PiHole (DNS resolution is unavailable)

Hey,
I have a sudden issue, which was just there, without my direct action.

I have PiHole with unbound as my internal DNS server and as it seems it just stops DNS resolving. But the strangest thing is, that this website here works. Also another forum works. But the most sites get no connection. I thought it was overblocking, but it’s not the case. I disabled the blocking for some seconds, but the issue stays. If I want to upgrade gravity, I get: DNS resolution is currently unavailable.

I tried also to set another DNS server within PiHole (1.1.1.1 just to be sure), but the issue stays also.

It makes no sense for me.

Cheers
dieterpi

Sounds like PiHole is still working but unbound not, but if you switch to external DNS it’s still the same

Can you do following on the pihole device:

dig dietpi.com
dig @127.0.0.1 -p 5335 dietpi.com
journalctl -u unbound.service

this is really strange. I restarted it now, but the issue stays. I write in the forum now with PiHole as DNS, but I can not reach the most sites

timed out

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> @127.0.0.1 -p 5335 dietpi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4129
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dietpi.com.                    IN      A

;; Query time: 48 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Fri Jul 07 10:03:40 CEST 2023
;; MSG SIZE  rcvd: 39

Jul 07 09:52:56 nextcloud systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 07 09:52:56 nextcloud unbound[1146]: [1146:0] warning: subnetcache: serve-expired is set but not working for data originating from the subnet module cache.
Jul 07 09:52:56 nextcloud unbound[1146]: [1146:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Jul 07 09:52:56 nextcloud unbound[1146]: [1146:0] info: start of service (unbound 1.17.1).
Jul 07 09:52:56 nextcloud systemd[1]: Started unbound.service - Unbound DNS server.

Unbound is running but you get a servfail, and on the pihole device itself it times out.
And other DNS services still fail?

dig @1.1.1.1 dietpi.com

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> @1.1.1.1 dietpi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20310
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dietpi.com.                    IN      A

;; ANSWER SECTION:
dietpi.com.             300     IN      A       188.114.96.3
dietpi.com.             300     IN      A       188.114.97.3

;; Query time: 24 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Fri Jul 07 10:29:31 CEST 2023
;; MSG SIZE  rcvd: 71

BUT if I set 1.1.1.1 via web interface and try dig dietpi.com, I get no connection.

Did you remove the custome entry as well? Just set Cloudflare without any custome entry active inside PiHole.

done so, custom entry was deleted.

but still, no DNS resolution working?

yes, no DNS working. Or should I wait some time, till the setting changes?

settings should be active immediately. Can you have a look into PiHole Query Log (Web UI)? Do you see request from your clients? What Status do they have?

I see nothing in the query log, but I think, because I set PiHole to anonymous mode.

You can try the pihole internal debugger and see if it has some useful info:

pihole -d

ok, thanks.

I post the errors:
dig failed
no IPv6 Addresses
failed to resolve doubleclick.com
“/etc/lighttpd/conf.d does not exist.” (but lighttpd is running and working)

that’s it.

If possible, set everything back to standard. This would help to analyse your issue. In parallel we could try to install tcpdump to do some trying on network level.

can not install tcpdump for no DNS connections are there.

hmm… I didn’t set something special in pihole. Is there any “set to defaults”?

So on the pihole device itself DNS also fails (normally the pihole device itself does not use pihole), can you share cat /etc/resolv.conf.

Yea what is the default DNS set on your DietPi device? It should be a global upstream DNS provider

or, that may be the point (just wondering why the problem comes now and all the time before everything was working). I get the old IP of another pihole, I used before (because of the switch of devices).

But what should I have there? Should the settings in resolv.conf be the same as in 'Settings → DNS → upstream DNS server? I suppose no, if I use unbound. But where do I change the DNS server for the pihole itself? Directly in resolv.conf or are there any web GUI settings for that?

The Pihole device uses what is inside /etc/resolv.conf, but the clients which connect to pihole use the DNS you set in the pihole webinterface.

Best practice is to set the pihole device to an external DNS service, in case pihole fails you have still internet on the pihole device itself.

If the DNS in resolv.conf points to an non-existing IP than nothing can be resolved. You can change the line inside the file or use dietpi-config and at the network settings you can change the DNS server.

ook, thanks!
I changed it in resolv.conf and now I can update gravity, so the pihole gets access to the internet.
BUT I still get no internet for the clients. I changed the DNS server (in the GUI) again from unbound to 1.1.1.1, but it still doesn’t work.

Now I could install tcpdump