
 ❯ ls -lFgh
 Permissions Size User   Group  Date Modified Name
 .rw-r--r--  2,3k root   root    8 mar 03:25   01-pihole.conf
 .rw-------    97 pihole pihole  8 mar 14:17   04-pihole-static-dhcp.conf
 .rw-r--r--  2,2k root   root    5 mar 01:41   06-rfc6761.conf

And still, somehow the entries won't show on the web interface, Showing 0 to 0 of 0 entries

Firewall seems fine

Probably the firewall configuration of the machine is doing something that blocks the DHCP server from working, I got this with ufw and ports 67 UDP and 68 UDP are open :

sudo ufw status verbose
Status: active
Logging: on (full)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW IN    192.168.1.0/24
22                         LIMIT IN    Anywhere
53 (DNS)                   ALLOW IN    Anywhere
80,443/tcp (WWW Full)      ALLOW IN    Anywhere
67/udp                     ALLOW IN    Anywhere
68/udp                     ALLOW IN    Anywhere
22 (v6)                    LIMIT IN    Anywhere (v6)
53 (DNS (v6))              ALLOW IN    Anywhere (v6)
80,443/tcp (WWW Full (v6)) ALLOW IN    Anywhere (v6)
67/udp (v6)                ALLOW IN    Anywhere (v6)
68/udp (v6)                ALLOW IN    Anywhere (v6)

Broadcast seems fine

I ran nmap -sP 192.168.1.0/24 in my personal computer and on the "laptop server" and I got 5 hosts up for my personal computer and 4 hosts up for the "laptop server".

There is no DHCP server anywhere in my network

I ask Chat GPT for a nmap command to check for DHCP servers in my network, I got something useless, so I had to improvise a bit and came up with this:

sudo nmap -sU -p 67 --script=dhcp-discover 192.168.1.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-08 14:43 CST
Nmap scan report for 192.168.1.1
Host is up (0.00033s latency).

PORT   STATE  SERVICE
67/udp closed dhcps
MAC Address: 64:58:AD:88:44:DB (China Mobile IOT Company Limited)

Nmap scan report for pi.hole (192.168.1.2)
Host is up (0.0012s latency).

PORT   STATE  SERVICE
67/udp closed dhcps
MAC Address: 78:E3:B5:60:7F:76 (Hewlett Packard)

Nmap scan report for 192.168.1.20
Host is up (0.0070s latency).

PORT   STATE  SERVICE
67/udp closed dhcps
MAC Address: 42:49:AB:C5:15:95 (Unknown)

Nmap scan report for 192.168.1.10
Host is up (0.000052s latency).

PORT   STATE  SERVICE
67/udp closed dhcps

Nmap done: 256 IP addresses (4 hosts up) scanned in 3.07 seconds

"Hewlett Packard" is the "laptop server" in question, nothing seems listening on port 67 even thought pihole-FTL is up and running and its DHCP server option is turned on:

cat /etc/pihole/setupVars.conf
PIHOLE_INTERFACE=eno1
IPV4_ADDRESS=192.168.1.2/16
IPV6_ADDRESS=
INSTALL_WEB_INTERFACE=true
QUERY_LOGGING=true
BLOCKING_ENABLED=true
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
REV_SERVER=false
DNSMASQ_LISTENING=all
WEBUIBOXEDLAYOUT=boxed
WEBTHEME=default-dark
DHCP_ACTIVE=true
DHCP_START=192.168.1.4
DHCP_END=192.168.1.254
DHCP_ROUTER=192.168.1.1
DHCP_LEASETIME=12
PIHOLE_DOMAIN=lan
DHCP_IPv6=true
DHCP_rapid_commit=true
WEBPASSWORD=
TEMPERATUREUNIT=C
REV_SERVER_CIDR=192.168.0.0/16
REV_SERVER_TARGET=192.168.1.2
REV_SERVER_DOMAIN=
PIHOLE_DNS_1=4.2.2.1
PIHOLE_DNS_2=4.2.2.2
PIHOLE_DNS_3=84.200.69.80
PIHOLE_DNS_4=84.200.70.40
PIHOLE_DNS_5=2001:1608:10:25:0:0:1c04:b12f
PIHOLE_DNS_6=2001:1608:10:25:0:0:9249:d69b
PIHOLE_DNS_7=1.1.1.1
PIHOLE_DNS_8=1.0.0.1
PIHOLE_DNS_9=2606:4700:4700::1111
PIHOLE_DNS_10=2606:4700:4700::1001
sudo systemctl status pihole-FTL.service
● pihole-FTL.service - Pi-hole FTLDNS engine
      Loaded: loaded (/usr/lib/systemd/system/pihole-FTL.service; enabled; preset: disabled)
      Active: active (running) since Wed 2023-03-08 14:16:12 CST; 32min ago
     Process: 53377 ExecStartPre=/usr/bin/chown -R pihole:pihole /etc/pihole (code=exited, status=0/SUCCESS)
     Process: 53378 ExecStartPre=/usr/bin/chown root:root /etc/pihole/logrotate (code=exited, status=0/SUCCESS)
     Process: 53379 ExecStartPre=/usr/bin/sh -c /usr/bin/rm -f /dev/shm/FTL-* (code=exited, status=0/SUCCESS)
    Main PID: 53380 (pihole-FTL)
       Tasks: 19 (limit: 4598)
      Memory: 7.4M
         CPU: 2.577s
      CGroup: /system.slice/pihole-FTL.service
              └─53380 /usr/bin/pihole-FTL no-daemon

Pihole won't respond to any DHCP inquire

I installed dhcping and tested for the last time if Pihole was responding to any DHCP inquire at all, unsurprisingly it is not:

sudo dhcping -c 192.168.1.10 \
∙ -s 192.168.1.2 \
∙ -h 04:d9:f5:7d:50:2a
no answer

In short...

DHCP in pihole-FTL is not working as expected.

Cannot edit whitelists, domains or adlists

Cannot edit whitelists, domains or adlists

I hope this saves someone the hours of headache it caused me. After getting pi-hole-serverAUR 5.17.1-3 up and running, adlists/whitelists/domains could not be edited using the WebUI, as it fails with a helpful "there was an error" message. pihole for Arch does not have the necessary -a addlist switch to add a list using terminal.

Diagnostic

Basic troubleshooting

pihole status showed all services and databases up, and pihole logs did not reveal any errors either. Primary DNS functions of pihole seemed to be up and running.

Log scouring

Seeing as pihole logs did not reveal anything, I turned my attention to lighttpd web server the WebUI uses. cat /var/log/lighttpd/error-pihole.log revealed the following error popping up:

cat /var/log/lighttpd/error-pihole.log
> server started (lighttpd/1.4.69)
> FastCGI-stderr:PHP Warning:  SQLite3::prepare(): Unable to prepare statement: 1, no such table: query_storage in /srv/http/pihole/admin/api_db.php on line 94
> (mod_fastcgi.c.449) FastCGI-stderr:PHP Fatal error:  Uncaught Error: Call to a member function bindValue() on bool in /srv/http/pihole/admin/api_db.php:95
> (mod_fastcgi.c.449) FastCGI-stderr:Stack trace:
> (mod_fastcgi.c.449) FastCGI-stderr:#0 {main}
> (mod_fastcgi.c.449) FastCGI-stderr:  thrown in /srv/http/pihole/admin/api_db.php on line 95

lighttpd troubleshooting

At least I had an error message to go off of now. Further Google-fu suggested this to be an issue with PDO and sqlite PHP plugins. I had no clue what this meant having never dealt with PHP in my life.

PHP plugins

Having followed the install instructions on this wiki, I had also installed php-sqlite as part of WebUI install. Everything was in default configuration, I initially suspected openbase_dir settings so removed them in case they were causing database access issues. No luck there.

Further Google-fu revealed that this may be a plugin related problem. Specifically, the pdo_sqlite and sqlite3 plugins. I still had no clue whatsoever, so I checked /etc/php/php.ini. In that expansive config file, I came across the following section:

cat /etc/php/php.ini
...
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
...
;extension=pdo_sqlite
;extension=pgsql
;extension=pspell
;extension=shmop
;extension=snmp
;extension=soap
;extension=sockets
;extension=sodium
;extension=sqlite3
...

Light at the end of the tunnel

This struck me as odd, so I uncommented the lines highlighted above:

cat /etc/php/php.ini
...
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
...
extension=pdo_sqlite
...
extension=sqlite3
...

and bounced the Pi-hole service: systemctl restart pihole-FTL.service

Success!

This time cat /var/log/lighttpd/error-pihole.log revealed no funky errors. WebUI was now also able to view/edit whitelists, domains or adlists.

Conclusion

Even though I followed the wiki instructions to a tee, the default config was not in a complete working state. I hope my solution saves someone hours of being turfed around that it caused me. Someone ought to update the wiki too, I am nowhere near brave enough to do so.


Sazey (talk) 15:40, 8 July 2023 (UTC)Reply

Unbound documentation

Just following the upstream documentation on unbound is not sufficient to get all queries resolved by localhost:5335, I cannot manage to get this working on my setup. Sir-Photch (talk) 09:05, 14 October 2023 (UTC)Reply