Entware Pi-hole directly on the router? Yes!

[jacklul]

@bibikalka I saw your post on Reddit - importing Teleporter backup (with Configuration option checked) made on non-Entware device into Entware installation will probably lead to issues @heslo is having - the variables that contain paths to important files will not be the right ones.
Thank you for giving my project some visibility on Reddit, since my account got suspended there I cannot do that myself unfortunately...

 

[bibikalka]

@bibikalka I saw your post on Reddit - importing Teleporter backup (with Configuration option checked) made on non-Entware device into Entware installation will probably lead to issues @heslo is having - the variables that contain paths to important files will not be the right ones.
Thank you for giving my project some visibility on Reddit, since my account got suspended there I cannot do that myself unfortunately...

Yep, no problem! There should be a bit of traffic from that and a few additional users eventually.

Good catch on the Teleporter details, I've updated the Reddit post with specifics!

 

[heslo]

Assuming the RPi is powered off, try:
- /opt/etc/ini.d/S65pihole-FTL stop
- mv /opt/etc/pihole/pihole.toml /opt/etc/pihole/pihole.toml.old
- wait few minutes, see if /opt/etc/pihole/pihole.toml comes back
- if it does then you have a program on your router doing this, don't bother doing next steps
- if it didn't come back run: pihole-FTL --config debug.all false
- see if /opt/etc/pihole/pihole.toml has those extra variables changed again (it should be clear since one of them is right on the top of the file)
- if it does then somehow FTL pulls it from somewhere in your network (I looked at the code for --config handling, it shouldn't do anything like that)
- rm /opt/etc/pihole/pihole.toml
- touch /opt/etc/pihole/pihole.toml
- wait few minutes and see if the config file fills with content
- if it does then something on your router, again, is doing this

Ok, we are getting somewhere now! After I did this

- rm /opt/etc/pihole/pihole.toml
- touch /opt/etc/pihole/pihole.toml
- wait few minutes and see if the config file fills with content
- if it does then something on your router, again, is doing this

pihole.toml was clean of all the extra altered fields and I went in, changed what was necessary according to your guide and I have access to the WebUI again, so yes, progress.

Unfortunately I sill have no internet access. In the GUI on status, it says active but it won't let me access any websites (curiously torrents were still going no issue but I guess they aren't running through DNS) If I try to add to the blocklist I get a "Could not read domains from database table Database not available" error which I assume is due to no internet traffic.

Only error I see under PiHole Diagnosis is a DNSMASQ_WARN error which reads dnsmasq warning: using interface lo instead

It's been a long slog and I appreciate the patience, so where do I go from here?

 

[bibikalka]

...
pihole.toml was clean of all the extra altered fields and I went in, changed what was necessary according to your guide and I have access to the WebUI again, so yes, progress.

Unfortunately I sill have no internet access. In the GUI on status, it says active but it won't let me access any websites (curiously torrents were still going no issue but I guess they aren't running through DNS) If I try to add to the blocklist I get a "Could not read domains from database table Database not available" error which I assume is due to no internet traffic.

...

With a clean pihole.toml just follow my Wiki:

Install on Asuswrt‐Merlin (by bibikalka1)

Pi-hole as an Entware package – run it on a router, NAS, or other devices! - jacklul/entware-pi-hole

github.com

Try not to skip any steps ... Keep the stock DNS working, so you can always have internet.

 

[heslo]

With a clean pihole.toml just follow my Wiki:

Install on Asuswrt‐Merlin (by bibikalka1)

Pi-hole as an Entware package – run it on a router, NAS, or other devices! - jacklul/entware-pi-hole

github.com

Try not to skip any steps ... Keep the stock DNS working, so you can always have internet.

Thank you, I will try this but I don't want to confuse any steps or add more problems by following two separate guides at the moment. If jacklul says to go down this route I will but for now I'll just wait for his response

 

[bibikalka]

Thank you, I will try this but I don't want to confuse any steps or add more problems by following two separate guides at the moment. If jacklul says to go down this route I will but for now I'll just wait for his response

The guides are not really different. The key steps are the same. @jacklul 's instructions are more conceptual, so gaps need to be filled by a trained practitioner

 

[heslo]

Whatever has caused all this seems to have just borked my setup entirely. If I remove the RPi pihole from my network, let the ISP get the DNS IP and leave the DNS server fields blank in LAN > DHCP Server then I get no DNS assignment. I'm starting to think I need to nuke everything, go back to factory resets and start from scratch. Something clearly has caused serious issues with this setup and has made troubleshooting even harder than it has to be unless you've got any other suggestions? Not really wanting to nuke my setup and start it all again but looking like the only option

 

[jacklul]

Ok, we are getting somewhere now! After I did this



pihole.toml was clean of all the extra altered fields and I went in, changed what was necessary according to your guide and I have access to the WebUI again, so yes, progress.

Unfortunately I sill have no internet access. In the GUI on status, it says active but it won't let me access any websites (curiously torrents were still going no issue but I guess they aren't running through DNS) If I try to add to the blocklist I get a "Could not read domains from database table Database not available" error which I assume is due to no internet traffic.

Only error I see under PiHole Diagnosis is a DNSMASQ_WARN error which reads dnsmasq warning: using interface lo instead

It's been a long slog and I appreciate the patience, so where do I go from here?

That's because gravity.db is missing, run `pihole -g`.
For the DNSMASQ_WARN, setting `dns.interface` to empty, if that doesn't help try 'br0', as a last resort you might try setting `dns.listeningMode` to 'ALL'.

The guides are not really different. The key steps are the same. @jacklul 's instructions are more conceptual, so gaps need to be filled by a trained practitioner

Mine replaces firmware's dnsmasq port, yours hosts Pi-hole on a dedicated IP - I would say they are quite different setups.
I try to keep complexity in mine as low as possible - less steps to follow, less possible issues to encounter!

Whatever has caused all this seems to have just borked my setup entirely. If I remove the RPi pihole from my network, let the ISP get the DNS IP and leave the DNS server fields blank in LAN > DHCP Server then I get no DNS assignment. I'm starting to think I need to nuke everything, go back to factory resets and start from scratch. Something clearly has caused serious issues with this setup and has made troubleshooting even harder than it has to be unless you've got any other suggestions? Not really wanting to nuke my setup and start it all again but looking like the only option

If you have the `dnsmasq.postconf` from my guide then firmware's DNS server will not be working, so you will not be getting DNS from either ISP or RPi.
No need to nuke anything:
- set `dns.port` 5053 in pihole.toml
- rename dnsmasq.postconf to something else
- either reboot or `/opt/etc/init.d/S65pihole-FTL restart ; service restart_dnsmasq` should let you use DNS from ISP or RPi

For now, I think you should skip modifications to `dnsmasq.postconf` until you can get Pi-hole actually working.

 

[heslo]

That's because gravity.db is missing, run `pihole -g`.
For the DNSMASQ_WARN, setting `dns.interface` to empty, if that doesn't help try 'br0', as a last resort you might try setting `dns.listeningMode` to 'ALL'.


Mine replaces firmware's dnsmasq port, yours hosts Pi-hole on a dedicated IP - I would say they are quite different setups.
I try to keep complexity in mine as low as possible - less steps to follow, less possible issues to encounter!


If you have the `dnsmasq.postconf` from my guide then firmware's DNS server will not be working, so you will not be getting DNS from either ISP or RPi.
No need to nuke anything:
- set `dns.port` 5053 in pihole.toml
- rename dnsmasq.postconf to something else
- either reboot or `/opt/etc/init.d/S65pihole-FTL restart ; service restart_dnsmasq` should let you use DNS from ISP or RPi

For now, I think you should skip modifications to `dnsmasq.postconf` until you can get Pi-hole actually working.

I do indeed have dnsmasq.postconf like detailed in your guide. I'll try messing with this later and report back when the wife isn't using the internet lol

 

[heslo]

That's because gravity.db is missing, run `pihole -g`.
For the DNSMASQ_WARN, setting `dns.interface` to empty, if that doesn't help try 'br0', as a last resort you might try setting `dns.listeningMode` to 'ALL'.


Mine replaces firmware's dnsmasq port, yours hosts Pi-hole on a dedicated IP - I would say they are quite different setups.
I try to keep complexity in mine as low as possible - less steps to follow, less possible issues to encounter!


If you have the `dnsmasq.postconf` from my guide then firmware's DNS server will not be working, so you will not be getting DNS from either ISP or RPi.
No need to nuke anything:
- set `dns.port` 5053 in pihole.toml
- rename dnsmasq.postconf to something else
- either reboot or `/opt/etc/init.d/S65pihole-FTL restart ; service restart_dnsmasq` should let you use DNS from ISP or RPi

For now, I think you should skip modifications to `dnsmasq.postconf` until you can get Pi-hole actually working.

Ok!

I renamed dnsmasq.postconf to dnsmasq.postconf.old and changed the dns.port setting to 5053 and BAM, my internet/DNS now works again with no issues and no RPi pihole needed. I'm still getting the "dnsmasq warning: using interface lo instead" error however after trying setting `dns.interface` to empty, 'br0', and even setting `dns.listeningMode` to 'ALL'. None of those caused the issue to go away. Obviously pihole on the router isn't blocking anything yet either but I feel we are getting close now. What do you need me to do/try next?

I've totally removed the Rpi/pihole from the network now save it causing any incompatability/issue so I'll just do without adblocking now until we manage to get the on router pihole working

 

[jacklul]

Ok!

I renamed dnsmasq.postconf to dnsmasq.postconf.old and changed the dns.port setting to 5053 and BAM, my internet/DNS now works again with no issues and no RPi pihole needed. I'm still getting the "dnsmasq warning: using interface lo instead" error however after trying setting `dns.interface` to empty, 'br0', and even setting `dns.listeningMode` to 'ALL'. None of those caused the issue to go away. Obviously pihole on the router isn't blocking anything yet either but I feel we are getting close now. What do you need me to do/try next?

I've totally removed the Rpi/pihole from the network now save it causing any incompatability/issue so I'll just do without adblocking now until we manage to get the on router pihole working

With `dns.listeningMode=LOCAL` or ALL run this and check if it listens on any wildcard address (like *:5053) or multiple addresses with different IPs.
Warning: output may contain your public IP address!

ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL'

"dnsmasq warning: using interface lo instead"

This warning is actually harmless and can be ignored, it shows up when interface has virtual/labeled interface - in this case it is lo:0 created by the firmware, it simply means it will only listen on the main one.
Adding "except-interface=lo" to misc.dnsmasq_lines config variable might get rid of it but will prevent Pi-hole from listening on localhost address.

 

[heslo]

With `dns.listeningMode=LOCAL` or ALL run this and check if it listens on any wildcard address (like *:5053) or multiple addresses with different IPs.
Warning: output may contain your public IP address!

ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL'

This is what it returns, no actual IP's were in it, as I pasted it is how it was presented

udp    UNCONN     0      0         *:38407                 *:*                   users:(("pihole-FTL",pid=20045,fd=39))
udp    UNCONN     0      0         *:5053                  *:*                   users:(("pihole-FTL",pid=20045,fd=20))
udp    UNCONN     0      0        :::5053                 :::*                   users:(("pihole-FTL",pid=20045,fd=22))
tcp    LISTEN     0      0         *:5443                  *:*                   users:(("pihole-FTL",pid=20045,fd=35))
tcp    LISTEN     0      0         *:5080                  *:*                   users:(("pihole-FTL",pid=20045,fd=34))
tcp    LISTEN     0      0         *:5053                  *:*                   users:(("pihole-FTL",pid=20045,fd=21))
tcp    LISTEN     0      0        :::5053                 :::*                   users:(("pihole-FTL",pid=20045,fd=23))

This warning is actually harmless and can be ignored, it shows up when interface has virtual/labeled interface - in this case it is lo:0 created by the firmware, it simply means it will only listen on the main one.
Adding "except-interface=lo" to misc.dnsmasq_lines config variable might get rid of it but will prevent Pi-hole from listening on localhost address.

Ok I'll leave this for now then if it's not actually causing any issues. No point chasing threads in every direction

 

[jacklul]

This is what it returns, no actual IP's were in it, as I pasted it is how it was presented

udp    UNCONN     0      0         *:38407                 *:*                   users:(("pihole-FTL",pid=20045,fd=39))
udp    UNCONN     0      0         *:5053                  *:*                   users:(("pihole-FTL",pid=20045,fd=20))
udp    UNCONN     0      0        :::5053                 :::*                   users:(("pihole-FTL",pid=20045,fd=22))
tcp    LISTEN     0      0         *:5443                  *:*                   users:(("pihole-FTL",pid=20045,fd=35))
tcp    LISTEN     0      0         *:5080                  *:*                   users:(("pihole-FTL",pid=20045,fd=34))
tcp    LISTEN     0      0         *:5053                  *:*                   users:(("pihole-FTL",pid=20045,fd=21))
tcp    LISTEN     0      0        :::5053                 :::*                   users:(("pihole-FTL",pid=20045,fd=23))

This looks ok.
Did you run `pihole -g` to rebuild the gravity.db? If no, try it now.
If it finishes without any errors you might try restoring dnsmasq.postconf and `dns.port=53` in pihole.toml, then run `service restart_dnsmasq ; /opt/etc/init.d/S65pihole-FTL restart` or reboot to apply the changes, it should be working now.

 

[heslo]

This looks ok.
Did you run `pihole -g` to rebuild the gravity.db? If no, try it now.
If it finishes without any errors you might try restoring dnsmasq.postconf and `dns.port=53` in pihole.toml, then run `service restart_dnsmasq ; /opt/etc/init.d/S65pihole-FTL restart` or reboot to apply the changes, it should be working now.

Yep, I did do the rebuild gravity and it worked no problem! Added a blocklist as well and that went no issue either.

I'll try putting everything back then and see how it goes; wish me luck!

 

[heslo]

Well......

That didn't work

Same as before, DNS goes down and can't load any websites. Curiously the PiHole GUI shows IPs on my network in the period that I switched the details over so it kinda works.... but I can't actually load anything. I'm absolutely and totally stumped

 

[jacklul]

Well......

That didn't work

Same as before, DNS goes down and can't load any websites. Curiously the PiHole GUI shows IPs on my network in the period that I switched the details over so it kinda works.... but I can't actually load anything. I'm absolutely and totally stumped

Check if Pi-hole actually listens on :53 - `ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL'`.
If it does - is executing `dig +short . NS 127.0.0.1 -p 53` showing multiple lines mentioning `root-servers.net`?
Forward me the link from `pihole debug` again, maybe I missed something.

 

[heslo]

Check if Pi-hole actually listens on :53 - `ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL'`.
If it does - is executing `dig +short . NS 127.0.0.1 -p 53` showing multiple lines mentioning `root-servers.net`?
Forward me the link from `pihole debug` again, maybe I missed something.

Check this with the dnsmasq.postconf and `dns.port=53` in pihole.toml or do it now while I have internet access? Here is the current pihole debug as it stands with the internet and DNS working

Sign in - Google Accounts

 

[jacklul]

Check this with the dnsmasq.postconf and `dns.port=53` in pihole.toml or do it now while I have internet access? Here is the current pihole debug as it stands with the internet and DNS working

Sign in - Google Accounts

Yes, the debug log is also with 5053 port, I'll need you to redo it.
You also have an invalid adlist added, the one without the comment.

 

[heslo]

Yes, the debug log is also with 5053 port, I'll need you to redo it.
You also have an invalid adlist added, the one without the comment.

You are correct, I meant to remove that before but I don't think that's causing my issues.

If I do the debug log with the 53 port, how will it upload to the server when I'm not getting any DNS resolution?

 

[jacklul]

You are correct, I meant to remove that before but I don't think that's causing my issues.

If I do the debug log with the 53 port, how will it upload to the server when I'm not getting any DNS resolution?

It should use servers defined in /etc/resolv.conf directly, which will be what you have defined on the WAN page or fetched from the ISP.
Skip the dnsmasq.postconf part that modifies resolv.conf, for now.