Cohabitation PiHole 4+ and dnsmasq

[maniackcrudelis]

In raising this issue, I confirm the following: {please fill the checkboxes, e.g: [X]}

• [x] I have read and understood the contributors guide.
• [x] The issue I am reporting can be replicated.
• [x] The issue I am reporting isn't a duplicate (see FAQs, closed issues, and open issues).

How familiar are you with the the source code relevant to this issue?: 5

---

Expected behaviour:

Run PiHole and dnsmasq on the same server, as it was before 4.0

Actual behaviour:

FTLDNS replace dnsmasq, thus dnsmasq is disable in your install script.

Steps to reproduce:

Install Pi-Hole with the automated script.

Debug token provided by uploading pihole -d log:

{Alphanumeric token}

Troubleshooting undertaken, and/or other relevant information:

{Steps of what you have done to fix this}

---

Hi

I'm the current packager of PiHole for YunoHost, unfortunately the version we propose stopped to 3.3.1 Many users are asking for newer versions of your tool. Unfortunately, we have dnsmasq running on our system, and we can't just turn it off. With version prior to 4.0, everything work pretty well and we can enjoy using Pi-Hole easily.

So I would like to know if there's any way to have Pi-Hole version 4 or later to work along with dnsmasq, as it was before. I just had a (quick) look to your repository and didn't find anything relevant on that matter. Only that the install script does stop and disable dnsmasq.

I hope to find a way to use your new versions and to propose those new version to our users.

[PromoFaux]

Hi, since 4.0 dnsmasq became embedded into pihole-FTL, which is why we disable the dnsmasq process.

The running pihole-FTL still uses the same configuration directories as dnsmasq. I guess in the past you used to put additional config into files in the /etc/dnsmasq.d directory?

Versions prior to 4.0 also used dnsmasq, so you should still be able to run pihole-FTL along with any custom configuration.

tagging @DL6ER as he is the expert...

[maniackcrudelis]

Hi

So far, it matches what I did understand reading your doc and repo. But my worries isn't to use any custom configuration but to have our current dnsmasq running along with Pi-Hole. My problem is that I can't stopped dnsmasq (which would probably be restarted anyway by the system at some point).

[PromoFaux]

From what I understand (looking at your Pi-hole install script) you should just be able to use pihole-FTL as a drop-in replacement for dnsmasq

The only difference is that you will have the pihole-FTL binary running, instead of dnsmasq. pihole-FTL is just a wrapper for dnsmasq with some additional hooks for Pi-hole stats.

The embedded dnsmasq version is currently 2.80, in Pi-hole v5, the embedded version will be 2.81

Do you have a development system that you can try it on?

[maniackcrudelis]

We currently runs 2.76 (we're still on stretch...)

but maybe I can use an alias or a symbolic link or whatever more suitable to replace the current binary. I have plenty of virtual machine to play with !

Is there a place I can see what are the difference between the official dnsmasq version and yours ? So I can circumvent any failures and fix potential bugs in our current config.

I'll have a proper look to it later though, I'm currently attending a meeting :) Thanks for your answers, I think I may find a solution, which would be great.

[PromoFaux]

https://github.com/pi-hole/FTL/tree/master/dnsmasq

As far as I am aware, there are no differences between released 2.80 and our embedded (aside from a couple of hooks that don't change any actual dnsmasq code. But @DL6ER will be better placed to explain any differences once he is online

[DL6ER]

Yes, pihole-FTL offers everything dnsmasq offers plus a bit more. You can simply remove the dnsmasq binary from a system and start pihole-FTL and everything will continue to function as before. Plus you will always get the latest and greatest version of dnsmasq (v2.80 with Pi-hole v4 and dnsmasq v2.81 with Pi-hole v5.0, yet to be released)

[maniackcrudelis]

Hi

back with unfortunately what looks like a fatal error. FTLDNS apparently does not support the argument --test used in the dnsmasq init.d script.

Which means also that I can't use FTLDNS as a simple replacement of dnsmasq. To do that I would need FTLDNS to support all arguments use in dnsmasq transparently.

In my context, I use update-alternative to provide FTLDNS as replacement of dnsmasq, but it fails when starting restarting dnsmasq.

As far as I can understand from the manpage (not use to read it in that format), it should be dnsmasq test. And apparently a lot of dnsmasq options are not available in CLI with FTLDNS.

If my investigations are correct, it will be a no go for me, as I need FTLDNS to act as a complete replacement of dnsmasq in my context.

[DL6ER]

FTLDNS apparently does not support the argument --test used in the dnsmasq init.d script.

Hmm, yes, the correct syntax would be

pihole-FTL -- --test

as only arguments following the -- are processed by the embedded dnsmasq.

We have not had a request for such a complete drop-in replacement. This would prevent FTL from receiving any command line arguments (when everything is processed by the embedded dnsmasq core).

I will likely add the following: Pass arguments directly to the embedded dnsmasq if the first argument is --whatever (pihole-FTL does not use arguments starting in --).

Alternatively, pass all arguments to dnsmasq if the binary iiself is called dnsmasq. This also covers the case that your /usr/bin/dnsmasq is a simple symlink to /usr/bin/pihole-FTL (or even a copy).

[maniackcrudelis]

What I've done so far was indeed a symbolic link in /usr/bin/dnsmasq to /usr/bin/pihole-FTL by update-alternative.

I guess anyway Pi-Hole will call directly /usr/bin/pihole-FTL so it shouldn't be bother for any argument it would pass to it.

I have a (almost) working branch with this configuration, and I compile FTL in the process. If you need, I can easily try your work.

Thanks for taking my specific situation into consideration.

[DL6ER]

No worries, we want to create the best experience for all users - even on operating systems we do not officially support. At least, when this is neither an immense task nor adds maintenance workload while it would only be used by very few users. Both these points are not true here.

Please try the branch new/dnsmasq_dropin_replacement

Your symbolic link should automatically trigger the drop-in mode. I'm interested in your feedback and also whether we would need to change something in addition to make your life easier!

[maniackcrudelis]

Back with some news, pretty good news.

First thanks for your quick answer with something I can actually work with.

The trick was that dnsmasq and pihole both use sysvinit instead of systemd, and so systemd use systemd.generator to build a systemd script to be actually used. And finally the systemd script use some specific calls for the sysvinit service that doesn't work with pi-hole sysvinit script. So, I finally put aside the start scripts of dnsmasq. Although it appeared that dnsmasq is more resilient than a T1000 ! I finally succeed ! I made a fake dnsmasq systemd script that is actually pihole-FTL. And an action on one of them does affect the other as they're the same one.

So it's a first victory. But even if the service is running, I have actually no DNS resolution. That's an epic fail... But I'll call it a day anyway, I'm falling asleep on my keyboard...

As a side note, even I did drop, somehow, the sysvinit service, your patch is still very important for me as it allow to run dnsmasq (as pihole-FTL) as if actually dnsmasq from /usr/sbin/dnsmasq

If it can be of any interest, my install script is here https://github.com/YunoHost-Apps/pihole_ynh/blob/upgrade_to_4.x/scripts/install

[maniackcrudelis]

Somehow found what was the cause of my dns failure. PiHole-FTL needs a gravity db to start, but actually gravity.sh needs Pihole-FTL to be running to be executed. So, we have a dead end !

I missed the part where the patch was actually on your version 5 ;) So I made a backport of your patch on the version 4.3.1, so far it's seems to be ok.

Or at least, I have my dns working at the end of the install, pihole-FTL is running, and /usr/sbin/dnsmasq --test says "dnsmasq: syntax check OK."

I guess now, I just to have to do all of that properly. Not what I'm doing right now with my crappy script. And finally check that Pi-Hole does actually work fine.

[DL6ER]

dnsmasq drop-in replacement support has been merged and will be shipped with Pi-hole v5.0

[maniackcrudelis]

As I'm still working on the version 4 (a lot of other things to do as we're working hard on Buster). So I was wondering, do you have an idea, even a vague idea about when you're going to release that v5.0 ? Maybe it's not completely worth it to work on the v4 if the v5 is about to be out very soon.

No pressure though ;) I know how it can be irritating to have those questions when you're already working hard to make that release happen ! Just to know if on my side I should rather wait than hurry.

[dschaper]

Barring any kind of surprise I'd say a week or less.

[DL6ER]

Pi-hole v5.0 has just been released.

[maniackcrudelis]

Thanks you :+1: I add it on top of my todo list