Update from v8.4.2 to v8.5.1 not possible

Hello, unfortunately I always get an error message when I want to update DietPi.

Greetings

Update available:
Current version : v8.4.2
Latest version : v8.5.1

Bugreport: cd10dac7-58ef-443a-83e3-6313f17843c9

The problem is that you cannot resolve the github.com.
I suppose that resolving works fine if you try when you are not in dietpi-update, right?
Maybe you are using some service like adguard or pihole on this device and the local nameserver is pointing to this service? During dietpi-update services are disabled, so there won’t be any response to the queries. You can add another nameserver in /etc/resolv.conf to have an alternative.

Yes, it runs PiHole.
DietPi also runs as Unbound.

What surprises me is that I haven’t changed anything in my settings within PiHole or DietPi. So far, all updates have always gone through.

nameserver 192.168.176.1 (is my FritzBox)

root@DietPi:~# ping dietpi.com
PING dietpi.com(2a06:98c1:3121::3 (2a06:98c1:3121::3)) 56 data bytes
64 bytes from 2a06:98c1:3121::3 (2a06:98c1:3121::3): icmp_seq=1 ttl=56 time=9.36 ms
64 bytes from 2a06:98c1:3121::3 (2a06:98c1:3121::3): icmp_seq=2 ttl=56 time=7.27 ms
64 bytes from 2a06:98c1:3121::3 (2a06:98c1:3121::3): icmp_seq=3 ttl=56 time=7.98 ms
64 bytes from 2a06:98c1:3121::3 (2a06:98c1:3121::3): icmp_seq=4 ttl=56 time=7.86 ms
64 bytes from 2a06:98c1:3121::3 (2a06:98c1:3121::3): icmp_seq=5 ttl=56 time=7.24 ms
^C
--- dietpi.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 10ms
rtt min/avg/max/mdev = 7.242/7.942/9.360/0.768 ms
root@DietPi:~# ping github.com
ping: github.com: No address belongs to this host name
root@DietPi:~#

nslookup github.com 8.8.8.8 ; nslookup github.com

I think it worked. For whatever reason, I could no longer access my PiHole Dashboard. After a reconnect of my ISP and a pihole -r I was able to whitelist github.com inside Pihole.

For whatever reason, an adlist must have blacklisted github.com. There were never any problems here.
Thanks!

//Edit: Update from DietPi went through, now PiHole is crying with Github.

[i] Pi-Hole core: up to date.
fatal: can’t access ‘GitHub - pi-hole/web: Pi-hole Dashboard for stats and more’: Host could not be resolved: github.com
[i] Web interface: up to date

I don’t recommend to use PiHole as DNS server on the device hosting it. Because why? Exactly on this reason, to avoid issue if PiHole is failing. Better to use a global upstream DNS provider on the device hosting an AdBlock app. Usually there is nothing that would be blocked on DietPi, as long as you don’t use a desktop.

Are you using DHCP or STATIC IP on this device? If STATIC, change the upstream DNS.

You should definitely identify the blocklist that contains github.com and communicate this to its maintainer. This way Pi-hole breaks its own updates :smile:.

at least checking on my side, doesn’t seems to return an exact match

Match found in https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts:
  corp-github.com
  sso-github.com
  sts-github.com
  tsl-github.com
  github.com.cnpmjs.org
Match found in https://v.firebog.net/hosts/AdguardDNS.txt:
  collector-cdn.github.com
Match found in https://v.firebog.net/hosts/Easyprivacy.txt:
  collector.github.com
Match found in https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt:
  awgithub.com
  wgithub.com
  rgithub.com

@MichaIng @Joulinar
Could it be the following list? https://secure.fanboy.co.nz/fanboy-cookiemonster.txt

@Joulinar Thank you for pointing this out. I’ve had Unbound and Pihole running on my Raspberry Pi 1 for over a year now and didn’t realise that this could be a problem. At least no one has ever told me.

My Fritzbox (DHCP) has a dynamic IP, at least I get a new one after every restart. DNS on my FritzBox points to my Raspberry Pi as the DNS-server.

That means: enter an external DNS server on my Fritzbox (like dismail), no unbound.
or: buy a second Raspberry? one for Unbound, the other for PiHole?

Greetings

Simply switch your DietPi device to STATIC IP and adjust the DNS server in DietPi to a global upstream DNS. Inside your F!B create an IP address reservation for the DietPi device. This way the IP address should not be assigned to other device. In general it is highly recommended to use a STATIC IP on a device running PiHole.

All right. Understood.

My RaspberryPi had a static IP in my network, of course.
Does this fit with the Unbound IP in PiHole?
Otherwise, I have now changed “Static DNS” to the following two servers:

DNS-over-HTTPS- und DNS-over-TLS-Unterstützung [ffmuc.net/wiki/] and Service Info | dismail.de


New
putty_BEpuW8KH8I
Old
putty_2VSXGZXbQk

The list you linked at least contains

github.com##.hx_cookie-banner

Not sure how Pi-hole interprets it but it looks like the intention is to block it only for the “hx_cookie-banner” HTML class and curl doesn’t interpret HTML. Probably that list is not in a format that Pi-hole supports correctly?

Don’t set any DoT DNS server directly on DietPi network configuration. This is not gonna work. Simply use a global upstream DNS like 1.1.1.1 or 9.9.9.9. The configuration you will do inside DietPi network will not have any impact on how PiHole + Unbound will work inside your network. These are 2 completely different thinks.

@MichaIng In fact, I have also entered the list from uBlock at Pihole. I thought it would also allow me to filter the cookie banners directly in the home network.
I deactivated the list and sent an email to the people of the list.

@Joulinar
I have now entered the following two servers, which DietPi also has in the suggestions.

37.235.1.174 Austria 37.235.1.174 IP Address Details - IPinfo.io
84.200.69.80 Germany 84.200.69.80 IP Address Details - IPinfo.io

I wanted servers from Europe. Greetings :slight_smile:

putty_qQikIRu9Om

you are free to choose whatever DNS server you like, at least as long they are able to resolve GitHub now :stuck_out_tongue_winking_eye:

uBlock can do more than DNS blocking only, but it can block requests based on HTML attributes, it seems. Pi-hole is only able to block all traffic to a certain domain, regardless which HTML element it is done from.

1 Like

Any? only without DoT? :smiling_face_with_three_hearts:

To be honest, I can’t quite figure out “DietPi Static DNS” and “Unbound” yet. I always thought that Unbound is my DNS server that sends the requests to https://www.internic.net/domain/named.root without using 8.8.8.8 or 9.9.9.9.

But if I understood you correctly above, the DietPi Config requires known upstream servers that have nothing to do with my surfing behaviour within my network?

@MichaIng Yes, thank you. Removed the list. The owner also advised me against using it with PiHole.

1 Like

As stated above, these are 2 completely different topics. In case of DNS resolution DietPi has 2 different roles.

First one is to act as DNS server and to provide this service for your network. Means client’s on your network could use this service to resolve their DNS request. Usually communication looks like this:

Client > PiHole > Unbound > Upstream DNS

On a default setup, unbound will use the root DNS server as upstream (without any encryption like DoT).

2nd role would be to act as client. DietPi needs to resolve DNS request as well in case of software installation or package updates. Of course you could use every DNS server you like. Even your self hosted PiHole is possible. But this is what could have a risk as we see on your issue. Because if you have an issue on PiHole/unbound, you have a challenge to resolve DNS request on the DietPi device itself. And you might not be able to do software installation or a reinstall as DNS resolution fails. Therefore my recommendation is not to use PiHole for the server hosting it. This way you will be able to do stuff on DietPi even if PiHole/unbound broke up completely.

2 Likes