Coming Soon: FTLDNS™ Pi-hole’s Own DNS/DHCP server

The Problems

We have used dnsmasq as our DNS/DHCP server since Pi-hole began.  However, as the project has grown and evolved, we reached a point where we started looking into providing our own powerful resolver for a few reasons:

  • With FTL, we generate a variety of statistics by interpreting dnsmasq‘s log file. While this works, doing it through a middleman (a log file) is obviously quite inefficient
  • If a user chooses to disable logging, we’re unable to compute any statistics at all
  • There are some details of the DNS server we do not have access to (like cache usage) through the log file alone
  • Each OS distribution provides a different version of dnsmasq and this can prevent users for getting a flawless Pi-hole experience

The Solution

All these problems lead us to the idea of actually integrating a DNS resolver directly into FTL. The obvious choice for this is, of course, to base it on dnsmasq. We have a proof-of-concept implementation of FTL already developed and running.  So we’re officially announcing FTLDNS™ today and making the code publicly available in the next few days.  

One of the many ways to support us is purchasing from our Swag Store.  Get your hands on this sweet mug to help spread the word.

The Non-technical Details

FTLDNS has many benefits for you as user:

  • No more dnsmasq version compatibility issues since we develop and provide the DNS resolver and FTL together
  • Upstream updates to dnsmasq can easily be integrated into our code since we don’t modify its code heavily
  • Processing will be much faster since we interact directly with the resolver instead of periodically parsing a log file
  • We can provide stats on cache usage and probably much more, which has been previously unavailable
  • Due to the direct integration into the resolver (using “FTL hooks”), we can compute statistics without any need for a log file. Instead of a “must have”, the log file will become an “opt-in” feature!

The Technical Details

We implement dnsmasq into our code using the modular nature of the C language.  FTL v4.0 has always been multi-threaded for speed and efficiency. On startup, it launches a number of threads, each dedicated for specific tasks.  We extend the already existing multi-threading in FTL to provide an even faster experience. After the historic information has been imported from the database, we start the DNS/DHCP resolver.

The daemon itself will behave exactly as dnsmasq with the addition of having threads orbiting it that provide the known FTL statistics on a dedicated Unix socket as well as on a Telnet-like interface. Furthermore, we add some minor speed improvements to enhance the user’s experience on low-performance devices when using huge blocking lists.
We keep our changes inside the code base of dnsmasq to the functional minimum to be able to easily upgrade to any future dnsmasq releases.
Note: this also means that we are not looking into making big changes to the resolver (like implementing regular expressions support). Although this seems advantageous at first sight, it will make upgrading dnsmasq later on almost impossible as these customizations would have to be reimplemented and carefully tested each time. Also, changing parts of the resolver’s source code could introduce new bugs to a code base that is extensively tested. We clearly want to avoid that! Stability and speed are the two drivers for the development of FTLDNS.
FTLDNS ( FTL v4.0 ), with its integrated resolver is beneficial in many ways
  • We can never be sure which version we can expect on user’s systems as they run a variety of operating systems.  This makes adding new features problematic as old versions of dnsmasq could, and have , fail(ed) if provided with unknown options. This will be resolved as we are in direct control of which version of the resolver is getting compiled into our binary. It makes both development and bug-tracing much easier
  • We will still leave logging enabled in the early days of FTL v4.0 to ease debugging in cases where it is needed. However, the user will be free to disable the logging at any time without losing any statistics
  • Due to that fact that everything is one binary, we have full access to the resolver’s internal data structure and can easily provide users with more information, e.g. on cache usage (which has been a feature request for some time now). Although this additional functionality might not be there in the initial release, it will come soon afterwards

Pi-hole v3.3 Released: It’s “Extra” Special

Update 2018-02-20 18:05

Hi All, After a few days of pulling out our hair and troubleshooting this whitelisting issue that some of you have reported, we’re finally getting to the bottom of it.

The good news is, whitelisting is not completely broken. You can still whitelist domains from the cli with no issues by calling pihole -w [domain-to-whitelist]. The issue only affects whitelisting from the admin page (whitelist page, query log, and block page).

Take a look over this pull request where /u/promofaux has attempted to explain what is going on. Though, we’re a bit confused ourselves, and any insight from the community would be greatly appreciated!

There are a couple of options, we can either revert the change that broke it, or use the fix in the above pull request. Whichever way we go, rest assured that we are working hard internally to make sure that we have the bug well and truly squashed, and will try to get a fix out as soon as we can (and really, take that soon™ in the Blizzard sense of the word).

In the mean time, do not attempt to whitelist from the web admin, it wont work… apologies for any inconvenience this causes.

In other news, we have updated the to include instructions on how you may possibly be able to update your version of dnsmasq to be able to update to Pi-hole 3.3

Update 2018-02-18 06:12

If you’re running Raspbian Jessie and you updated Pi-hole to v3.3, you likely ran into issues.  This is because the version of dnsmasq that ships with it does not support the log-queries=extra option, which we use in v3.3.

You have two options to resolve this: revert Pi-hole to a previous version or upgrade dnsmasq manually.

Option one: downgrade Pi-hole to the previous version

Instructions for this can be found here.

Option two:  install the version of dnsmasq that supports the extra flag (v2.76)

Please note, you should only try this on Rasbpian Jessie and do so at your own risk (but in our opinion the risk is low)

First step: Download more recent version of dnsmasq compiled for Raspbian Jessie from the official sources

wget https://archive.raspberrypi.org/debian/pool/main/d/dnsmasq/dnsmasq-base_2.76-5+rpi1_armhf.deb
wget https://archive.raspberrypi.org/debian/pool/main/d/dnsmasq/dnsmasq_2.76-5+rpi1_all.deb

Second step: Ensure requirements are fulfilled

sudo apt-get install libnetfilter-conntrack3 libmnl0

Third step: Install downloaded packages

sudo dpkg -i dnsmasq-base_2.76-5+rpi1_armhf.deb
sudo dpkg -i dnsmasq_2.76-5+rpi1_all.deb

Fourth step: Verify it worked:

dnsmasq -v

should return:

Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

You should now be able to use Pi-hole v3.3 on Raspbian Jessie.

Update 2018-02-14 18:43 (version issues and not working after update)

If you’re running Rasbian Jessie, your version of dnsmasq will not work with this release, so you’ll need to revert to the previous versions:

cd /etc/.pihole
sudo git fetch --tags
sudo git checkout v3.2.1
cd /var/www/html/admin
sudo git fetch --tags
sudo git checkout v3.2.1
pihole -r
pihole checkout ftl v2.13.2

The Release


This release takes full advantage of dnsmasq‘s extra logging feature, which means you’ll get 100% accurate log analysis.  This release also includes full DNSSEC support, Teleporter enhancements, several important security fixes, as well as some other tweaks. This blog post will focus on the main features of this release, but if you want a detailed breakdown, the full changelogs can always be found at changes.pi-hole.net. Continue reading “Pi-hole v3.3 Released: It’s “Extra” Special”

Pi-hole Web Interface: The Next Generation

We have been working on a new Web interface for Pi-hole (referenced internally as Next Gen Admin or NGAdmin).  The existing interface built off of AdminLTE has served us well, but we have grown beyond the capabilities of an existing template.  We’re also looking to implement an HTTP API.

This new interface is open source and we welcome your contributions as we have just made the repo public.  Read on to learn more or check out a demo of the new interface here. Continue reading “Pi-hole Web Interface: The Next Generation”

Pi-hole v3.2.1 Released With Lots Of Fixes

v3.2 was one of our biggest releases but many of you found bugs and issues we didn’t.  We have fixed the DNS resolution is currently unavailable issue, the settings page not working on some systems, the FTL version not showing correctly, as well as many more.  Just run pihole -up to install the update and get the fixes in place.  Read on for more details or checkout changes.pi-hole.net for the full changelogs. Continue reading “Pi-hole v3.2.1 Released With Lots Of Fixes”

Pi-hole v3.2 Introduces Long-term Statistics, An Audit Log, Colours, and More!

We are very pleased to release a new version of Pi-hole–version 3.2.  This release comes with a long-awaited request: long-term statistics.  You can now store and view more than 24 hours worth of Pi-hole data to help see your historical queries and performance.

We also have a new audit log for keeping track of domains you may want to white or blacklist, a new tabular settings page for easier navigation, and an improved debugger.  Not only that; you’ll also notice colorized output on the command line as well as a slew of fixes and improvements.  This is a big release so read on to find out more. Continue reading “Pi-hole v3.2 Introduces Long-term Statistics, An Audit Log, Colours, and More!”

Pi-Hole 3.1.4: Hotfix for IPv6 CIDR bug

Hi folks, just a quick post to mention that we’ve pushed a hotfix which should resolve any issues you may have been seeing related to IPv6 blocking.

Full details can be found on the GitHub repo.

Thanks to all those who reported this to us, keep your eyes for a bigger release coming soon™

There may be an issue in a small number of installs running pihole -up, if you are affected please run the following commands to reset your local repository, this will get you onto 3.1.4 and should fix pihole -up if it was broken.

sudo rm -rf /etc/.pihole

sudo git clone https://github.com/pi-hole/pi-hole /etc/.pihole

pihole -r