[Support] devzwf - pihole DoT/DoH

[ZappyZap]

• stop the pihole-dot-doh  container
• copy the content of 
  /mnt/nvme_cache/appdata/Pihole-DoT-DoH
• to 
  /mnt/user/appdata/pihole-dot-doh/config/
• Update your path in unraid pihole for DoT DoH config with the same
• start the pihole-dot-doh container
• if all ok delete /mnt/nvme_cache/appdata/Pihole-DoT-DoH

[smaster]

Thanks for this 🙂

Have you had a chance to look at anything unbound related?

[ZappyZap]

should be ready this week, life keep me busy

[smaster]

On 3/13/2023 at 4:59 AM, ZappyZap said:

should be ready this week, life keep me busy

 

No worries, I know how life can be!

[plantsandbinary]

All apps on my Android phone are not receiving connections after installing the PiHole.

 

The strange thing is that the PiHole log isn't showing any blocked connections at all. Apps like Supercell's Boom Beach aren't connecting to servers, and neither is another package tracking app Aftership.

 

Both apps just report no connection at all. Taking them off my Wifi network which I am using the Pihole on, they work immediately.

 

I think this is something to do with DoT/DoH.

Does anyone have any ideas?

 

I haven't changed any PiHole settings at all. Just installed it, set it as my default DNS etc. on my router. Nothing more.

 

 

Edited May 31, 2023 by plantsandbinary

[ZappyZap]

this happen only from android ?
can you do a test from and other system ?
like

dig +noall +ans google.com @<IP_of_your_pihole>

 

[plantsandbinary]

I figured it out.

 

I had DHCP on my phone. It was set to use 192.168.1.1 as DNS 1 which is my router (blank for DNS 2).

I changed from DHCP to static and 192.168.1.51 for DNS 1 which is my PiHole.

 

I also enabled DNSSEC on my PiHole because it was enabled on my router.

 

PiHole > Tools > Network was showing that not a single query had been made from my phone to the PiHole. As soon as I changed these settings it worked fine. Now it shows green for my phone in the PiHole that it is using the PiHole.

Edited May 31, 2023 by plantsandbinary

[ZappyZap]

Excellent
thanks for the update

[plantsandbinary]

So I have to say, this container is set up in an extremely ....... bad way...

 

When I installed this, I noticed later I have 2 folders in my /appdata...

 

Pihole-Dot-Doh

and

pihole-dot-doh

 

I removed the latter, second one. As I expected it was a left-over folder from another docker container that didn't work/was from an older docker image or repository. It's name didn't match case-sensitive the name of this docker container either.

 

Welp. I just lost all of my settings.

 

Now obviously I should have double checked, but ugh... due to the default spelling this container is making TWO directories with the SAME names in my /appdata directory... those above 2 I just listed. Now I bet 99% of people will not notice when creating or editing the container and checking the mapped directories...

 

 

Gonna be great fun to completely remake my entire config... and add all those whitelisted domains again.. FFS!

 

I highly recommend you change this. I have 41 containers on my system and none of them have ever made 2 directories in /appdata ever.

Edited June 1, 2023 by plantsandbinary

[ZappyZap]

I do like when people claim things without checking but that's ok ....

what i can say it is not the template who make this :
 

 <Config Name="pihole config" Target="/etc/pihole/" Default="/mnt/user/appdata/pihole-dot-doh/pihole/" Mode="rw,slave" Description="" Type="Path" Display="always" Required="true" Mask="false">/mnt/user/appdata/pihole-dot-doh/pihole/</Config>
  <Config Name="dnsmasq config" Target="/etc/dnsmasq.d/" Default="/mnt/user/appdata/pihole-dot-doh/dnsmasq.d/" Mode="rw,slave" Description="" Type="Path" Display="always" Required="true" Mask="false">/mnt/user/appdata/pihole-dot-doh/dnsmasq.d/</Config>
  <Config Name="DoT DoH config" Target="/config/" Default="/mnt/user/appdata/pihole-dot-doh/config/" Mode="rw,slave" Description="" Type="Path" Display="always" Required="true" Mask="false">/mnt/user/appdata/pihole-dot-doh/config/</Config>

 

 

[ZappyZap]

BTW i am sorry that you delete a dir in use with your setup, but it is not this template to blame.
 

[Kilrah]

It seems there might be some interaction with CA, or maybe it's if you had the old flippinturt one before?

 

https://raw.githubusercontent.com/devzwf/unraid-docker-templates/master/pihole-dot-doh.xml

 

 

The template indeed doesn't have an issue, but if I select Install (it'll think it's a new install since the existing one still comes from the old template) then it does put caps.

 

 

Might be that CA interprets a "/config" path as being supposed to default to the container name and overwrites what's in the template? Might want to ask @Squid.

Edited June 1, 2023 by Kilrah

[ZappyZap]

Oh and i found the culprit : it is the template from "Mavrag's Repository"
Same app name , but really not same template
Mine is maintain and widely use
thanks

[ZappyZap]

1 minute ago, Kilrah said:

It seems there might be some interaction with CA, ir maybe if you had the old flippinturt one before?

 

https://raw.githubusercontent.com/devzwf/unraid-docker-templates/master/pihole-dot-doh.xml

 

The template indeed doesn't have an issue, but if I select Install (it'll think it's a new install since the existing one still comes from the old template) then it does put caps.

 

 

Might be that CA interprets a "/config" path as being supposed to default to the container name? Might want to ask @Squid.

are you sure you are using my template ?

[Kilrah]

Yup. There are 3 "Pihole-DoT-DoH" templates with the default container name being that, all 3 have correct paths in the template but for me all of them have it replaced by the container name on install.

 

Seems to be a CA issue.

Edited June 1, 2023 by Kilrah

[ZappyZap]

the one from  "Mavrag's Repository" do not :
which Repository:  do you see on yours ?

 

Edited June 1, 2023 by ZappyZap

[Kilrah]

It does, see the template:

https://raw.githubusercontent.com/Mavrag/unraid-templates/master/pihole-dot-doh/pihole-dot-doh.xml

 

 

You're just seeing the same problem, it gets overwritten on install.

 

Edited June 1, 2023 by Kilrah

[ZappyZap]

oh yeah i understand now what you was saying...
odd

probably relinquency of old obsolete now flippinturt 

@Squid can you check 

Edited June 1, 2023 by ZappyZap

[Kilrah]

Seems unrelated to flippinturt, just tried installing it on my test setup that never had any installed and it's the same, so most likely CA

[ZappyZap]

did the same and saw the same behavior
thanks @Kilrah

Edited June 1, 2023 by ZappyZap

[plantsandbinary]

Has anyone else experienced the scenario where for some reason the database becomes 'read-only' after a few days of running non-stop and all gravity updates or individual additions to the whitelist fail?

[Kilrah]

Nope, been running fine... I usually reboot the server after 2 weeks of uptime or so though.

[ZappyZap]

been running fine for me as well
 

# uptime
 15:25:41 up 79 days, 21:04,  0 users,  load average: 0.21, 0.26, 0.27

but this will change as i just just update the image with cloudflared 2023.6.1

[moarSmokes]

Any tips?

suddenly getting this while using DoT only in pihole.

Both ips (1.1.1.1/ 1.0.0.1) getting this.

 

2023-06-28T15:00:45Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"
2023-06-28T15:00:46Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"
2023-06-28T15:00:46Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"
2023-06-28T15:00:46Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"
2023-06-28T15:00:46Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"
2023-06-28T15:00:46Z ERR failed to connect to an HTTPS backend "https://1.1.1.1/dns-query" error="failed to perform an HTTPS request: Post \"https://1.1.1.1/dns-query\": net/http: request canceled (Client.Timeout exceeded while awaiting headers)"

 

[plantsandbinary]

There is absolutely something wrong with this docker image. This happens roughly after 24 hours. I've rebuilt the container a few times and always the database becomes read-only. I can't add anything to the whitelist or blacklist afterward. Rebooting it solves the problem but this still always happens eventually.

 

I've since shut this down and started using AdGuard DNS directly on my router with DNS-over-TLS. The performance is much better and I am not fighting with this container every 5 seconds. It's also overall far more reliable.

Edited July 5, 2023 by plantsandbinary