Pi-hole Core/Web v5.2 and FTL v5.3 released!

Pi-hole Core/Web v5.2 and FTL v5.3 released!

2020-11-28 Updates 9

As always, please read through the changelog before updating with pihole -up. If you have any issues with the web interface after updating.


  • Upgrade RegEx engine #815
    Adding approximate matching (catch URL typos), back-references, more character classes for bracket expressions, type-specific filtering (e.g. regex only for type AAAA queries), and more. See this Discourse discussion for further details.
  • Analyze EDNS(0) records #851
    We highlight the Client Subnet (ECS) feature to obtain client IPs even when they are hidden behind a NAT or a deputy DNS server. See this Discourse discussion for further technical details. This feature can be used to unveil the real IP addresses of clients even when there used to be the router’s IP address for all clients (if supported by the router).
  • Allow defining clients by their MAC address #762 (FTL) / #1285(Web)
    This allows you to use MAC addresses to automatically identify clients immediately connected you the Pi-hole. This will make the configuration for clients changing their addresses frequently (non-deterministic DHCP server, IPv6 privacy extension, non-constant ISP IPv6 prefixes, etc.) easier than before.
  • Add dhcp-discover feature #883
    A new feature to actively scan all interfaces for available DHCP servers
    It can be invoked using sudo pihole-FTL dhcp-discover
  • Add additional pre-compiled ARMv4, ARMv5 and ARMv8 binaries #903
  • Add new query retried status (12 and 13) #901
  • Differentiate upstream servers by address and port #923
    This allows the statistics to tell apart servers on the same IP address running on different ports.
  • Add API callback to remove DHCP leases without the need for a restart #932
    This removes an active lease from the server. Note, however, that the clients also actively need to ask for a new lease (reconnection, restart) as it may otherwise continue to use its old (even if now invalid) configuration until the lease time expires. Unfortunately, Pi-hole cannot do anything about this.
  • Added support for CNAME records add/remove on the web interface #1278 (@marank)
  • Add cache busting variable to Pi-hole js/css #1550 (@tjeffree)
    You should no longer have to clear your browser cache when updating to a new version of Pi-hole!
  • Simplify query log filter to make it more user friendly #1602(@PromoFaux)
    Good news mobile users – you no longer need to hold down a modifier key to use the query log filter! Desktop users, you do not need to either. Simply click to add/remove from the filter. Modifier keys can be held down to copy a domain

Other notes:

This is likely the last version of the web interface to officially support Internet Explorer 11.

Complete Changelog:


  • Use gravity’s adlist_id in filename when saving downloaded adlist locally #3534 (@yubiuser)
  • (README.md): Grammar fix #3581 (@jokajak)
  • Create custom.list during install/update if it doesn’t exist #3608 (@yubiuser)
  • Fix pihole status to not rely on a TCP port test #3524 (@DL6ER)
  • Add default locations to PATH to assure that all basic commands are available #3527 (@MichaIng)
  • Update “About Pi-hole” link on “Website Blocked” page #3639 (@nfriend)
  • Use compression (if available) when downloading the ad lists. #3641 (@PromoFaux / @DL6ER)
    • Check for compression only once and print result #3646 (@yubiuser)
  • Change default value of temp_unit to ‘C’ #3665 (@scboucher)
  • Remove broken youtube link #3678 (@yubiuser)
  • Revert “fix #3336 by creating adlist file even if no list was selected #3673 (@yubiuser)
  • Tweaks to os_check() Redux #3688 (@dschaper)
  • Display more meaningful exit message if dig command fails during os_check #3702 (@PromoFaux)
  • Remove extra gravity optimization flag #3739 (@DL6ER)
  • added instructions for forking and rebase #3178 (@jlagermann)
  • basic-install: document how to continue after SELinux check #3607 (@cgzones)
  • Add CACHE_SIZE to setupVars #3170 (@DirkJanIT)
  • Remove check for free disk space and associated variables #3698 (@yubiuser)
  • Remove traces of previous default adlists #3763 (@yubiuser)
  • Print tail of logs in /var/log/lighttpd in debug run as well #3776 (@yubiuser)
  • Discover active DHCP servers during debugger run #3741 (@DL6ER)
  • Add date_updated field to adlist table #3740 (@DL6ER)
  • web server question enhancements #3225 (@MichaIng)
  • add FirewallD configuration checks to debug script #3798 (@bcambl)
  • Remove references to privacy level 4 (no longer functional) #3803 (@PromoFaux)
  • Add native ARMv4T, ARMv5TE and ARMv8-A support #3801 (@DL6ER)
  • Security enhancement for the “never forward non-FQDNs” feature #3794 (@DL6ER)
  • Update Test suite #3625 (@PromoFaux)
  • Fixed potential security issue with $landPage receiving variables #3819 (@craigmayhew)
  • Fix for pihole -w –nuke displaying help info even if command is exec… #3349 (@Forceflow)
  • Be more specific about what pihole -d -a does #3843 (@yubiuser)
  • Re-run the script as root instead of piping to bash #3827 (@hvnsweeting)
  • Change icon from cross to [i] for root user check #3825 (@yubiuser)
  • Add test cases for all supported OS #3818 (@pvogt09)
  • Add some output to the –nuke command #3847 (@PromoFaux)
  • Fix/unattended install #3848 (@chubchubsancho)
  • read REV_SERVER_CIDR from environment #3761 (@BastiG)
  • Include secondary upstream DNS for Quad9+Filter+ECS #3851 (@tullo-x86)
  • Add DNSSEC info to OpenDNS description #3863 (@yubiuser)
  • Include the raw messages from the Pi-hole diagnosis systems in debug logs #3862 (@DL6ER)
  • Add systemctl status –full –no-pager pihole-FTL.service to the debug log #3859 (@yubiuser)


  • Added support for CNAME records add/remove #1278 (@marank)
  • Remove duplicate DNSSEC explanation #1494 (@vmstan)
  • Show date and time FTL started in settings page #1501 (@yubiuser)
  • Remove duplicated sidebar entry for Local DNS Records #1500 (@yubiuser)
  • Fix sidebar animation angle for Local DNS entry #1507 (@yubiuser)
  • fix(settings): typo in conditional forwarding #1522 (@Epoxide)
  • Add “ALL” to list selector in Local DNS Records and CNAME Records #1532 (@yubiuser)
  • Change timePicker to 24h format in dateragepicker #1529 (@yubiuser)
  • Fixes formatting of unknown host in DHCP leases table #1509 (@yubiuser)
  • Fix a few UI issues #1541 (@DL6ER)
  • Fix typo in DNS Settings #1565 (@MatthewBooth)
  • Remove degree symbol from Kelvin #1566 (@yubiuser)
  • Make login form button more mobile friendly #1564 (@Ninjaclasher)
  • Allow defining clients by their MAC address #1285 (@DL6ER)
  • Add cache busting variable to Pi-hole js/css #1550 (@tjeffree)
  • Fix bug with secs/mins buttons on disable menu caused by addition of theming. #1588 (@PromoFaux)
  • Show last update time of an adlist #1579 (@DL6ER)
  • Fix symbol for devices that do not use Pi-hole #1601 (@DL6ER)
  • Simplify query log filter to make it more user friendly #1602 (@PromoFaux)
  • Show detailed upstream destination in Query Log(s) #1627 (@PromoFaux)
  • Fix HTML validation errors in header.php #1489 (@XhmikosR)
  • Be more explicit about flushing logs #1604 (@yubiuser)
  • Use two different divs for mobile and desktop instead of a JS solution #1284 (@Th3M3)
  • Fix initial visibility of group selector on simplified black- and whitelist pages #1393 (@DL6ER)
  • Remember last used sort column/direction on Local DNS Records table and CNAME table #1563 (@yubiuser)
  • Fix UI Remaining Disabled in Groups & Adlists Pages #1600 (@rickbau5)
  • Add new query status 12 and 13 (retried queries) #1610 (@DL6ER)
  • Fix html escaping showing up in input fields. (#1584#1603 (@thislooksfun)
  • Added check for NULL value in PHP internal error handling #1618 (@JonFStr)
  • Print fatal dnsmasq errors #1630 (@DL6ER)
  • Show detailed upstream destination in Query Log(s) #1627 (@DL6ER)
  • Ensure empty clients/groups/adlists/audits cannot be added #1626 (@DL6ER)
  • Summarize the names of DNS servers which support DNSSEC #1635 (@yubiuser)
  • Make it clearer that the option DHCP rapid commit only applies to IPv4 #1636 (@yubiuser)
  • Add new replace_domain action to allow adding domain(s) exclusively to a specific list #1625 (@DL6ER)
  • Add button to remove dynamic DHCP leases #1634 (@DL6ER)


  • Upgrade RegEx engine #815
  • Add support for install-time DESTDIR and delay expansion of CMAKE_INSTALL_PREFIX #844 (@DDoSolitary)
  • Analyze EDNS(0) records #851
  • Explicitly cast time_t #865
  • Add ability to show only blocked queries for a specific client #856
  • Show also IPv6 nameservers in DEBUG_RESOLVER #866
  • Allow defining clients by their MAC address #762
  • Fix error displaying if the upstream server failed #875
  • Add dhcp-discover feature #883
  • Request a lease with validity of 1 second in the DHCPDISCOVER packet #885
  • Only resolve active clients #872
  • Fix GCC9 regression for printing the same buffer into itself #884
  • Extend domain filtering to also check the CNAME domain #878
  • Try to obtain host names from another address of the same device when nothing else is available #879
  • Add event queue for signal handling #881
  • Do not block shared memory when inactive clients are skipped #889
  • Clean network addresses #871
  • Do not block shared memory when inactive upstreams are skipped #893
  • Log disk usage in /dev/shm #894
  • Always update database hostnames #874
  • Upload FTL log to tricorder.pi-hole.net #890
  • Add more verbose version output (./pihole-FTL -vv) #892
  • Allocate shared memory instead of only reserving it #898
  • Add pre-compiled ARMv4, ARMv5 and ARMv8 binaries to CI workflow #903
  • Make timer output at termination of FTL human readable #907
  • Keep FTL database open #896
  • Mark database as being available when creating a new database #908
  • Fix for the shm_per_client_regex shmem object #873
  • Add new query retried status #901
  • ECS: Ignore distant loopback address #909
  • Verify CI-generated binaries after uploading #910
  • Add DEBUG_HELPER #914
  • CMake install: update setcap #916 (@AlaricSenat)
  • Log process owner details #922
  • Differentiate upstream servers by address AND port #923
  • Log dnsmasq config errors to pihole-FTL.log #926
  • Keep upper case characters in host names #935
  • Add API callback to remove DHCP leases without the need for a restart #932
  • Skip clients with no active counts at all (may be old IPv6 addresses) #934
  • Implement special handling for “pihole-FTL — –help dhcp” and “pihole-FTL — –help dhcp6” #938
  • Analyze all DHCP options dnsmasq is aware of #937

Notable Replies

  1. Just tried upgrading and ran into a problem with FTL complaining that my libc version is too old so I had to revert FTL to v5.2. Is the new libc really a necessity?

    pihole-FTL: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by pihole-FTL)

  2. Looks like we may have accidentally dropped support for Debain/Raspbian stretch. Sorry folks!

    We're working to fix the issue now.

    You should see no problems on Buster, so if you are able to , please feel free to upgrade your distribution. For anyone that can't we should have a fix coming very soon™ for Stretch.. watch this space!

    (this is the error that manifests as "version `GLIBC_2.28' not found (required by pihole-FTL)")

    Edit: Also Ubuntu 16 and 18 / Centos 7

    Edit: fixed

  3. I can confirm that :stuck_out_tongue_winking_eye:

    My unit on Stretch lost internet, so there may need to be a workaround built for that issue @PromoFaux

  4. The workaround for now is, after you run the upgrade, to run:

    pihole checkout ftl v5.2

    while we will be waiting for a patched version of v5.3

  5. Please update now to FTL v5.3.1 using pihole -up. Those who have used pihole checkout may need to pihole checkout master, first.

Continue the discussion discourse.pi-hole.net

4 more replies