Entware Pi-hole directly on the router? Yes!

[junior120872]

I'm doing this as well.

Do you use keepalived between them, or do you just use them as DNS1 and DNS2?

 

[Untried3868]

Do you use keepalived between them, or do you just use them as DNS1 and DNS2?

I'm using them as DNS1 and DNS2, but they're configured identically. I was unable to indicate the actual Raspberry Pi devices in my signature due to the character limitation.

Edit: Signature updated.

 

[junior120872]

I'm using them as DNS1 and DNS2, but they're configured identically. I was unable to indicate the actual Raspberry Pi devices in my signature due to the character limitation.

Edit: Signature updated.

Do you see DNS resolution errors when one of them are down? I ended up having to use keepalived with a virtual ip address between the two, to prevent issues with resolution during maintenance of one of the machines (hardware, software).

 

[Untried3868]

Do you see DNS resolution errors when one of them are down? I ended up having to use keepalived with a virtual ip address between the two, to prevent issues with resolution during maintenance of one of the machines (hardware, software).

No, never experienced resolution issues...thankfully.

 

[heslo]

That's all that comes to my mind:

pihole debug
# upload when asked

netstat -tulnp | pihole tricorder

cat /etc/dnsmasq.conf | pihole tricorder

You could probably use wan-event script to just reload Pi-hole when reconnect happens if we can't get this fixed any other way

It went down momentarily this time but came back by itself no issue within a minute. Not sure if this was a related disconnect but thought I'd grab the logs anyway and upload them. You might be able to spot something

Sign in - Google Accounts

Sign in - Google Accounts

Sign in - Google Accounts

 

[jacklul]

Other than errors indicating that network is unreachable when trying to connect to upstream DNS (1.0.0.1) there is nothing useful there.
I assume you have listeningMode set to LOCAL, you might try setting it to ALL (and make sure you don't open port 53 in your router), maybe when the reconnect happens router changes something with the interfaces and Pi-hole uses old references or something, this is unlikely but maybe possible.
I see you have a tailscale, when this issue happens does the Pi-hole DNS still works when accessed through VPN?

 

[heslo]

Other than errors indicating that network is unreachable when trying to connect to upstream DNS (1.0.0.1) there is nothing useful there.
I assume you have listeningMode set to LOCAL, you might try setting it to ALL (and make sure you don't open port 53 in your router), maybe when the reconnect happens router changes something with the interfaces and Pi-hole uses old references or something, this is unlikely but maybe possible.
I see you have a tailscale, when this issue happens does the Pi-hole DNS still works when accessed through VPN?

Correct, listeningmode is set to LOCAL, I'll leave it as such until it properly goes down like last time (hopefully never again lol) and collect the logs again to see if anything does come up.

I have a tailscale yeah, this problem occurred without it as well so I'm sure it's not that. As for the pihole DNS using through it, I haven't set that up yet as I'm using it more to access a device and its files remotely, not using the pihole DNS (although that is on the list when I get some free time to set it up and test)

Thanks for looking at the logs! Only thing I've change since last time it went down is chuck a fan on my modem, I've noticed it getting quite hot especially with the increased temperatures where I live. It's 6 or 7 years old now, that may also be causing the issue and everything else is downstream from that but yeah, just trying to cover all bases currently

 

[heslo]

UPDATE: Since I've chucked a fan on the modem itself this issue hasn't reared its ugly head again so seems there's ZERO issue with the Pi-Hole install or the router itself. I may hit up my ISP for a new modem just in case cos I'm a bit dubious about it now but keeping it cool has definitely stopped the issues; it's been over 2 weeks now and I've had no drop outs/disconnects like before

 

[eclp]

A wonderful project! Thank you very much for that!
I will try it soon and report...

 

[eclp]

So, I'm thrilled! Excellent work, thank you!

The only thing I see so far in the FTL.log is the following:

WARNING chown_pihole(): Failed to get pihole user's UID/GID: No error information

 

[jacklul]

So, I'm thrilled! Excellent work, thank you!

The only thing I see so far in the FTL.log is the following:

WARNING chown_pihole(): Failed to get pihole user's UID/GID: No error information

Did you add 'pihole' user in USB->Samba ?
If you did then please check if the FTL process is running as it, it fallbacks to running as root which might not be safe.

 

[eclp]

Did you add 'pihole' user in USB->Samba ?
If you did then please check if the FTL process is running as it, it fallbacks to running as root which might not be safe.

You're right, I seem to have omitted this step. Is it enough for the user to create in SAMBA and then restart Pihole again or does it require a complete new installation? I followed the guide of @bibikalka, with unbound and dedicated IP.

 

[jacklul]

You're right, I seem to have omitted this step. Is it enough for the user to create in SAMBA and then restart Pihole again or does it require a complete new installation? I followed the guide of @bibikalka, with unbound and dedicated IP.

Service restart should do it, I think.

 

[eclp]

Service restart should do it, I think.

That helped!

I noticed something else: when I click on Settings > Tools > Interfaces, the web interface crashes. Only by closing and reopening the browser tab do I get access again. I can't find error messages in the logs.

 

[jacklul]

I noticed something else: when I click on Settings > Tools > Interfaces, the web interface crashes. Only by closing and reopening the browser tab do I get access again. I can't find error messages in the logs.

Could you try with browser's dev tools open (and on console tab) and see if any error pops up there?

You might also want to check router syslog for mptcp error spam, there is currently a known bug that I've been unable to track down and fix.

 

[eclp]

Could you try with browser's dev tools open (and on console tab) and see if any error pops up there?

You might also want to check router syslog for mptcp error spam, there is currently a known bug that I've been unable to track down and fix.

There are no mptcp messages in the router syslog. Also not in the browser developer tools! The "Pi-hole interface overview" does not load at all. The spinning circle can be seen, nothing happens, Loading...

 

[jacklul]

Try the Network tab (Chrome, no idea if the same in other browsers), there should be a request to "/api/network/gateway?detailed=true", if it hangs or returns something different than JSON array then that would explain why the page doesn't load
Do not post output of it here, it will contain your public IP.

 

[eclp]

 

[jacklul]

View attachment 70104

Can you see what the Response contents are? You can use my tool to share it as text without anyone else reading it.

 

[eclp]

If you mean the response tab there‘s nothing to be seen