Entware Pi-hole directly on the router? Yes!

[heslo]

It should use servers defined in /etc/resolv.conf directly, which will be what you have defined on the WAN page or fetched from the ISP.
Skip the dnsmasq.postconf part that modifies resolv.conf, for now.

So just change the pihole.toml values and leave the dnsmasq.postconf renamed to something else?

 

[jacklul]

So just change the pihole.toml values and leave the dnsmasq.postconf renamed to something else?

Change the port in pihole.toml back to 53 and use this dnsmasq.postconf:

#!/bin/sh
[ -z "$1" ] && exit 1

if ! grep -q "^port=8053" "$1"; then
    sed '/^port=/ s/^/#/' -i "$1"
    sed "/^user=/a port=8053" -i "$1"
fi

 

[heslo]

Ok here's the debug with the config like you asked for above; you're right, it did upload

https://lurking-cat.appspot.com/upload/tQYdd49p

Running ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL just returned nothing, it hung there

 

[jacklul]

Running ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL just returned nothing, it hung there

You're missing ' at the end:

ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL'

Your debug log is fine, except you have no upstream servers set, so that's why you get no internet.
Go to Pi-hole's web UI -> Settings -> DNS and set it there.

I will update the wiki to mention this.

 

[heslo]

You're missing ' at the end:

ss --listening --numeric --tcp --udp --processes | grep -F 'pihole-FTL'

Your debug log is fine, except you have no upstream servers set, so that's why you get no internet.
Go to Pi-hole's web UI -> Settings -> DNS and set it there.

I will update the wiki to mention this.

Holy shirt it's alive!

I swear I picked a DNS in there because it was one of the first things I checked when everything was going wrong. Perhaps when I removed the package and reinstalled it wasn't selected again and I was too stupid to go in there and check.

Either way, it's working now perfectly (sans the dnsmasq warning: using interface lo instead error) Do you have any ideas on how to tackle that now? I know you said it doesn't really affect anything I just don't like unnecessary errors in my setup.

Thank you again for your help with it and patience, you've been absolutely amazing. Hopefully my ails can be of help to others for things to try if everything goes wrong. I still don't understand how or why my config got so messed up but we got there in the end, I really appreciate it!

 

[jacklul]

Either way, it's working now perfectly (sans the dnsmasq warning: using interface lo instead error) Do you have any ideas on how to tackle that now? I know you said it doesn't really affect anything I just don't like unnecessary errors in my setup.

I don't see any errors, just a warning.

Adding "except-interface=lo" to misc.dnsmasq_lines config variable might get rid of it but will prevent Pi-hole from listening on localhost address.

Although I'm not 100% sure this doesn't break anything.

 

[heslo]

I don't see any errors, just a warning.

Lmao, good way to look at it, that's how I'll take it too

Although I'm not 100% sure this doesn't break anything.

I'll leave it for now, if it starts bothering me I can start messing around again. Just want to see how this setup goes now for a while before I do any more tinkering. It seems to be running very nicely so far!

 

[heslo]

Ok, seems we aren't out of the woods yet. Twice now devices that were running perfectly with full internet access are slowly dropping off the network and not maintaining internet access. For example, my phone will work, be connected via wifi and no issues, then all of a sudden it drop off. Wifi still active, connects to the wifi itself but no internet access (presumably the same issue, no DNS) Same thing on my Surface Pro and my wifes laptop

Hooked up another RPi via ethernet as I'm playing with something, connects to my network fine but also, no internet access. If I move dnsmask.postconf and change the DNS port back to 5053, everything comes back. If I change it back yet again to enable Pihole, I get internet on all devices again. What's going on!?

 

[jacklul]

Ok, seems we aren't out of the woods yet. Twice now devices that were running perfectly with full internet access are slowly dropping off the network and not maintaining internet access. For example, my phone will work, be connected via wifi and no issues, then all of a sudden it drop off. Wifi still active, connects to the wifi itself but no internet access (presumably the same issue, no DNS) Same thing on my Surface Pro and my wifes laptop

Hooked up another RPi via ethernet as I'm playing with something, connects to my network fine but also, no internet access. If I move dnsmask.postconf and change the DNS port back to 5053, everything comes back. If I change it back yet again to enable Pihole, I get internet on all devices again. What's going on!?

Generate and upload debug log the moment you notice the issue, that should make the log contain relevant log entries.
Check the query log in pihole web UI around the time the issue happened, check if queries are going in and getting answered.
Also check the section with the errors and warnings (where Dnsmasq warning is).

 

[heslo]

Generate and upload debug log the moment you notice the issue, that should make the log contain relevant log entries.
Check the query log in pihole web UI around the time the issue happened, check if queries are going in and getting answered.
Also check the section with the errors and warnings (where Dnsmasq warning is).

No problem, I'll switch back over now and see what happens. The errors and warnings section shows nothing but the Dnsmasq warning and looking in the query log I can't see anything that sticks out but at this stage I have zero idea what I'm looking for. It took a few hours to happen last time so let's see how it goes this time.

It's very frustrating because it clearly works! Just for some reason the DNS seems to go down after a device disconnects after a certain time and when it goes to rejoin, boom, no access

 

[heslo]

Ok, worked out what does it. If I disconnect the device and then reconnect (say turn wifi off then back on on my phone, laptop, etc) it will connect to the wifi again but there'll be no DNS) In stock conditions without routing through Pihole, it connects as normal and webpages load normally

Here's a log pretty much straight after I did it

https://lurking-cat.appspot.com/upload/jmQSLGE3

 

[jacklul]

No problem, I'll switch back over now and see what happens. The errors and warnings section shows nothing but the Dnsmasq warning and looking in the query log I can't see anything that sticks out but at this stage I have zero idea what I'm looking for. It took a few hours to happen last time so let's see how it goes this time.

It's very frustrating because it clearly works! Just for some reason the DNS seems to go down after a device disconnects after a certain time and when it goes to rejoin, boom, no access

So the DNS goes down for just one device?
Does Pi-hole web UI says DNS is down?
Are you still able to run the dig command from earlier when DNS is down? "dig +short . NS @127.0.0.1 -p 53"

Ok, worked out what does it. If I disconnect the device and then reconnect (say turn wifi off then back on on my phone, laptop, etc) it will connect to the wifi again but there'll be no DNS) In stock conditions without routing through Pihole, it connects as normal and webpages load normally

Here's a log pretty much straight after I did it

https://lurking-cat.appspot.com/upload/jmQSLGE3

You might try changing dns.interface to br0, it might do nothing with listeningMode set to LOCAL though.
You should into Asus GUI logs, there might be something there.
Might be also worth checking if you have any add-ons that could cause conflict like this, especially if you have DNS or security related ones.

I might need more of those logs since debug log fetches only last few lines, you can use the upload form in the link, just strip the token part.
Ideally contents in FTL.log and pihole.log since the issue started.

 

[heslo]

So the DNS goes down for just one device?
Does Pi-hole web UI says DNS is down?
Are you still able to run the dig command from earlier when DNS is down? "dig +short . NS @127.0.0.1 -p 53"

It will go down for any device that I disconnect from the network then reconnect again. Everything still connected will work fine. Pi-hole webUI still says DNS is fine. I haven't tried that dig command but definitely something I can do tomorrow

You might try changing dns.interface to br0, it might do nothing with listeningMode set to LOCAL though.

I'll give this a shot as well

You should into Asus GUI logs, there might be something there.

Unfortunately I have absolutely no idea what I'd be checking for but happy to post if need be

Might be also worth checking if you have any add-ons that could cause conflict like this, especially if you have DNS or security related ones.

Running no add-ons other than this. Uninstalled Diversion/DivStatsUI when I went to install pihole

I might need more of those logs since debug log fetches only last few lines, you can use the upload form in the link, just strip the token part.
Ideally contents in FTL.log and pihole.log since the issue started.

I will also look into doing this but have no idea how to get the log files off of the router to do so, care to explain?


I don't think it has anything to do with the router as if I return the settings to not use pihole I have no issues at all, everything has been working fine and device can connect and disconnect with no issue and still use the internet when they reconnect. Something seems to be tripping up the devices when they disconnect and reconnect with pihole enabled

 

[jacklul]

Enable Samba in Asus GUI and pull the logs from /opt/var/log/pihole.
You will probably have "entware" share in the GUI already there.

 

[heslo]

Will do, I'll set everything back to use pihole again tomorrow, get a device to disconnect and reconnect then grab the logs and post them for ya

 

[jacklul]

I think you can also do this:

cat /opt/var/log/pihole/FTL.log | pihole tricorder
cat /opt/var/log/pihole/pihole.log | pihole tricorder
cat /opt/var/log/pihole/webserver.log | pihole tricorder

Though if any of these exceeds 1MB then the upload will fail - in that case you can try something like this:

cat /opt/var/log/pihole/pihole.log | tail -c 100000 | pihole tricorder

 

[heslo]

I think you can also do this:

cat /opt/var/log/pihole/FTL.log | pihole tricorder
cat /opt/var/log/pihole/pihole.log | pihole tricorder
cat /opt/var/log/pihole/webserver.log | pihole tricorder

Though if any of these exceeds 1MB then the upload will fail - in that case you can try something like this:

cat /opt/var/log/pihole/pihole.log | tail -c 100000 | pihole tricorder

Thanks, I'll try that too!

 

[capitantrueno]

Hi there!

I managed to install the package on my 4G-AC86U with AsusWRT Stock v3.0.0.4.382_4162 (following the instructions of @jacklul's GitHub repository) with no issues (only some warnings).

In your router's web GUI go to LAN -> DHCP Server and make sure Advertise router's IP in addition to user-specified DNS is turned on and no other DNS server is set in that section (DNS set on the WAN page should be external).
You should also disable Forward local domain queries to upstream DNS in WAN -> Internet Connection as it can create a DNS loop with dns.revServers set.

These options are not available on my router. Is there any possibility to configure them differently?

admin@4G-AC86U:/tmp/home/root# /opt/etc/init.d/S65pihole-FTL restart
Failed to set capabilities on file '/opt/bin/pihole-FTL': Operation not supported
Warning: Starting in an unsupported way - expect issues to happen!
Warning: Starting pihole-FTL as 'admin' (then changing to 'pihole') because setting capabilities is not supported on this system
 Starting pihole-FTL...              done.

The status of PiHole is:

admin@4G-AC86U:/tmp/home/root# pihole status
/opt/share/pihole/COL_TABLE: line 6: /opt/bin/tput: cannot execute: required file not found
/opt/share/pihole/COL_TABLE: line 6: [: : integer expression expected
  [✓] FTL is listening on port 5053
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✗] UDP (IPv6)
     [✗] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

I tried to rebuild the gravity database:

/opt/share/pihole/COL_TABLE: line 6: /opt/bin/tput: cannot execute: required file not found
/opt/share/pihole/COL_TABLE: line 6: [: : integer expression expected
  [✓] DNS resolution is available

  [i] Neutrino emissions detected...

  [✓] Preparing new gravity database
  [✓] Creating new gravity databases
  [✓] Pulling blocklist source list into range
  [i] Using libz compression

  [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: No changes detected
  [✓] Parsed 232646 exact domains and 0 ABP-style domains (blocking, ignored 1 non-domain entries)
      Sample of non-domain entries:
        - fe80::1%lo0

  [✓] Building tree
  [i] Number of gravity domains: 232646 (232646 unique domains)
  [i] Number of exact denied domains: 0
  [i] Number of regex denied filters: 0
  [i] Number of exact allowed domains: 0
  [i] Number of regex allowed filters: 0
  [✓] Optimizing database
  [✓] Swapping databases
  [✓] The old database remains available
  [✓] Cleaning up stray matter

  [✓] Done.

And here is the debug log: pihole -d

But for some reason, it seems that PiHole is not working:

Suggestions?

BR

 

[heslo]

Well, I went back and returned dnsmasq.postconf to it's normal place for pihole to work and set the port to 53 like I did when it was all working.... this time, I can't get pihole to work again! I have absolutely no idea what's going on as I've changed nothing. Here's a debug log from my latest attempt with everything in place as it should be for Pihole to work.

https://lurking-cat.appspot.com/upload/sScHxyTm

Let me know if I've done anything wrong. Even Pihole says DNS error in the status screen of the GUI with those settings that worked before (even if I did have the issues once a device disconnected from the network)

 

[jacklul]

Hi there!

I managed to install the package on my 4G-AC86U with AsusWRT Stock v3.0.0.4.382_4162 (following the instructions of @jacklul's GitHub repository) with no issues (only some warnings).


These options are not available on my router. Is there any possibility to configure them differently?

admin@4G-AC86U:/tmp/home/root# /opt/etc/init.d/S65pihole-FTL restart
Failed to set capabilities on file '/opt/bin/pihole-FTL': Operation not supported
Warning: Starting in an unsupported way - expect issues to happen!
Warning: Starting pihole-FTL as 'admin' (then changing to 'pihole') because setting capabilities is not supported on this system
 Starting pihole-FTL...              done.

The status of PiHole is:

admin@4G-AC86U:/tmp/home/root# pihole status
/opt/share/pihole/COL_TABLE: line 6: /opt/bin/tput: cannot execute: required file not found
/opt/share/pihole/COL_TABLE: line 6: [: : integer expression expected
  [✓] FTL is listening on port 5053
     [✓] UDP (IPv4)
     [✓] TCP (IPv4)
     [✗] UDP (IPv6)
     [✗] TCP (IPv6)

  [✓] Pi-hole blocking is enabled

I tried to rebuild the gravity database:

/opt/share/pihole/COL_TABLE: line 6: /opt/bin/tput: cannot execute: required file not found
/opt/share/pihole/COL_TABLE: line 6: [: : integer expression expected
  [✓] DNS resolution is available

  [i] Neutrino emissions detected...

  [✓] Preparing new gravity database
  [✓] Creating new gravity databases
  [✓] Pulling blocklist source list into range
  [i] Using libz compression

  [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: No changes detected
  [✓] Parsed 232646 exact domains and 0 ABP-style domains (blocking, ignored 1 non-domain entries)
      Sample of non-domain entries:
        - fe80::1%lo0

  [✓] Building tree
  [i] Number of gravity domains: 232646 (232646 unique domains)
  [i] Number of exact denied domains: 0
  [i] Number of regex denied filters: 0
  [i] Number of exact allowed domains: 0
  [i] Number of regex allowed filters: 0
  [✓] Optimizing database
  [✓] Swapping databases
  [✓] The old database remains available
  [✓] Cleaning up stray matter

  [✓] Done.

And here is the debug log: pihole -d

But for some reason, it seems that PiHole is not working:
View attachment 67725

Suggestions?

BR

Please go to Settings -> DNS and set upstream servers, you have none selected.

The instructions were made based on 388 firmware, the options might be called differently or be somewhere else in the older firmware.

Can you execute:

opkg search /opt/bin/tput

tput is usually not an available command and I put a polyfill in the package, but it looks like you have it, though it isn't working.
It shouldn't affect anything, it's used for detection of available colors in your terminal, without it you will probably not see any colors when executing Pi-hole related commands.
Nevermind, it seems like Entware have ncurses-bin package containing that command now.

Well, I went back and returned dnsmasq.postconf to it's normal place for pihole to work and set the port to 53 like I did when it was all working.... this time, I can't get pihole to work again! I have absolutely no idea what's going on as I've changed nothing. Here's a debug log from my latest attempt with everything in place as it should be for Pihole to work.

https://lurking-cat.appspot.com/upload/sScHxyTm

Let me know if I've done anything wrong. Even Pihole says DNS error in the status screen of the GUI with those settings that worked before (even if I did have the issues once a device disconnected from the network)

Your log indicates that something killed the process:

   Sep  2 19:03:43 dnsmasq[2022]: exiting on receipt of SIGTERM

Is it possible that router was running low on memory at that time?
You will have to restart the service manually.