[Support] [Depreciated] FlippinTurt PiHole DoT-DoH


Recommended Posts

4 hours ago, jfoxwu said:

@FlippinTurt

 

Sorry to waste your time. The answer to my problem is right in front of me this whole time.

 

"NOTE 3: UnRaid network settings DNS server cannot point to a docker IP."

 

When I set the pihole address in the "LAN DHCP" menu of the router, it automatically updated the unRAID's network DNS server to the pihole's IP.

The solution is to strictly use router's "WAN" DNS server setting and leave the DHCP's DNS menu blank (for asus router at least).

 

2 hours ago, applesauce9 said:

Yup that was the issue for me too. I thought I had it set up properly because it was working for months. Thanks

Ah yep..
That would definitely do it 😂
Apologies, I didn't pick up on that earlier.  Glad you two got it sorted though :)

Link to comment
On 1/29/2021 at 4:35 AM, jfoxwu said:

@FlippinTurt

 

Thank you for helping. I tried many things, and sort of able to recreate the problem.

 

1. Docker and router dns server all setup and working properly

2. Server reboot, the pihole-dot-doh stopped functioning. 

3. At this point, I can get it to work again by setting the router’s dns server back to known server such as 1.1.1.1 or 8.8.8.8, etc., and restart/reinstall the docker.

4. Change the router dns back to the pihole-dot-doh address.

 

Somehow the pihole-template docker is immune to the server reboot.

 

I still need to experiment a few variables such as setting the pihole ip address in my asus router’s “LAN DHCP” menu or the “WAN” menu.

 

@FlippinTurt thank you for taking over!

 

I have the same problem as @jfoxwu but maybe in a different setting:

1. my dockers go through a shutdown, backup, update and then restart phase each night with the help of the auto-backup/restore and auto-update plugins for unraid (the whole task takes around 3 hours)

2. pi-hole on unraid is configured on my wan side, but the same problem occurs if its on the lan side -> with the wan configuration i just loose the ability to differentiate clients (everything comes from the router in pihole)

 

What i see after the backup/update is the following:

1. i can't reach my pi-hole webinterface docker on it's permanent ip

2. new dns connections aren't made, everything already opened like my favourite news site is ok (because there is no need for a dns request i think)

3. if i remove the dns ip on my router i can access everything. Even the pi-hole docker ui.

4. if i add the dns ip to my router again, pi-hole is working. No need to restart pi-hole.

 

The docker log is not helpfull, as is the unraid log.

 

My question for the community: How can i figure out why pi-hole on my unraid is not reacting to requests after the restart process? Is there some kind of session id problem with my router, like the router is asking pi-hole for a new dns request with an "old" id and pi-hole is blocking the requests until i force my router to reconfigure the dns setting with removing and adding the pi-hole ip?

Link to comment

I have a separate VLAN for docker containers (br0.20) , and a separate VLAN for management of unraid. Using static IP.

 

Since the container is pulling the DNS server from the main unraid interface, Pihole is trying to cross the VLAN to the DNS server on the other VLAN for connectivity checks which isn't ideal.

 

10.10.20.28 is pihole's static address, however it's 10.10.10.1 that responds (which is what the DNS is set to for my management vlan). Is there any way to clean this up, and keep pihole contained on it's own VLAN without having it cross boundries? Also I have these strange dns requests in logging which I can't make sense of. "*.in-addr.arpa"

 

Capture.PNG

Capture2.PNG

Link to comment
16 hours ago, xxlbug said:

@FlippinTurt thank you for taking over!

 

I have the same problem as @jfoxwu but maybe in a different setting:

1. my dockers go through a shutdown, backup, update and then restart phase each night with the help of the auto-backup/restore and auto-update plugins for unraid (the whole task takes around 3 hours)

2. pi-hole on unraid is configured on my wan side, but the same problem occurs if its on the lan side -> with the wan configuration i just loose the ability to differentiate clients (everything comes from the router in pihole)

 

What i see after the backup/update is the following:

1. i can't reach my pi-hole webinterface docker on it's permanent ip

2. new dns connections aren't made, everything already opened like my favourite news site is ok (because there is no need for a dns request i think)

3. if i remove the dns ip on my router i can access everything. Even the pi-hole docker ui.

4. if i add the dns ip to my router again, pi-hole is working. No need to restart pi-hole.

 

The docker log is not helpfull, as is the unraid log.

 

My question for the community: How can i figure out why pi-hole on my unraid is not reacting to requests after the restart process? Is there some kind of session id problem with my router, like the router is asking pi-hole for a new dns request with an "old" id and pi-hole is blocking the requests until i force my router to reconfigure the dns setting with removing and adding the pi-hole ip?

This almost seems like a router issue, where it sees the DNS go down and doesn't attempt to reconnect after.

What type of router are you using & is it the latest firmware?

(There is a setting in Backup/Restore that allows dockers to keep running while it is backed up, I have found that enabling this on PiHole doesn't cause any errors, might be worth giving it a go even if it is just a temporary solution)

Link to comment

getting connection refused on port 80 and 443 but works of 53 

sure this is a dumb mistake on my part but be damed if I can find it 

 

root@MediaStore:~# telnet 192.168.0.3 80

Trying 192.168.0.3...

telnet: connect to address 192.168.0.3: Connection refused

root@MediaStore:~# telnet 192.168.0.3 443

Trying 192.168.0.3...

telnet: connect to address 192.168.0.3: Connection refused

root@MediaStore:~# telnet 192.168.0.3 53

Trying 192.168.0.3...

Connected to 192.168.0.3.

Escape character is '^]'.

 

 

PIHOLEsc.png

Link to comment
17 hours ago, chuque said:

getting connection refused on port 80 and 443 but works of 53 

sure this is a dumb mistake on my part but be damed if I can find it 

 

root@MediaStore:~# telnet 192.168.0.3 80

Trying 192.168.0.3...

telnet: connect to address 192.168.0.3: Connection refused

root@MediaStore:~# telnet 192.168.0.3 443

Trying 192.168.0.3...

telnet: connect to address 192.168.0.3: Connection refused

root@MediaStore:~# telnet 192.168.0.3 53

Trying 192.168.0.3...

Connected to 192.168.0.3.

Escape character is '^]'.

 

 

PIHOLEsc.png

Try add port 4711 on the PiHole docker, and see if you can telnet into it that way?

https://docs.pi-hole.net/ftldns/telnet-api/
If you are trying to access the FTL that is

Link to comment
20 hours ago, FlippinTurt said:

Was this installed over an existing PiHole installation or existing config directory in appdata?

 

This is what I get for trouble shooting on no sleep.

 

For a brief moment the dashbaord would connect. It would show approximately 15,500,000 queries.

 

After dicking around wondering what the deal was it dawned on me that the SQlite database couldn't handle that many queries. Being that I was exhausted (new baby) and didn't want to pour through logs to figure it out, I re-installed the container from scratch and rebuilt the container, then I did a flush on my other pi-hole.

 

Super annoying I couldn't flush the container though. It seems to be pretty universal with the three options published to the store.

Link to comment

Thank you for taking this over, as I was wondering when there would be updates to that docker.

 

For what its worth, I also had the issue with the resolver being unavailable.  I had decom'd my previous local dns install and unraid was still pointing to it which was causing the problem.  Even with a valid secondary dns.... So... fixed that and then everything began working again.  Maybe this will help someone else.

Link to comment

Hello -

I am running the original "Pi-Hole Template" and I recently found out about this DoT DoH version.

After downloading DoT DoH, I have disabled/turn off the original PiHole.

 

I have matched all the same fields into the DoT DoH version:

1) Fixed IP : 192.16.1.198

2) Server IP : 192.16.1.198

3) Router DNS 1/2 : 192.168.1.198

 

After doing so I am unable to access the WebUI.

I am however able to access it if I switch the IP to xxx.197 and turn back on the original Pi at xxx.198.

In this situation I am able to run both UIs, but clearly the DoTDoH is not actively enabled on my router.

 

Can anyone explain what I might be doing incorrectly here?

 

Big thanks

 

 

 

Link to comment

This container doesn't work for me with DoT or DoH.

 

Every time I start the container with the 127.2.2.2#5253 or the 127.1.1.1#5153 variables, my internet no longer works, and I cannot access the webUI of Pi-hole. It fixes when I revert back to regular DNS servers

 

My stubby.yml looks like this at the bottom:

 

upstream_recursive_servers:
####### IPv4 addresses ######
### Anycast services ###
## Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS
#  - address_data: 9.9.9.9
#    tls_auth_name: "dns.quad9.net"
# Cloudflare 1.1.1.1 and 1.0.0.1
#  - address_data: 1.1.1.1
#    tls_auth_name: "cloudflare-dns.com"
#  - address_data: 1.0.0.1
#    tls_auth_name: "cloudflare-dns.com"
## Google
#  - address_data: 8.8.8.8
#    tls_auth_name: "dns.google"
#  - address_data: 8.8.4.4
#    tls_auth_name: "dns.google"
 LibreDNS
  - address_data: 116.202.176.26
    tls_auth_name: "dot.libredns.gr"

 

I chose LibreDNS because I didn't want to use Google, and they offer both DoT and DoH:

 

https://libredns.gr/

 

But as I said, it's not working. I've tried multiple other DoT providers too, including uncommenting Quad9, to no avail.

Edited by Stubbs
Link to comment
  • 2 weeks later...
On 2/20/2021 at 11:00 AM, sdballer said:

Hello -

I am running the original "Pi-Hole Template" and I recently found out about this DoT DoH version.

After downloading DoT DoH, I have disabled/turn off the original PiHole.

 

I have matched all the same fields into the DoT DoH version:

1) Fixed IP : 192.16.1.198

2) Server IP : 192.16.1.198

3) Router DNS 1/2 : 192.168.1.198

 

After doing so I am unable to access the WebUI.

I am however able to access it if I switch the IP to xxx.197 and turn back on the original Pi at xxx.198.

In this situation I am able to run both UIs, but clearly the DoTDoH is not actively enabled on my router.

 

Can anyone explain what I might be doing incorrectly here?

 

Big thanks

 

 

 

If you set this Pihole to x.197, and change your routers dns to point to the 192.168.1.197, are you able to access the webUI then?
It almost seems like there may be a clash if it works on one IP and not another

Link to comment

Can someone advise how you change the hostname of this docker? i cannot for the love of me figure out how to? might be useful to put it as a configuration option in unraid when installing?

 

Also, removing the allowed domains check - Failed CORS: null vs 192.168.1.x, 192.168.1.x, 192.168.1.x, pi.hole, localhost, 192.168.1.x might be useful as some of us block refferers in chrome.

 

Quote

So the error happens in
/var/www/html/admin/scripts/pi-hole/php/auth.php

in
function check_cors()

this function compares a variable $server_origin with a list of allowed hostnames, e.g. "pi.hole", the ip address etc.
The allowed hostnames are fine in my case, BUT the variable $server_origin has "NULL" as value, which is obviously not the same as a valid hostname.

this triggers the line
log_and_die("Failed CORS: " . $server_origin .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));

 

Link to comment
On 2/5/2021 at 2:03 AM, FlippinTurt said:

This almost seems like a router issue, where it sees the DNS go down and doesn't attempt to reconnect after.

What type of router are you using & is it the latest firmware?

(There is a setting in Backup/Restore that allows dockers to keep running while it is backed up, I have found that enabling this on PiHole doesn't cause any errors, might be worth giving it a go even if it is just a temporary solution)

Thank you for the hint, I now let the container run while doing the backup and its working fine.

Link to comment
On 1/20/2021 at 4:03 PM, FlippinTurt said:

Q: How do I change the hostname?
A: Use the '--hostname namehere' parameter, under 'extra parameters' in the containers settings

Check the first post ;)

You will need to enable advanced mode to see this setting

9 hours ago, Darren Cook said:

Can someone advise how you change the hostname of this docker? i cannot for the love of me figure out how to? might be useful to put it as a configuration option in unraid when installing?

 

Also, removing the allowed domains check - Failed CORS: null vs 192.168.1.x, 192.168.1.x, 192.168.1.x, pi.hole, localhost, 192.168.1.x might be useful as some of us block refferers in chrome.

 

 

This would probably be more of a 'PiHole dev' request, but I can definitely look into manually adding it into the container :)

Edited by FlippinTurt
  • Thanks 1
Link to comment
ErrorWarningSystemArrayLogin


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
::: Starting docker specific checks & setup for docker pihole/pihole

[i] Installing configs from /etc/.pihole...
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
Converting DNS1 to PIHOLE_DNS_
Converting DNS2 to PIHOLE_DNS_
Setting DNS servers based on PIHOLE_DNS_ variable
::: Pre existing WEBPASSWORD found
DNSMasq binding to default interface: eth0
Added ENV to php:
"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

"ServerIP" => "192.168.1.24",
"VIRTUAL_HOST" => "192.168.1.24",
Using IPv4
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
::: Starting docker specific checks & setup for docker pihole/pihole
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
::: Starting docker specific checks & setup for docker pihole/pihole

 

Just randomly decided to stop working and go into an infinite loop.

Edited by Stubbs
Link to comment

Also get this loop
 

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Starting pihole-FTL (no-daemon) as root
Stopping pihole-FTL
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

 

Link to comment
On 3/7/2021 at 3:19 PM, Stubbs said:

ErrorWarningSystemArrayLogin


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
::: Starting docker specific checks & setup for docker pihole/pihole

[i] Installing configs from /etc/.pihole...
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
Converting DNS1 to PIHOLE_DNS_
Converting DNS2 to PIHOLE_DNS_
Setting DNS servers based on PIHOLE_DNS_ variable
::: Pre existing WEBPASSWORD found
DNSMasq binding to default interface: eth0
Added ENV to php:
"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

"ServerIP" => "192.168.1.24",
"VIRTUAL_HOST" => "192.168.1.24",
Using IPv4
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
::: Testing pihole-FTL DNS: [cont-init.d] 20-start.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
::: Starting docker specific checks & setup for docker pihole/pihole
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
::: Starting docker specific checks & setup for docker pihole/pihole

 

Just randomly decided to stop working and go into an infinite loop.

That is quite odd, was this installed from scratch or ontop of testdasi's repo?

Link to comment
  • FlippinTurt changed the title to [Support] [Depreciated] FlippinTurt PiHole DoT-DoH

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.