[Support] FlippinTurt PiHole DoT-DoH


Recommended Posts

8 hours ago, dada051 said:

Sorry for the question, but why did you fork the testdasi's pihole?

 

4 hours ago, jonathanm said:

Primarily because of the last visited date.

image.png.91ba9b42e7015d2f15231570a37b3510.png

^ What he said.
I really like what testdasi did with his pihole, however it wasn't being maintained.
Only real way to update it was to fork the repo to create my own docker from it - this also meant other users can install this overtop without any errors

Link to comment

Hi there,

 

For reasons unknown I've started to encounter an issue with this application after it has been working for several weeks.

 

The docker container was running but no addresses were resolving. I checked the logs, and found:

 

[x] DNS resolution is not available

 

Rebooted the container several times, no difference. Started Googling, found that some people were only able to get their container to fully start by adding '--dns 127.0.0.1, --dns 1.1.1.1' to their Extra Parameters config. This resolved the DNS resolution error for about an hour, and now I'm starting to get these errors in the logs when trying to navigate to different web addresses:

 

2021-03-08T23:21:39Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

2021-03-08T23:21:39Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

2021-03-08T23:34:23Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

2021-03-08T23:34:23Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

 

Most notably is when I try and load the Plugins webpage within the Unraid GUI. It'll constantly spin for about 10 minutes (yet the syslog in Unraid doesn't show that it's timed out (yet)). In a normal circumstance, it'll load in about 10 seconds.

 

I have another Pihole setup on my RPI as a fallback (not using this Docker as it doesn't support armv7) so I can get around it, but I don't quite get why this one has just packed up now.

 

It is intermittent so I understand it probably won't be easy to replicate (if at all). Any ideas?

 

EDIT: The logs have become a lot more frequent in the last couple of days, which have led to DNS resolution issues. I've tried completely installing from scratch but no joy. My router's DNS settings have not been tweaked in many months, but they all look correct. I have turned off this docker container in favour of my RPIs PiHole install, and that's been working without issue.

Edited by evakq8r
Link to comment

I ocassionaly get the status "BOGUS" when trying to visit certain websites. From searching the internet, I figuerd this must have something to do with a time setting issue.

 

My Unraids time settings are correct and it uses google servers to update the time. I put

Europe/Berlin

into the pihole container's TZ container variable. The containers logs however show the time one hour to early.

 

Does anybody understand this mess?

 

Thanks for your help!

Link to comment
On 3/9/2021 at 12:49 PM, evakq8r said:

Hi there,

 

For reasons unknown I've started to encounter an issue with this application after it has been working for several weeks.

 

The docker container was running but no addresses were resolving. I checked the logs, and found:

 


[x] DNS resolution is not available

 

Rebooted the container several times, no difference. Started Googling, found that some people were only able to get their container to fully start by adding '--dns 127.0.0.1, --dns 1.1.1.1' to their Extra Parameters config. This resolved the DNS resolution error for about an hour, and now I'm starting to get these errors in the logs when trying to navigate to different web addresses:

 


2021-03-08T23:21:39Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

2021-03-08T23:21:39Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

2021-03-08T23:34:23Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

2021-03-08T23:34:23Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

 

Most notably is when I try and load the Plugins webpage within the Unraid GUI. It'll constantly spin for about 10 minutes (yet the syslog in Unraid doesn't show that it's timed out (yet)). In a normal circumstance, it'll load in about 10 seconds.

 

I have another Pihole setup on my RPI as a fallback (not using this Docker as it doesn't support armv7) so I can get around it, but I don't quite get why this one has just packed up now.

 

It is intermittent so I understand it probably won't be easy to replicate (if at all). Any ideas?

 

EDIT: The logs have become a lot more frequent in the last couple of days, which have led to DNS resolution issues. I've tried completely installing from scratch but no joy. My router's DNS settings have not been tweaked in many months, but they all look correct. I have turned off this docker container in favour of my RPIs PiHole install, and that's been working without issue.

Do your other containers have issues with timing out?
By 'plugins webpage' do you mean the plugins tab on unraid? If it is the tab, i would say there is a bigger underlying issue which is effecting this container as well
Also make sure that your unraid DNS isn't set to the docker container, and set to your router instead.

Link to comment
6 minutes ago, FlippinTurt said:

Do your other containers have issues with timing out?
By 'plugins webpage' do you mean the plugins tab on unraid? If it is the tab, i would say there is a bigger underlying issue which is effecting this container as well
Also make sure that your unraid DNS isn't set to the docker container, and set to your router instead.

 

None of the containers are timing out, it's just loading the plugins page on the Unraid GUI. Each time the plugins were attempted, an error like the below would appear:

 

ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

 

I have 2 DNS servers set (both operated by PiHole, Unraid as primary, RPI as secondary). As mentioned, when I turned off the Unraid PiHole-DoT-DoH container, the issue disappeared once the RPI started doing the DNS resolution.

 

The errors are still present in the logs after I restarted the container the other  day. My guess is it's not as noticeable as it's using the RPIs DNS for backup resolution.

 

I'll just put up with it for now, but this is only a recent development. The only major change I've done was upgrade Unraid from 6.8.3 to 6.9.1 in the last week.

 

EDIT: I have also completely removed all config folders and setup with this container and started from scratch after the 6.9.1 upgrade. That didn't make any difference.

Edited by evakq8r
Link to comment

Hi when I restart the docker it stops after DNS service is not running it will only continue when I change the /etc/resolv.conf to a dns server instead of 127.0.0.11 It will always revert that change by itself once it has started. While it is stuck there I cannot access the web page. I thought it was because of the server variable but that seems to not care whatever it is (can someone explain to me what that variable is for?)

 

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying...
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing...
::: Starting docker specific checks & setup for docker pihole/pihole

[i] Installing configs from /etc/.pihole...
[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
Converting DNS1 to PIHOLE_DNS_
Converting DNS2 to PIHOLE_DNS_
Setting DNS servers based on PIHOLE_DNS_ variable
::: Pre existing WEBPASSWORD found
DNSMasq binding to default interface: eth0
Added ENV to php:
"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
"ServerIP" => "10.11.22.33",
"VIRTUAL_HOST" => "10.11.22.33",
Using IPv4
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
::: Enabling Query Logging
[i] Enabling logging...
::: Docker start setup complete
[✗] DNS service is not running

[i] Neutrino emissions detected...

 

Edited by Bleak
Link to comment

I am now also having the following error shown in the logs(see attachment) also fix common problems says I should connect to 8.8.8.8 or github could be down so seems unraid thinks there is no connection anymore. (nothing is being blocked for unraid)

Screenshot_20210416-103614_Firefox.jpg

Link to comment

I had the cloudflared (DOH) as both options set it back to how it was only changed the stubby (TLS) to cloudflared instead of google.

Seems bit better now.. not sure why everything goes to **** with only DOH.

 

(Also maybe it was not very smart of me to have unraid get it's dns by DHCP which would be the phole docker on unraid...)

Edited by Bleak
Link to comment

I am also having an issue with this container as of yesterday morning.

-Using multiple VLANs on my network

-One VLAN is using the piHole container for content filtering (kids network)
-PiHole and pfSense are configured together to force all DNS queries on that VLAN to go through piHole then into pfSense.

 

As of yesterday morning, with no visible changes, all DNS queries were lost on that VLAN.  I monkied around with it for a couple hours and got it going again.  This morning the same thing happened.  I suspect there is a cron job or something happening at night causing this but I am not certain yet.

 

The three symptoms I see are A) the piHole DNS service is not running.  B) the docker is reported as 'unhealthy'.  C) running pihole -r shows that the pihole itself cannot obtain DNS entries at this point, and that there is a kernel update available.

 

If anyone has any pointers please let me know.

Link to comment
19 minutes ago, DaddyNugget said:

I am also having an issue with this container as of yesterday morning.

-Using multiple VLANs on my network

-One VLAN is using the piHole container for content filtering (kids network)
-PiHole and pfSense are configured together to force all DNS queries on that VLAN to go through piHole then into pfSense.

 

As of yesterday morning, with no visible changes, all DNS queries were lost on that VLAN.  I monkied around with it for a couple hours and got it going again.  This morning the same thing happened.  I suspect there is a cron job or something happening at night causing this but I am not certain yet.

 

The three symptoms I see are A) the piHole DNS service is not running.  B) the docker is reported as 'unhealthy'.  C) running pihole -r shows that the pihole itself cannot obtain DNS entries at this point, and that there is a kernel update available.

 

If anyone has any pointers please let me know.

Can you try setting stubby(tls) as first and doh as second and see if your issues go away? I have too little knowledge to be certain but DOH seems to cause my issues.

Link to comment
5 hours ago, Bleak said:

Can you try setting stubby(tls) as first and doh as second and see if your issues go away? I have too little knowledge to be certain but DOH seems to cause my issues.

Bear with me as I'm not sure what Stubby is.  Unless it's already baked into the docker image.

I had the setting working fine for over a month pointing to my router, then it failed 2 days ago.  I have tried setting it to the loopback addresses in the description of the image as a troubleshooting step to no avail.

Link to comment
On 4/17/2021 at 8:36 PM, DaddyNugget said:

Bear with me as I'm not sure what Stubby is.  Unless it's already baked into the docker image.

Is is one of the config files that it comes with thr cloudflared config file is for DOH (DNS over https) and the stubby config file is for DOT (DNS over TLS). I am having issues eith DOH so I set The DOT as the first dns server. Since then no issues.

Link to comment

After updating Unraid to Version 6.9.2 2021-04-07 my pi-hole container is not working anymore. The container is running and I can access the Web UI, however DNS resolution does not work anymore. Which logs do I have to provide so you can help me?

 

Thank you very much! I would love to keep using this container...

Link to comment
  • 2 weeks later...
On 4/19/2021 at 4:27 PM, Bleak said:

Is is one of the config files that it comes with thr cloudflared config file is for DOH (DNS over https) and the stubby config file is for DOT (DNS over TLS). I am having issues eith DOH so I set The DOT as the first dns server. Since then no issues.


Noted, thank you so much.  I'll look into it.  I have other issues with my network so I'm just gutting it and starting from scratch to remove a couple years of duct tape and quick fixes.  I will reference this when I redo it all.

Link to comment

Was hoping someone can explain the settings...

Fixed IP address (optional):  - If this isn't set it grabs a x.x.x.1 IP

ENV6: Container Variable: ServerIP - What is this for if you have the ip above?

 

Also...

I'm running the test from cloudflare
https://www.cloudflare.com/ssl/encrypted-sni/

 

The Secure DNS is unknown and SNI fails... I understand why SNI fails but what's happening with the DNS check?
If I check the logs or do a lookup I see it's going to 1.1.1.1

Link to comment
  • 3 weeks later...
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
   192.168.20.100/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

[✗] No IPv6 address(es) found on the eth0 interface.

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve kerebro.com via localhost (127.0.0.1)
[✗] Failed to resolve kerebro.com via Pi-hole (192.168.20.100)
[✓] doubleclick.com is 216.58.195.14 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
/opt/pihole/piholeDebug.sh: line 1228: 27046 Killed                  pihole-FTL dhcp-discover

*** [ DIAGNOSING ]: Pi-hole processes
[✗] lighttpd daemon is inactive
[✗] pihole-FTL daemon is inactive

I'm curious if anyone has run into these issues recently and how to solve them.

Link to comment
  • 3 weeks later...
On 4/20/2021 at 6:27 AM, Bleak said:

Is is one of the config files that it comes with thr cloudflared config file is for DOH (DNS over https) and the stubby config file is for DOT (DNS over TLS). I am having issues eith DOH so I set The DOT as the first dns server. Since then no issues.

Thanks for this. I just installed this docker and had issues with the failed to connect to backend error as the others have described and this seemed to remove the error at this stage.

Link to comment

Would it be possible to add support for Gravity Sync to this?

 

vmstan/gravity-sync: An easy way to synchronize the blocklist and local DNS configurations of multiple Pi-hole 5.x instances. (github.com)

 

edit: Why can't I link to a github repo?

Edited by flyize
Link to comment
  • 1 month later...
On 6/11/2021 at 7:59 AM, flyize said:

Would it be possible to add support for Gravity Sync to this?

 

vmstan/gravity-sync: An easy way to synchronize the blocklist and local DNS configurations of multiple Pi-hole 5.x instances. (github.com)

 

edit: Why can't I link to a github repo?


Thanks for the suggestion!
I will have a look at how we can link this in.

  • Thanks 1
Link to comment
  • 3 weeks later...
  • 4 weeks later...
7 hours ago, InfInIty said:

I am trying to figure out how to set the upstream DNS for these dockers to be a "Family Safe" server.  So 1.1.1.3 or openDNS's version.  It appears pihole is functioning as I want it to, but can still get to sites the kids should not be able to get to when using it.

 

Not much point in using pihole if you aren't using pihole to block sites :P
Check out https://firebog.net/, if you go to the bottom of the page, under 'Other Lists', there are some lists there that should help.
You can add these URL's to the 'Adlist' Section under Group Management (Group Management > Adlists)

Alternatively you can block certain domains;
Group Management > Domains and add in the domain you want to be black listed :) 

Link to comment
5 hours ago, FlippinTurt said:

Not much point in using pihole if you aren't using pihole to block sites :P
Check out https://firebog.net/, if you go to the bottom of the page, under 'Other Lists', there are some lists there that should help.
You can add these URL's to the 'Adlist' Section under Group Management (Group Management > Adlists)

Alternatively you can block certain domains;
Group Management > Domains and add in the domain you want to be black listed :) 

Yea I got some conflicting information on that, so thought it might be better just to use upstream DNS that stops that kinda of traffic.  I will give that a shot though.  I would still like to know if its possible to change the upstream DNS to one of those as well though.

Link to comment
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.