Update (pihole -up) fails as installer (basic-install.sh) bypasses local DoH proxy
kradon86 opened this issue · 3 comments
Versions
Pi-hole version is v5.17.3 (Latest: v5.17.3)
web version is v5.21 (Latest: v5.21)
FTL version is v5.25.1 (Latest: v5.25.1)
Platform
- OS and version: Raspbian/Debain 11
- Platform: Pi 3b+
Expected behavior
Successful pihole -up execution
Actual behavior / bug
"Retrieval of supported OS list failed. dig failed with return code 9.
Unable to determine if the detected OS (Debian 11) is supported"
Steps to reproduce
- pihole -up
or - "dig @ns1.pi-hole.net versions.pi-hole.net txt" times out, where "dig versions.pi-hole.net txt" succedes
Debug Token
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
I have configured the Cloudflare DoH proxy per (https://docs.pi-hole.net/guides/dns/cloudflared/), and blocked all outbound port 53 traffic at my network firewall (amazing how much tracking junk bypass local resolvers). With this rule enabled, I am unable to update pihole.
It appears that the os_check function in basic-install.sh specifies a dns server in the dig command to fetch the list of supported OS's. This bypass of my local resolver fails, and there is no attempt to fall back. Ironic from a project aimed at centralized DNS logging and control.
cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)"
I'm not sure why this is done, but it is breaking the installer/updater.
Thanks!
This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.
The reason ns1.pi-hole.net became the required resolver was due to issues with some servers mangling dns cookies and the only way we could be sure that the check didn't fail was to require a specific server. I'm open to seeing if that is still the case and removing the forced resolver which would allow for installs like this without needing to pass the unsupported_os environment variable.
This doesn't really break anything, you can still install using the instructions provided both in documentation and in the installer output to stdout.
This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.