Pi-hole FTL v5.6 released

Pi-hole FTL v5.6 released

Another release so soon after v5.5(.1) was released? Yes!

FTL v5.5(.1) brought you the bleeding-edge dnsmasq v2.83 and our attentive users have quickly reported an issue with queries for the same domain coming from different network sockets. The updated dnsmasq has a new feature to group queries that need to be forwarded so only one query (instead of previously many) is sent upstream. If two (or more) queries are combined because they ask the same question then dnsmasq can get confused when it comes to returning the answer, the reply to the second query can be sent via the socket that the first one arrived on. That’s normally OK, but if the first query arrives via IPv4 and the second via IPv6, for instance, then the bug is triggered. There are a few more subtle things in here (e.g., in bind-interfaces mode, this could also result in replies being sent via the wrong socket even when IPv4/IPv6 issues are not in play) making the bug affect quite a few users out there. If you are affected, your /var/log/pihole.log may have contained lines like failed to send packet: Network is unreachable

This issue turned out to be a new regression in the just-released dnsmasq v2.83 which, due to its importance, led to the quick release of dnsmasq v2.84 which we release now as part of Pi-hole FTL v5.6. To better show you when queries are grouped, we added a new reply type “already forwarded” which is given to any query which came in while FTL was still waiting for the reply from upstream. This may look like

Query Log showing new status "already forwarded"

You may ask “but what is then the difference between retried and already forwarded?” and that is indeed a good question! The answer is:

  • retried means that one-and-the-same query was retried by one-and-the-same client. This means that the same query (with the same internal query ID, set by the client) is sent multiple times.
  • already forwarded means that a new query to the same domain has been requested before the answer arrived from upstream. This does not need to be from the same client and also doesn’t need to have the same ID.

Stay healthy!