Pihole standalone install: Difference between revisions
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{ NOTE | | |||
as far as I know, this is an archlinux-specific configuration (mostly of dnsmasq), but it could be ported to other OSs }} | |||
= Archlinux = | = Archlinux = | ||
<blockquote> | <blockquote> | ||
== Install == | == Install == | ||
<blockquote> | <blockquote> | ||
| Line 11: | Line 11: | ||
<source lang="bash"> | <source lang="bash"> | ||
# update domain denylist | |||
sudo systemctl start pi-hole-gravity.timer | sudo systemctl start pi-hole-gravity.timer | ||
pihole -g | |||
</source> | </source> | ||
</blockquote><!-- Install --> | </blockquote><!-- Install --> | ||
| Line 30: | Line 29: | ||
lsof -i :53 | lsof -i :53 | ||
</source> | </source> | ||
<code>systemd-resolved.service</code> may be using port-53. <br> | <code>systemd-resolved.service</code> may be using port-53. <br> | ||
| Line 44: | Line 39: | ||
DNSStubListener=no | DNSStubListener=no | ||
</source> | </source> | ||
</blockquote><!-- Free port 53 --> | </blockquote><!-- Free port 53 --> | ||
== Configure dnsmasq == | |||
<blockquote> | |||
If you're leasing IPs with DHCP, update your dnsmasq configuration. | |||
<syntaxhighlight lang="ini"> | |||
# /etc/dnsmasq.conf | |||
bind-interfaces | |||
</syntaxhighlight> | |||
</blockquote><!-- Configure dnsmasq --> | |||
== Enable DNS == | |||
<blockquote> | |||
<syntaxhighlight lang="bash"> | |||
sudo systemctl enable pihole-FTL.service | |||
sudo systemctl start pihole-FTL.service | |||
# make sure it started alright | |||
sudo journalctl -u pihole-FTL.service | |||
</syntaxhighlight> | |||
Once running, confirm DNS resolves with host or drill. | |||
<syntaxhighlight lang="bash"> | |||
drill @127.0.0.1 A google.com | |||
host 127.0.0.1 google.com | |||
</syntaxhighlight> | |||
</blockquote><!-- Enable DNS --> | |||
== DNS with pihole == | == DNS with pihole == | ||
| Line 61: | Line 83: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
tail -f /run/log/pihole/pihole.log | tail -f /run/log/pihole/pihole.log # lists nameservers, hosts, interfaces ... | ||
# confirm server is listening | |||
netstat -ln46 | grep :53 | |||
# confirm there is a route for DNS queries to be performed | |||
netstat -r # show routing table | |||
# test DNS resolution | # test DNS resolution | ||
| Line 69: | Line 97: | ||
}} | }} | ||
</blockquote><!-- DNS with pihole --> | |||
== Use pi-hole for DNS == | |||
<blockquote> | |||
First, confirm pi-hole DNS is working with [[ldns drill]]. | |||
<syntaxhighlight lang="bash"> | |||
drill @127.0.0.1 google.com | |||
</syntaxhighlight> | |||
{{ expand | {{ expand | ||
| Line 99: | Line 137: | ||
}} | }} | ||
</blockquote><!-- DNS | </blockquote><!-- Use pi-hole for DNS --> | ||
== Confirm Working == | == Confirm Working == | ||
| Line 108: | Line 146: | ||
</source> | </source> | ||
</blockquote><!-- Confirm Working --> | </blockquote><!-- Confirm Working --> | ||
== Service Tweaks == | |||
<blockquote> | |||
I've had issues with the network interfaces not being brought up before pi-hole,<br> | |||
which prevents [[dnsmasq]] from starting. | |||
You can fix this by restarting pi-hole, but I don't have a better fix just yet. | |||
<syntaxhighlight lang="bash"> | |||
systemctl restart pihole-FTL.service | |||
</syntaxhighlight> | |||
</blockquote><!-- Service Tweaks --> | |||
</blockquote><!-- Archlinux --> | </blockquote><!-- Archlinux --> | ||
Latest revision as of 22:32, 11 October 2021
NOTE:
as far as I know, this is an archlinux-specific configuration (mostly of dnsmasq), but it could be ported to other OSs
Archlinux
Install
pacaur -S pi-hole-standalone# update domain denylist sudo systemctl start pi-hole-gravity.timer pihole -gFree port 53
You'll also need to start
pihole-FTL.service, which listens on port53.
If this port is already occupied, you'll need to free it.
# is port 53 in use? netstat -an | grep ':53' # try identifying program using it lsof -i :53
systemd-resolved.servicemay be using port-53.
If this is the case, disable the stub listener.# /etc/systemd/resolved.conf [Resolve] DNSStubListener=noConfigure dnsmasq
If you're leasing IPs with DHCP, update your dnsmasq configuration.
# /etc/dnsmasq.conf bind-interfacesEnable DNS
sudo systemctl enable pihole-FTL.service sudo systemctl start pihole-FTL.service # make sure it started alright sudo journalctl -u pihole-FTL.serviceOnce running, confirm DNS resolves with host or drill.
drill @127.0.0.1 A google.com host 127.0.0.1 google.comDNS with pihole
Configure your network manager so that it uses 127.0.0.1 as it's DNS server.
NOTE:
Before changing your nameserver, be sure to test queries using
host google.com 127.0.0.1.
If this does not work, apparently your router may have rebind protection enabled.troubleshooting
tail -f /run/log/pihole/pihole.log # lists nameservers, hosts, interfaces ... # confirm server is listening netstat -ln46 | grep :53 # confirm there is a route for DNS queries to be performed netstat -r # show routing table # test DNS resolution host google.com 127.0.0.1 # with 'host' drill @127.0.0.1 A google.com # with 'drill'
Use pi-hole for DNS
First, confirm pi-hole DNS is working with ldns drill.
drill @127.0.0.1 google.comNetworkManager
NetworkManager also runs an instance of dnsmasq.
You'll need to disable it to use pi-hole.# /etc/NetworkManager/NetworkManager.conf [Main] dns=noneConfigure NetworkManager to use pihole.
nmcli con # list all connections nmcli con mod <connectionName> ipv4.dns "127.0.0.1" nmcli con mod <connectionName> ipv4.ignore-auto-dns yes sudo systemctl restart NetworkManager.service
netctl
todo
Confirm Working
pihole status # confirm pihole DNS is started cat /etc/resolv.conf # only nameserver should be 127.0.0.1Service Tweaks
I've had issues with the network interfaces not being brought up before pi-hole,
which prevents dnsmasq from starting.You can fix this by restarting pi-hole, but I don't have a better fix just yet.
systemctl restart pihole-FTL.service
