PIHole breaks internet connections of Truenas Scale's apps

[horky]

Dear All,

I have installed and configured the official pihole chart. It works fine except there is no internet connection inside the applications, only local access. Truenas has proper connection and all other devices on the network work.

I let everything as default in the chart config of pihole. I also set the 'nameserver 1' in my routers' settings to use pihole.

 

[sretalla]

It works fine except there is no internet connection inside the applications, only local access.

Do you mean to say that as you point an app at the IP of the Pi-hole (or is that the IP of your TrueNAS host?) that the app loses Internet connectivity?

Or do you mean that as soon as you start that app, all other apps stop working?

 

[horky]

Do you mean to say that as you point an app at the IP of the Pi-hole (or is that the IP of your TrueNAS host?) that the app loses Internet connectivity?

Or do you mean that as soon as you start that app, all other apps stop working?

Thanks for the reply!
Only the 'nameserver 1' has the ip address of the truenas scale (which is running pihole). The network settings of the other apps (eg nextcloud) are on defaults. In this scenario every device has internet connection and adds blocked, but there is no internet for the scale apps (eg.: next cloud can't reach its app store).
If I remove the nameserver setting from the router and the default is restored, there is internet access from the scale apps, but of course the adds are not blocked anymore.

I hope it does clarify my problem :)

 

[sretalla]

I hope it does clarify my problem :)

A little.

So maybe the issue is that the apps can't use the TrueNAS IP to address other apps... they need to use the internal DNS to reach each other. (heavyscript option 2, 1 will show you those... https://github.com/Heavybullets8/heavy_script)

If you maintain your router as the DNS server for everything in your network and forward that to your TrueNAS IP (but TrueNAS itself should still show the router as the DNS server)... does that work?

 

[horky]

I think I post my current settings and the output of heavyscript 2,1

If you maintain your router as the DNS server for everything in your network and forward that to your TrueNAS IP (but TrueNAS itself should still show the router as the DNS server)... does that work?

How do you mean forward the DNS server of the rooter to Truenas?

 

[sretalla]

The TrueNAS server should only have 1 DNS/nameserver configured... 192.168.0.1

That nameserver (your router) should have its Primary DNS set to 192.168.0.10 (seems you already did that... although I'm not clear on where 192.168.0.2 is coming from on that second screen... is that another router?)

 

[horky]

There is an other router provided by my ISP. That is on 192.168.1.1 and my own router is connected to it and its ip on the ISPs domain is 192.168.1.2. My home network is on 192.168.0.x.

I have changed the DNS config for TrueNAS, now only 192.168.0.1 is set as nameserver. With this setup there is no internet on TrueNAS either. (At least it can't reach the update server, but I can reach my nextcloud outside from my network vie cloudflare. (So there is some connection..))

 

[sretalla]

OK, so that needed to be 192.168.0.2 instead... then your clients get their DNS from your router, which asks TrueNAS, which should then from within Pi-hole look somewhere like 1.1.1.1 or whatever.

I got that a bit mixed up.

It should be 192.168.0.1 for the DNS setting in all your clients (including TrueNAS), then your router points to TrueNAS on .10, which has Pi-hole then do whatever you set it to do... I guess you defined 1.1.1.1 or something?

 

[sretalla]

I also note that in the Pi-hole app if I take the defaults, it complains that port 53 is already in use... (I don't think it is), so if that's the case for you too, you're not actually using Pi-hole at 192.168.0.10

 

[horky]

For me Pi-hole uses port 53 so this should be fin. My new setting is:
Router's DNS server -> 192.168.0.10 (and no other)
TrueNAS DNS server -> 192.168.0.1 (and no other)

This is the scenario when even TrueNas has no internal connection (can't reach update server, but I can reach eg. nextcloud from outside my network).

If I modify the settings as follows only the TrueNAS apps will not have internet:
Router's DNS server -> 192.168.0.10 (and no other)
TrueNAS DNS server -> 192.168.0.10 and 192.168.0.1

I guess you defined 1.1.1.1 or something?

No, why? how? where? :)

 

[sretalla]

No, why? how? where? :)

Some DNS in your chain needs to go external or you have no Internet. 1.1.1.1 is cloudflare's DNS, Google's is 8.8.8.8, so those are 2 options for that.

I see that the Pi-hole doesn't call it out by address, so maybe that's why you don't see the link. It's on the DNS settings in Pi-Hole.

Router's DNS server -> 192.168.0.10 (and no other)
TrueNAS DNS server -> 192.168.0.1 (and no other)

This is the scenario when even TrueNas has no internal connection (can't reach update server, but I can reach eg. nextcloud from outside my network).

Is this what you mean goes together?

So you're saying TrueNAS itself can't manage to find things, but everything else is fine?

If I modify the settings as follows only the TrueNAS apps will not have internet:
Router's DNS server -> 192.168.0.10 (and no other)
TrueNAS DNS server -> 192.168.0.10 and 192.168.0.1

And here, I think the apps are set to follow the host, so get back to trying 192.168.0.10, which they can't route to, so are blocked.

 

[sretalla]

So with the first setup in place, what do you get if you run dig www.google.com on the TrueNAS host?

 

[horky]

Is this what you mean goes together?

So you're saying TrueNAS itself can't manage to find things, but everything else is fine?

yes end yes.

The output of dig:

Code:

admin@truenas[~]$ dig www.google.com

; <<>> DiG 9.16.27-Debian <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

Maybe the DNS settings of Pi-hole can be also relevant:

 

[sretalla]

Maybe the DNS settings of Pi-hole can be also relevant:

Let's see if running without the setting to Allow only local requests helps... Try with Permit all origins as a start... we can think about if that's really a risk or not if we find that it works.

 

[horky]

With the options containing interface eth0 other errors are rose (there is no eth0) in pihole since the interface is eno1 (i think).
With the permit all origins options there are no errors but still no connection from the apps not TrueNas

 

[sretalla]

OK, so with TrueNAS set to look at 192.168.0.1 and the router set to look at 192.168.0.10, the dig response is still saying can't connect to any DNS?

I guess you restarted the app after changing that setting too?

 

[horky]

Yes, I restarted the Pi-hole and dig is still runs to time out

 

[sretalla]

And if you put back the other settings? does dig work?

 

[horky]

I put back this:
TrueNAS DNS server -> 192.168.0.10 and 192.168.0.1

Pi-Hols' DNS settings remained on Permit all origins and the router is unchanged too (Router's DNS server -> 192.168.0.10 (and no other))

Now dig works, still no internet in the apps.