Merge branch 'development' into Install-Web-Server

2024-11-15 02:42:58 +00:00 · 2018-04-22 09:23:11 +01:00 · 2018-04-22 09:23:11 +01:00 · acfc49fd41
commit acfc49fd41
parent 60bcca54eb 0833d0d8d5
11 changed files with 379 additions and 311 deletions
--- a/.stickler.yml
+++ b/.stickler.yml
@ -1,3 +1,6 @@
 linters:
  shellcheck:
    shell: bash
  phpcs:
  csslint:
  flake8:
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@
 <b>Network-wide ad blocking via your own Linux hardware</b><br/>
 </p>
-The Pi-hole is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software.
+The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software.
 - **Easy-to-install**: our versatile installer walks you through the process, and [takes less than ten minutes](https://www.youtube.com/watch?v=vKWjx1AQYgs)
 - **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs
@ -60,16 +60,22 @@ Make no mistake: **your support is absolutely vital to help keep us innovating!*
 ### Donations
 Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses:
-&nbsp;<img src="https://pi-hole.github.io/graphics/Badges/paypal-badge-black.svg" width="24" height="24" alt="PP"/> <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY">Donate via PayPal</a><br/>
+- <img src="https://pi-hole.github.io/graphics/Badges/paypal-badge-black.svg" width="24" height="24" alt="PP"/> <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY">Donate via PayPal</a><br/>
-&nbsp;<img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> Bitcoin Address: <code>1GKnevUnVaQM2pQieMyeHkpr8DXfkpfAtL</code>
+- <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>
 3MDPzjXu2hjw5sGLJvKUi1uXbvQPzVrbpF</code></br>
 - <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin Cash](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>qzqsz4aju2eecc6uhs7tus4vlwhhela24sdruf4qp5</code></br>
 - <img src="https://pi-hole.github.io/graphics/Badges/ethereum-badge-black.svg" width="24" height="24" alt="BTC"/> [Ethereum](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>0x79d4e90A4a0C732819526c93e21A3F1356A2FAe1</code>
 ### Alternative support
-If you'd rather not donate (_which is okay!_), there are other ways you can help support us:
+If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us:
- [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) affiliate link
+- [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
- [Vultr](http://www.vultr.com/?ref=7190426) affiliate link
+- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) _save $5 when you spend $9 using our affiliate link_
- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) affiliate link
+- [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_
- [Pi-hole Swag Store](https://pi-hole.net/shop/)
+- [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
 - [Ho-ost](https://clients.ho-ost.com/aff.php?aff=19) _save 50% with our affiliate link_
 - [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_
 - [Vultr](http://www.vultr.com/?ref=7190426) _affiliate link_
 - Spreading the word about our software, and how you have benefited from it
 ### Contributing via GitHub
@ -127,7 +133,7 @@ You can read our [Core Feature Breakdown](https://github.com/pi-hole/pi-hole/wik
 ### The Web Interface Dashboard
 This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve!
-<a href="https://pi-hole.github.io/graphics/Screenshots/dashboard.png"><img src="https://pi-hole.github.io/graphics/Screenshots/dashboard.png" width="888" height="522" alt="Pi-hole Dashboard"/></a>
+<img src="https://pi-hole.github.io/graphics/Screenshots/pihole-dashboard.png"  alt="Pi-hole Dashboard"/></a>
 Some notable features include:
 * Mobile friendly interface
@ -142,11 +148,11 @@ Some notable features include:
 There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168):
 1. `http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/`
-2. `http:/pi.hole/admin/` (when using Pi-hole as your DNS server)
+2. `http://pi.hole/admin/` (when using Pi-hole as your DNS server)
 3. `http://pi.hole/` (when using Pi-hole as your DNS server)
-## The Faster-Than-Light Engine
+## Faster-than-light Engine
-The [FTL Engine](https://github.com/pi-hole/FTL) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTL does this all *very quickly*!
+FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
 Some of the statistics you can integrate include:
 * Total number of domains being blocked
@ -194,6 +200,7 @@ While quite outdated at this point, [this original blog post about Pi-hole](http
 - [Magic Mirror with DNS Filtering](https://zonksec.com/blog/magic-mirror-dns-filtering/#dnssoftware)
 - [Pi-hole Droid: Android client](https://github.com/friimaind/pi-hole-droid)
 - [Windows DNS Swapper](https://github.com/roots84/DNS-Swapper), see [#1400](https://github.com/pi-hole/pi-hole/issues/1400)
 - [Pi-hole Visualizer](https://www.reddit.com/r/pihole/comments/82ikgb/pihole_visualizer_update/)
 -----
 ## Coverage
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@ -19,7 +19,6 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 # setupVars set in basic-install.sh
 source "${setupVars}"
 update="false"
 coltable="/opt/pihole/COL_TABLE"
 source ${coltable}
@ -33,89 +32,6 @@ check_download_exists() {
  fi
 }
 FTLinstall() {
  # Download and install FTL binary
  local binary
  binary="${1}"
  local path
  path="${2}"
  local str
  str="Installing FTL"
  echo -ne "  ${INFO} ${str}..."
  if curl -sSL --fail "https://ftl.pi-hole.net/${path}" -o "/tmp/${binary}"; then
    # Get sha1 of the binary we just downloaded for verification.
    curl -sSL --fail "https://ftl.pi-hole.net/${path}.sha1" -o "/tmp/${binary}.sha1"
    # Check if we just downloaded text, or a binary file.
    cd /tmp || return 1
    if sha1sum --status --quiet -c "${binary}".sha1; then
      echo -n "transferred... "
      stop_service pihole-FTL &> /dev/null
      install -T -m 0755 "/tmp/${binary}" "/usr/bin/pihole-FTL"
      rm "/tmp/${binary}" "/tmp/${binary}.sha1"
      start_service pihole-FTL &> /dev/null
      echo -e "${OVER}  ${TICK} ${str}"
      return 0
    else
      echo -e "${OVER}  ${CROSS} ${str}"
      echo -e "  ${COL_LIGHT_RED}Error: Download of binary from ftl.pi-hole.net failed${COL_NC}"
      return 1
    fi
  else
    echo -e "${OVER}  ${CROSS} ${str}"
    echo -e "  ${COL_LIGHT_RED}Error: URL not found${COL_NC}"
  fi
 }
 get_binary_name() {
  local machine
  machine=$(uname -m)
  local str
  str="Detecting architecture"
  echo -ne "  ${INFO} ${str}..."
  if [[ "${machine}" == "arm"* || "${machine}" == *"aarch"* ]]; then
    # ARM
    local rev
    rev=$(uname -m | sed "s/[^0-9]//g;")
    local lib
    lib=$(ldd /bin/ls | grep -E '^\s*/lib' | awk '{ print $1 }')
    if [[ "${lib}" == "/lib/ld-linux-aarch64.so.1" ]]; then
      echo -e "${OVER}  ${TICK} Detected ARM-aarch64 architecture"
      binary="pihole-FTL-aarch64-linux-gnu"
    elif [[ "${lib}" == "/lib/ld-linux-armhf.so.3" ]]; then
      if [[ "$rev" -gt "6" ]]; then
        echo -e "${OVER}  ${TICK} Detected ARM-hf architecture (armv7+)"
        binary="pihole-FTL-arm-linux-gnueabihf"
      else
        echo -e "${OVER}  ${TICK} Detected ARM-hf architecture (armv6 or lower) Using ARM binary"
        binary="pihole-FTL-arm-linux-gnueabi"
      fi
    else
      echo -e "${OVER}  ${TICK} Detected ARM architecture"
      binary="pihole-FTL-arm-linux-gnueabi"
    fi
  elif [[ "${machine}" == "ppc" ]]; then
    # PowerPC
    echo -e "${OVER}  ${TICK} Detected PowerPC architecture"
    binary="pihole-FTL-powerpc-linux-gnu"
  elif [[ "${machine}" == "x86_64" ]]; then
    # 64bit
    echo -e "${OVER}  ${TICK} Detected x86_64 architecture"
    binary="pihole-FTL-linux-x86_64"
  else
    # Something else - we try to use 32bit executable and warn the user
    if [[ ! "${machine}" == "i686" ]]; then
      echo -e "${OVER}  ${CROSS} ${str}...
      ${COL_LIGHT_RED}Not able to detect architecture (unknown: ${machine}), trying 32bit executable
      Contact support if you experience issues (e.g: FTL not running)${COL_NC}"
    else
      echo -e "${OVER}  ${TICK} Detected 32bit (i686) architecture"
    fi
    binary="pihole-FTL-linux-x86_32"
  fi
 }
 fully_fetch_repo() {
  # Add upstream branches to shallow clone
  local directory="${1}"
@ -176,11 +92,6 @@ checkout_pull_branch() {
  git checkout "${branch}" --quiet || return 1
  echo -e "${OVER}  ${TICK} $str"
  if [[ "$(git diff "${oldbranch}" | grep -c "^")" -gt "0" ]]; then
    update="true"
  fi
  git_pull=$(git pull || return 1)
  if [[ "$git_pull" == *"up-to-date"* ]]; then
@ -257,7 +168,6 @@ checkout() {
    local path
    path="development/${binary}"
    echo "development" > /etc/pihole/ftlbranch
    FTLinstall "${binary}" "${path}"
  elif [[ "${1}" == "master" ]] ; then
    # Shortcut to check out master branches
    echo -e "  ${INFO} Shortcut \"master\" detected - checking out master branches..."
@ -272,7 +182,6 @@ checkout() {
    local path
    path="master/${binary}"
    echo "master" > /etc/pihole/ftlbranch
    FTLinstall "${binary}" "${path}"
  elif [[ "${1}" == "core" ]] ; then
    str="Fetching branches from ${piholeGitUrl}"
    echo -ne "  ${INFO} $str"
@ -335,7 +244,6 @@ checkout() {
    if check_download_exists "$path"; then
        echo "  ${TICK} Branch ${2} exists"
        echo "${2}" > /etc/pihole/ftlbranch
        FTLinstall "${binary}" "${path}"
    else
        echo "  ${CROSS} Requested branch \"${2}\" is not available"
        ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep 'heads' | sed 's/refs\/heads\///;s/ //g' | awk '{print $2}') )
@ -350,7 +258,7 @@ checkout() {
  fi
  # Force updating everything
-  if [[ ( ! "${1}" == "web" && ! "${1}" == "ftl" ) && "${update}" == "true" ]]; then
+  if [[  ! "${1}" == "web"  ]]; then
    echo -e "  ${INFO} Running installer to upgrade your installation"
    if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then
      exit 0
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@ -592,7 +592,7 @@ ping_gateway() {
    # Try to quietly ping the gateway 3 times, with a timeout of 3 seconds, using numeric output only,
    # on the pihole interface, and tail the last three lines of the output
    # If pinging the gateway is not successful,
-    if ! ${cmd} -c 3 -W 2 -n ${gateway} -I ${PIHOLE_INTERFACE} >/dev/null; then
+    if ! ${cmd} -c 1 -W 2 -n ${gateway} -I ${PIHOLE_INTERFACE} >/dev/null; then
      # let the user know
      log_write "${CROSS} ${COL_RED}Gateway did not respond.${COL_NC} ($FAQ_GATEWAY)\n"
      # and return an error code
@ -613,7 +613,7 @@ ping_internet() {
  ping_ipv4_or_ipv6 "${protocol}"
  log_write "* Checking Internet connectivity via IPv${protocol}..."
  # Try to ping the address 3 times
-  if ! ${cmd} -W 2 -c 3 -n ${public_address} -I ${PIHOLE_INTERFACE} >/dev/null; then
+  if ! ${cmd} -c 1 -W 2 -n ${public_address} -I ${PIHOLE_INTERFACE} >/dev/null; then
    # if it's unsuccessful, show an error
    log_write "${CROSS} ${COL_RED}Cannot reach the Internet.${COL_NC}\n"
    return 1
@ -958,7 +958,7 @@ list_files_in_dir() {
            "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") make_array_from_file "${dir_to_parse}/${each_file}" 25
            ;;
            # Same for the FTL log
-            "${PIHOLE_FTL_LOG}") make_array_from_file "${dir_to_parse}/${each_file}" 25
+            "${PIHOLE_FTL_LOG}") head_tail_log "${dir_to_parse}/${each_file}" 35
            ;;
            # parse the file into an array in case we ever need to analyze it line-by-line
            *) make_array_from_file "${dir_to_parse}/${each_file}";
@ -991,6 +991,34 @@ show_content_of_pihole_files() {
  show_content_of_files_in_dir "${LOG_DIRECTORY}"
 }
 head_tail_log() {
  # The file being processed
  local filename="${1}"
  # The number of lines to use for head and tail
  local qty="${2}"
  local head_line
  local tail_line
  # Put the current Internal Field Separator into another variable so it can be restored later
  OLD_IFS="$IFS"
  # Get the lines that are in the file(s) and store them in an array for parsing later
  IFS=$'\r\n'
  local log_head=()
  log_head=( $(head -n ${qty} ${filename}) )
  log_write "   ${COL_CYAN}-----head of $(basename ${filename})------${COL_NC}"
  for head_line in "${log_head[@]}"; do
    log_write "   ${head_line}"
  done
  log_write ""
  local log_tail=()
  log_tail=( $(tail -n ${qty} ${filename}) )
  log_write "   ${COL_CYAN}-----tail of $(basename ${filename})------${COL_NC}"
  for tail_line in "${log_tail[@]}"; do
    log_write "   ${tail_line}"
  done
  # Set the IFS back to what it was
  IFS="$OLD_IFS"
 }
 analyze_gravity_list() {
  echo_current_diagnostic "Gravity list"
  local head_line
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@ -19,6 +19,9 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole"
 # shellcheck disable=SC2034
 PH_TEST=true
 # when --check-only is passed to this script, it will not perform the actual update
 CHECK_ONLY=false
 # shellcheck disable=SC1090
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 # shellcheck disable=SC1091
@ -28,9 +31,12 @@ source "/opt/pihole/COL_TABLE"
 # make_repo() sourced from basic-install.sh
 # update_repo() source from basic-install.sh
 # getGitFiles() sourced from basic-install.sh
 # get_binary_name() sourced from basic-install.sh
 # FTLcheckUpdate() sourced from basic-install.sh
 GitCheckUpdateAvail() {
-  local directory="${1}"
+  local directory
  directory="${1}"
  curdir=$PWD
  cd "${directory}" || return
@ -77,23 +83,15 @@ GitCheckUpdateAvail() {
  fi
 }
 FTLcheckUpdate() {
 	local FTLversion
 	FTLversion=$(/usr/bin/pihole-FTL tag)
 	local FTLlatesttag
 	FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
 	if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
 		return 0
 	else
 		return 1
 	fi
 }
 main() {
  local pihole_version_current
  local web_version_current
  local basicError="\\n  ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
  local core_update
  local web_update
  local FTL_update
  core_update=false
  web_update=false
  FTL_update=false
  # shellcheck disable=1090,2154
  source "${setupVars}"
@ -147,82 +145,56 @@ main() {
      web_update=false
      echo -e "  ${INFO} Web Interface:\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
    fi
    # Logic
    # If Core up to date AND web up to date:
    #            Do nothing
    # If Core up to date AND web NOT up to date:
    #            Pull web repo
    # If Core NOT up to date AND web up to date:
    #            pull pihole repo, run install --unattended -- reconfigure
    # if Core NOT up to date AND web NOT up to date:
    #            pull pihole repo run install --unattended
    if ! ${core_update} && ! ${web_update} ; then
      if ! ${FTL_update} ; then
        echo ""
        echo -e "  ${TICK} Everything is up to date!"
        exit 0
      fi
    elif ! ${core_update} && ${web_update} ; then
      echo ""
      echo -e "  ${INFO} Pi-hole Web Admin files out of date"
      getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}"
    elif ${core_update} && ! ${web_update} ; then
      echo ""
      echo -e "  ${INFO} Pi-hole core files out of date"
      getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
      ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \
        echo -e "${basicError}" && exit 1
    elif ${core_update} && ${web_update} ; then
      echo ""
      echo -e "  ${INFO} Updating Pi-hole core and web admin files"
      getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
      ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --unattended || \
        echo -e "${basicError}" && exit 1
    else
      echo -e "  ${COL_LIGHT_RED}Update script has malfunctioned, please contact Pi-hole Support${COL_NC}"
      exit 1
    fi
  else # Web Admin not installed, so only verify if core is up to date
    if ! ${core_update}; then
      if ! ${FTL_update} ; then
        echo ""
        echo -e "  ${INFO} Everything is up to date!"
        exit 0
      fi
    else
      echo ""
      echo -e "  ${INFO} Pi-hole Core files out of date"
      getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
      ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \
        echo -e "${basicError}" && exit 1
    fi
  fi
-  if [[ "${web_update}" == true ]]; then
+  if FTLcheckUpdate > /dev/null; then
-    web_version_current="$(/usr/local/bin/pihole version --admin --current)"
+    FTL_update=true
    echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
  else
    FTL_update=false
    echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
  fi
  if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then
    echo ""
-    echo -e "  ${INFO} Web Admin version is now at ${web_version_current/* v/v}
+    echo -e "  ${TICK} Everything is up to date!"
-  ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'"
+    exit 0
  fi
  if [[ "${CHECK_ONLY}" == true ]]; then
    echo ""
    exit 0
  fi
  if [[ "${core_update}" == true ]]; then
    pihole_version_current="$(/usr/local/bin/pihole version --pihole --current)"
    echo ""
-    echo -e "  ${INFO} Pi-hole version is now at ${pihole_version_current/* v/v}
+    echo -e "  ${INFO} Pi-hole core files out of date, updating local repo."
-  ${INFO} If you had made any changes in '/etc/.pihole/', they have been stashed using 'git stash'"
+    getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
    echo -e "  ${INFO} If you had made any changes in '/etc/.pihole/', they have been stashed using 'git stash'"
  fi
  if [[ "${web_update}" == true ]]; then
    echo ""
    echo -e "  ${INFO} Pi-hole Web Admin files out of date, updating local repo."
    getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}"
    echo -e "  ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'"
  fi
  if [[ "${FTL_update}" == true ]]; then
-    FTL_version_current="$(/usr/bin/pihole-FTL tag)"
+    echo ""
-    echo -e "\\n  ${INFO} FTL version is now at ${FTL_version_current/* v/v}"
+    echo -e "  ${INFO} FTL out of date, it will be updated by the installer."
    start_service pihole-FTL
    enable_service pihole-FTL
  fi
  if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then
    ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \
         echo -e "${basicError}" && exit 1
  fi
  echo ""
  exit 0
 }
 if [[ "$1" == "--check-only" ]]; then
  CHECK_ONLY=true
 fi
 main
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@ -13,6 +13,7 @@
 readonly setupVars="/etc/pihole/setupVars.conf"
 readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
 readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf"
 readonly FTLconf="/etc/pihole/pihole-FTL.conf"
 # 03 -> wildcards
 readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf"
@ -35,7 +36,7 @@ Options:
  -e, email           Set an administrative contact address for the Block Page
  -h, --help          Show this help dialog
  -i, interface       Specify dnsmasq's interface listening behavior
-                        Add '-h' for more info on interface usage"
+  -l, privacylevel    Set privacy level (0 = lowest, 3 = highest)"
 	exit 0
 }
@ -52,6 +53,19 @@ change_setting() {
 	add_setting "${1}" "${2}"
 }
 addFTLsetting() {
 	echo "${1}=${2}" >> "${FTLconf}"
 }
 deleteFTLsetting() {
 	sed -i "/${1}/d" "${FTLconf}"
 }
 changeFTLsetting() {
 	deleteFTLsetting "${1}"
 	addFTLsetting "${1}" "${2}"
 }
 add_dnsmasq_setting() {
 	if [[ "${2}" != "" ]]; then
 		echo "${1}=${2}" >> "${dnsmasqconfig}"
@ -135,6 +149,10 @@ ProcessDNSSettings() {
 		let COUNTER=COUNTER+1
 	done
  if [ ! -z "${LOCAL_DNS_PORT}" ]; then
    add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_DNS_PORT}"
  fi
 	delete_dnsmasq_setting "domain-needed"
 	if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
@ -505,36 +523,55 @@ audit()
 	echo "${args[2]}" >> /etc/pihole/auditlog.list
 }
 SetPrivacyLevel() {
 	# Set privacy level. Minimum is 0, maximum is 3
 	if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
 		changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
 	fi
 }
 SetLocalDNSport() {
  # Ensure port is a natural number { 0, 1, 2, 3, ... }
  if [[ "${1}" == "0" ]]; then
    delete_setting "LOCAL_DNS_PORT"
    ProcessDNSSettings
  elif [[ "${1}" =~ ^[0-9]+$ ]]; then
    change_setting "LOCAL_DNS_PORT" "${1}"
    ProcessDNSSettings
  fi
 }
 main() {
 	args=("$@")
 	case "${args[1]}" in
-		"-p" | "password"   ) SetWebPassword;;
+		"-p" | "password"     ) SetWebPassword;;
-		"-c" | "celsius"    ) unit="C"; SetTemperatureUnit;;
+		"-c" | "celsius"      ) unit="C"; SetTemperatureUnit;;
-		"-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;;
+		"-f" | "fahrenheit"   ) unit="F"; SetTemperatureUnit;;
-		"-k" | "kelvin"     ) unit="K"; SetTemperatureUnit;;
+		"-k" | "kelvin"       ) unit="K"; SetTemperatureUnit;;
-		"setdns"            ) SetDNSServers;;
+		"setdns"              ) SetDNSServers;;
-		"setexcludedomains" ) SetExcludeDomains;;
+		"setexcludedomains"   ) SetExcludeDomains;;
-		"setexcludeclients" ) SetExcludeClients;;
+		"setexcludeclients"   ) SetExcludeClients;;
-		"poweroff"          ) Poweroff;;
+		"poweroff"            ) Poweroff;;
-		"reboot"            ) Reboot;;
+		"reboot"              ) Reboot;;
-		"restartdns"        ) RestartDNS;;
+		"restartdns"          ) RestartDNS;;
-		"setquerylog"       ) SetQueryLogOptions;;
+		"setquerylog"         ) SetQueryLogOptions;;
-		"enabledhcp"        ) EnableDHCP;;
+		"enabledhcp"          ) EnableDHCP;;
-		"disabledhcp"       ) DisableDHCP;;
+		"disabledhcp"         ) DisableDHCP;;
-		"layout"            ) SetWebUILayout;;
+		"layout"              ) SetWebUILayout;;
-		"-h" | "--help"     ) helpFunc;;
+		"-h" | "--help"       ) helpFunc;;
-		"privacymode"       ) SetPrivacyMode;;
+		"privacymode"         ) SetPrivacyMode;;
-		"resolve"           ) ResolutionSettings;;
+		"resolve"             ) ResolutionSettings;;
-		"addstaticdhcp"     ) AddDHCPStaticAddress;;
+		"addstaticdhcp"       ) AddDHCPStaticAddress;;
-		"removestaticdhcp"  ) RemoveDHCPStaticAddress;;
+		"removestaticdhcp"    ) RemoveDHCPStaticAddress;;
-		"-r" | "hostrecord" ) SetHostRecord "$3";;
+		"-r" | "hostrecord"   ) SetHostRecord "$3";;
-		"-e" | "email"      ) SetAdminEmail "$3";;
+		"-e" | "email"        ) SetAdminEmail "$3";;
-		"-i" | "interface"  ) SetListeningMode "$@";;
+		"-i" | "interface"    ) SetListeningMode "$@";;
-		"-t" | "teleporter" ) Teleporter;;
+		"-t" | "teleporter"   ) Teleporter;;
-		"adlist"            ) CustomizeAdLists;;
+		"adlist"              ) CustomizeAdLists;;
-		"audit"             ) audit;;
+		"audit"               ) audit;;
-		*                   ) helpFunc;;
+		"-l" | "privacylevel" ) SetPrivacyLevel;;
 		"localdnsport"        ) SetLocalDNSport "$3";;
 		*                     ) helpFunc;;
 	esac
 	shift
--- a/advanced/pihole-FTL.service
+++ b/advanced/pihole-FTL.service
@ -20,6 +20,7 @@ is_running() {
    ps "$(get_pid)" > /dev/null 2>&1
 }
 # Start the service
 start() {
  if is_running; then
@ -29,9 +30,12 @@ start() {
    mkdir -p /var/run/pihole
    mkdir -p /var/log/pihole
    chown pihole:pihole /var/run/pihole /var/log/pihole
-    rm /var/run/pihole/FTL.sock
+    rm /var/run/pihole/FTL.sock 2> /dev/null
-    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole
+    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port
    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
    setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"
    echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL
    su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
    echo
  fi
@ -40,6 +44,7 @@ start() {
 # Stop the service
 stop() {
  if is_running; then
    /sbin/resolvconf -d lo.piholeFTL
    kill "$(get_pid)"
    for i in {1..5}; do
      if ! is_running; then
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
@ -173,7 +173,7 @@ if command -v apt-get &> /dev/null; then
  # These programs are stored in an array so they can be looped through later
  INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
  # Pi-hole itself has several dependencies that also need to be installed
-  PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget idn2 sqlite3)
+  PIHOLE_DEPS=(bc cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data resolvconf)
  # The Web dashboard has some that also need to be installed
  # It's useful to separate the two since our repos are also setup as "Core" code and "Web" code
  PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi ${phpVer}-${phpSqlite})
@ -183,8 +183,6 @@ if command -v apt-get &> /dev/null; then
  LIGHTTPD_GROUP="www-data"
  # and config file
  LIGHTTPD_CFG="lighttpd.conf.debian"
  # The DNS server user
  DNSMASQ_USER="dnsmasq"
  # A function to check...
  test_dpkg_lock() {
@ -217,7 +215,7 @@ elif command -v rpm &> /dev/null; then
  PKG_INSTALL=(${PKG_MANAGER} install -y)
  PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
  INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng)
-  PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget libidn2 psmisc)
+  PIHOLE_DEPS=(bc bind-utils cronie curl findutils nmap-ncat sudo unzip wget libidn2 psmisc)
  PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo)
  # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS
  if grep -qi 'centos' /etc/redhat-release; then
@ -226,7 +224,6 @@ elif command -v rpm &> /dev/null; then
    LIGHTTPD_USER="lighttpd"
    LIGHTTPD_GROUP="lighttpd"
    LIGHTTPD_CFG="lighttpd.conf.fedora"
    DNSMASQ_USER="nobody"
 # If neither apt-get or rmp/dnf are found
 else
@ -1028,6 +1025,10 @@ version_check_dnsmasq() {
  fi
  echo -en "  ${INFO} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..."
  # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
  if [[ ! -d "/etc/dnsmasq.d"  ]];then
    mkdir "/etc/dnsmasq.d"
  fi
  # Copy the new Pi-hole DNS config file into the dnsmasq.d directory
  cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
  echo -e "${OVER}  ${TICK} Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf"
@ -1156,7 +1157,6 @@ stop_service() {
  # Stop service passed in as argument.
  # Can softfail, as process may not be installed when this is called
  local str="Stopping ${1} service"
  echo ""
  echo -ne "  ${INFO} ${str}..."
  if command -v systemctl &> /dev/null; then
    systemctl stop "${1}" &> /dev/null || true
@ -1170,7 +1170,6 @@ stop_service() {
 start_service() {
  # Local, named variables
  local str="Starting ${1} service"
  echo ""
  echo -ne "  ${INFO} ${str}..."
  # If systemctl exists,
  if command -v systemctl &> /dev/null; then
@ -1188,13 +1187,12 @@ start_service() {
 enable_service() {
  # Local, named variables
  local str="Enabling ${1} service to start on reboot"
  echo ""
  echo -ne "  ${INFO} ${str}..."
  # If systemctl exists,
  if command -v systemctl &> /dev/null; then
    # use that to enable the service
    systemctl enable "${1}" &> /dev/null
-  # Othwerwise,
+  # Otherwise,
  else
    # use update-rc.d to accomplish this
    update-rc.d "${1}" defaults &> /dev/null
@ -1202,6 +1200,35 @@ enable_service() {
  echo -e "${OVER}  ${TICK} ${str}"
 }
 # Disable service so that it will not with next reboot
 disable_service() {
  # Local, named variables
  local str="Disabling ${1} service"
  echo -ne "  ${INFO} ${str}..."
  # If systemctl exists,
  if command -v systemctl &> /dev/null; then
    # use that to disable the service
    systemctl disable "${1}" &> /dev/null
  # Otherwise,
  else
    # use update-rc.d to accomplish this
    update-rc.d "${1}" disable &> /dev/null
  fi
  echo -e "${OVER}  ${TICK} ${str}"
 }
 check_service_active() {
    # If systemctl exists,
  if command -v systemctl &> /dev/null; then
    # use that to check the status of the service
    systemctl is-enabled "${1}" > /dev/null
  # Otherwise,
  else
    # fall back to service command
    service "${1}" status > /dev/null
  fi
 }
 update_package_cache() {
  # Running apt-get update/upgrade with minimal output can cause some issues with
  # requiring user input (e.g password for phpmyadmin see #218)
@ -1328,27 +1355,6 @@ install_dependent_packages() {
  return 0
 }
 # Create logfiles if necessary
 CreateLogFile() {
  local str="Creating log and changing owner to dnsmasq"
  echo ""
  echo -ne "  ${INFO} ${str}..."
  # If the pihole log does not exist,
  if [[ ! -f "/var/log/pihole.log" ]]; then
    # Make it,
    touch /var/log/pihole.log
    # set the permissions,
    chmod 644 /var/log/pihole.log
    # and owners
    chown "${DNSMASQ_USER}":root /var/log/pihole.log
    echo -e "${OVER}  ${TICK} ${str}"
  # Otherwise,
  else
    # the file should already exist
    echo -e " ${COL_LIGHT_GREEN}log already exists!${COL_NC}"
  fi
 }
 # Install the Web interface dashboard
 installPiholeWeb() {
  echo ""
@ -1375,7 +1381,7 @@ installPiholeWeb() {
    # back it up
    mv /var/www/html/index.lighttpd.html /var/www/html/index.lighttpd.orig
    echo -e "${OVER}  ${TICK} ${str}"
-  # Othwerwise,
+  # Otherwise,
  else
    # don't do anything
    echo -e "${OVER}  ${CROSS} ${str}
@ -1434,7 +1440,7 @@ create_pihole_user() {
  if id -u pihole &> /dev/null; then
    # just show a success
    echo -ne "${OVER}  ${TICK} ${str}"
-  # Othwerwise,
+  # Otherwise,
  else
    echo -ne "${OVER}  ${CROSS} ${str}"
    local str="Creating user 'pihole'"
@ -1453,7 +1459,7 @@ configureFirewall() {
    # ask if the user wants to install Pi-hole's default firwall rules
    whiptail --title "Firewall in use" --yesno "We have detected a running firewall\\n\\nPi-hole currently requires HTTP and DNS port access.\\n\\n\\n\\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
    { echo -e "  ${INFO} Not installing firewall rulesets."; return 0; }
-    echo -e "  ${TICK} Configuring FirewallD for httpd and dnsmasq"
+    echo -e "  ${TICK} Configuring FirewallD for httpd and pihole-FTL"
    # Allow HTTP and DNS traffice
    firewall-cmd --permanent --add-service=http --add-service=dns
    # Reload the firewall to apply these changes
@ -1474,7 +1480,7 @@ configureFirewall() {
      iptables -C INPUT -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT
      return 0
    fi
-  # Othwerwise,
+  # Otherwise,
  else
    # no firewall is running
    echo -e "  ${INFO} No active firewall detected.. skipping firewall configuration"
@ -1584,8 +1590,6 @@ installPihole() {
  installScripts
  # configs,
  installConfigs
  # and create the log file
  CreateLogFile
  # If the user wants to install the dashboard,
  if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
    # do so
@ -1631,8 +1635,6 @@ updatePihole() {
  installScripts
  # Install config files
  installConfigs
  # Create the log file
  CreateLogFile
  # If the user wants to install the dasboard,
  if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
    # do so
@ -1795,15 +1797,32 @@ FTLinstall() {
  fi
  # Move into the temp ftl directory
-  pushd "$(mktemp -d)" || { echo "Unable to make temporary directory for FTL binary download"; return 1; }
+  pushd "$(mktemp -d)" > /dev/null || { echo "Unable to make temporary directory for FTL binary download"; return 1; }
  # Always replace pihole-FTL.service
  install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"
  local ftlBranch
  local url
  local ftlBranch
  if [[ -f "/etc/pihole/ftlbranch" ]];then
    ftlBranch=$(</etc/pihole/ftlbranch)
  else
    ftlBranch="master"
  fi
  # Determine which version of FTL to download
  if [[ "${ftlBranch}" == "master" ]];then
    url="https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}"
  else
    url="https://ftl.pi-hole.net/${ftlBranch}"
  fi
  # If the download worked,
-  if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "${binary}"; then
+  if curl -sSL --fail "${url}/${binary}" -o "${binary}"; then
    # get sha1 of the binary we just downloaded for verification.
-    curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "${binary}.sha1"
+    curl -sSL --fail "${url}/${binary}.sha1" -o "${binary}.sha1"
    # If we downloaded binary file (as opposed to text),
    if sha1sum --status --quiet -c "${binary}".sha1; then
@ -1813,21 +1832,38 @@ FTLinstall() {
      # Install the new version with the correct permissions
      install -T -m 0755 "${binary}" /usr/bin/pihole-FTL
      # Move back into the original directory the user was in
-      popd || { echo "Unable to return to original directory after FTL binary download."; return 1; }
+      popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; }
      # Install the FTL service
      echo -e "${OVER}  ${TICK} ${str}"
      # If the --resolver flag returns True (exit code 0), then we can safely stop & disable dnsmasq
      if pihole-FTL --resolver > /dev/null; then
        if which dnsmasq > /dev/null; then
          if check_service_active "dnsmasq";then
            echo "  ${INFO} FTL can now resolve DNS Queries without dnsmasq running separately"
            stop_service dnsmasq
            disable_service dnsmasq
          fi
        fi
        #ensure /etc/dnsmasq.conf contains `conf-dir=/etc/dnsmasq.d`
        confdir="conf-dir=/etc/dnsmasq.d"
        conffile="/etc/dnsmasq.conf"
        if ! grep -q "$confdir" "$conffile"; then
            echo "$confdir" >> "$conffile"
        fi
      fi
      return 0
    # Otherise,
    else
      # the download failed, so just go back to the original directory
-      popd || { echo "Unable to return to original directory after FTL binary download."; return 1; }
+      popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; }
      echo -e "${OVER}  ${CROSS} ${str}"
      echo -e "  ${COL_LIGHT_RED}Error: Download of binary from Github failed${COL_NC}"
      return 1
    fi
  # Otherwise,
  else
-    popd || { echo "Unable to return to original directory after FTL binary download."; return 1; }
+    popd > /dev/null || { echo "Unable to return to original directory after FTL binary download."; return 1; }
    echo -e "${OVER}  ${CROSS} ${str}"
    # The URL could not be found
    echo -e "  ${COL_LIGHT_RED}Error: URL not found${COL_NC}"
@ -1835,15 +1871,9 @@ FTLinstall() {
  fi
 }
-# Detect suitable FTL binary platform
+get_binary_name() {
-FTLdetect() {
+# Local, named variables
  echo ""
  echo -e "  ${INFO} FTL Checks..."
  # Local, named variables
  local machine
  local binary
  # Store architecture in a variable
  machine=$(uname -m)
@ -1902,37 +1932,86 @@ FTLdetect() {
    fi
    binary="pihole-FTL-linux-x86_32"
  fi
 }
 FTLcheckUpdate()
 {
  get_binary_name
  #In the next section we check to see if FTL is already installed (in case of pihole -r).
  #If the installed version matches the latest version, then check the installed sha1sum of the binary vs the remote sha1sum. If they do not match, then download
  echo -e "  ${INFO} Checking for existing FTL binary..."
-  local ftlLoc=$(which pihole-FTL 2>/dev/null)
+  local ftlLoc
  ftlLoc=$(which pihole-FTL 2>/dev/null)
-  if [[ ${ftlLoc} ]]; then
+  local ftlBranch
    local FTLversion=$(/usr/bin/pihole-FTL tag)
 	  local FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
-	  if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
+  if [[ -f "/etc/pihole/ftlbranch" ]];then
-		  # Install FTL
+    ftlBranch=$(</etc/pihole/ftlbranch)
-      FTLinstall "${binary}" || return 1
+  else
-	  else
+    ftlBranch="master"
-	    echo -e "  ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
+  fi
-	    local remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
+  local remoteSha1
-	    local localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
+  local localSha1
-	    if [[ "${remoteSha1}" != "${localSha1}" ]]; then
+  if [[ ! "${ftlBranch}" == "master" ]]; then
-	      echo -e "  ${INFO} Corruption detected..."
+    if [[ ${ftlLoc} ]]; then
-	      FTLinstall "${binary}" || return 1
+      # We already have a pihole-FTL binary downloaded.
-	    else
+      # Alt branches don't have a tagged version against them, so just confirm the checksum of the local vs remote to decide whether we download or not
-	      echo -e "  ${INFO} Checksum correct. No need to download!"
+      remoteSha1=$(curl -sSL --fail "https://ftl.pi-hole.net/${ftlBranch}/${binary}.sha1" | cut -d ' ' -f 1)
-	    fi
+      localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
-	  fi
+
-	else
+      if [[ "${remoteSha1}" != "${localSha1}" ]]; then
-	  # Install FTL
+        echo -e "  ${INFO} Checksums do not match, downloading from ftl.pi-hole.net."
        return 0
      else
        echo -e "  ${INFO} Checksum of installed binary matches remote. No need to download!"
        return 1
      fi
    else
      return 0
    fi
  else
    if [[ ${ftlLoc} ]]; then
      local FTLversion
      FTLversion=$(/usr/bin/pihole-FTL tag)
      local FTLlatesttag
      FTLlatesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep 'Location' | awk -F '/' '{print $NF}' | tr -d '\r\n')
      if [[ "${FTLversion}" != "${FTLlatesttag}" ]]; then
        return 0
      else
        echo -e "  ${INFO} Latest FTL Binary already installed (${FTLlatesttag}). Confirming Checksum..."
        remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
        localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
        if [[ "${remoteSha1}" != "${localSha1}" ]]; then
          echo -e "  ${INFO} Corruption detected..."
          return 0
        else
          echo -e "  ${INFO} Checksum correct. No need to download!"
          return 1
        fi
      fi
    else
      return 0
    fi
  fi
 }
 # Detect suitable FTL binary platform
 FTLdetect() {
  echo ""
  echo -e "  ${INFO} FTL Checks..."
  if FTLcheckUpdate ; then
    FTLinstall "${binary}" || return 1
  fi
  echo ""
 }
 make_temporary_log() {
@ -2035,7 +2114,19 @@ main() {
    # Create directory for Pi-hole storage
    mkdir -p /etc/pihole/
-    stop_service dnsmasq
+    #Do we need to stop pihole-FTL or dnsmasq(if coming from an old install)?
    if [[ $(which pihole-FTL 2>/dev/null) ]]; then
      if pihole-FTL --resolver > /dev/null; then
        stop_service pihole-FTL
      else
        stop_service dnsmasq
      fi
    else
      if [[ $(which dnsmasq 2>/dev/null) ]]; then
        stop_service dnsmasq
      fi
    fi
    if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
      stop_service lighttpd
    fi
@ -2125,8 +2216,11 @@ main() {
  echo -e "  ${INFO} Restarting services..."
  # Start services
-  start_service dnsmasq
+  # Only start and enable dnsmasq if FTL does not have the --resolver switch
-  enable_service dnsmasq
+  if ! pihole-FTL --resolver > /dev/null; then
    start_service dnsmasq
    enable_service dnsmasq
  fi
  # If the Web server was installed,
  if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
@ -2188,6 +2282,10 @@ main() {
  echo -e "\\n  ${INFO} The install log is located at: ${installLogLoc}
  ${COL_LIGHT_GREEN}${INSTALL_TYPE} Complete! ${COL_NC}"
  if [[ "${INSTALL_TYPE}" == "Update" ]]; then
    echo ""
    /usr/local/bin/pihole version --current
  fi
 }
 #
--- a/gravity.sh
+++ b/gravity.sh
@ -44,6 +44,8 @@ preEventHorizon="list.preEventHorizon"
 skipDownload="false"
 resolver="pihole-FTL"
 # Source setupVars from install script
 setupVars="${piholeDir}/setupVars.conf"
 if [[ -f "${setupVars}" ]];then
@ -104,7 +106,7 @@ gravity_CheckDNSResolutionAvailable() {
  fi
  # Determine error output message
-  if pidof dnsmasq &> /dev/null; then
+  if pidof ${resolver} &> /dev/null; then
    echo -e "  ${CROSS} DNS resolution is currently unavailable"
  else
    echo -e "  ${CROSS} DNS service is not running"
@ -345,13 +347,18 @@ gravity_ParseFileIntoDomains() {
    # Scanning for "^IPv4$" is too slow with large (1M) lists on low-end hardware
    echo -ne "  ${INFO} Format: URL"
-    awk '{
+    awk '
-      # Remove URL protocol, optional "username:password@", and ":?/;"
+      # Remove URL scheme, optional "username:password@", and ":?/;"
-      if ($0 ~ /[:?\/;]/) { gsub(/(^.*:\/\/(.*:.*@)?|[:?\/;].*)/, "", $0) }
+      # The scheme must be matched carefully to avoid blocking the wrong URL
-      # Remove lines which are only IPv4 addresses
+      # in cases like:
-      if ($0 ~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) { $0="" }
+      #   http://www.evil.com?http://www.good.com
-      if ($0) { print $0 }
+      # See RFC 3986 section 3.1 for details.
-    }' "${source}" 2> /dev/null > "${destination}"
+      /[:?\/;]/ { gsub(/(^[a-zA-Z][a-zA-Z0-9+.-]*:\/\/(.*:.*@)?|[:?\/;].*)/, "", $0) }
      # Skip lines which are only IPv4 addresses
      /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ { next }
      # Print if nonempty
      length { print }
    ' "${source}" 2> /dev/null > "${destination}"
    echo -e "${OVER}  ${TICK} Format: URL"
  else
@ -508,9 +515,11 @@ gravity_ParseBlacklistDomains() {
  if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then
    gravity_ParseDomainsIntoHosts "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
    grep -c "^" "${piholeDir}/${whitelistMatter}" > "${piholeDir}/numBlocked" 2> /dev/null
  else
    # There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
    gravity_ParseDomainsIntoHosts "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
    grep -c "^" "${piholeDir}/${preEventHorizon}" > "${piholeDir}/numBlocked" 2> /dev/null
  fi
  # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
@ -567,7 +576,7 @@ gravity_Cleanup() {
  echo -e "${OVER}  ${TICK} ${str}"
  # Only restart DNS service if offline
-  if ! pidof dnsmasq &> /dev/null; then
+  if ! pidof ${resolver} &> /dev/null; then
    "${PIHOLE_COMMAND}" restartdns
    dnsWasOffline=true
  fi
--- a/21
+++ b/21
@ -14,6 +14,8 @@ readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"
 resolver="pihole-FTL"
 # Must be root to use this tool
 if [[ ! $EUID -eq 0 ]];then
  if [[ -x "$(command -v sudo)" ]]; then
@ -69,7 +71,8 @@ flushFunc() {
 }
 updatePiholeFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/update.sh
+  shift
  "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@"
  exit 0
 }
@ -332,18 +335,18 @@ restartDNS() {
  local svcOption svc str output status
  svcOption="${1:-}"
-  # Determine if we should reload or restart dnsmasq
+  # Determine if we should reload or restart restart
  if [[ "${svcOption}" =~ "reload" ]]; then
    # Using SIGHUP will NOT re-read any *.conf files
-    svc="killall -s SIGHUP dnsmasq"
+    svc="killall -s SIGHUP ${resolver}"
  else
-    # Get PID of dnsmasq to determine if it needs to start or restart
+    # Get PID of resolver to determine if it needs to start or restart
-    if pidof dnsmasq &> /dev/null; then
+    if pidof pihole-FTL &> /dev/null; then
      svcOption="restart"
    else
      svcOption="start"
    fi
-    svc="service dnsmasq ${svcOption}"
+    svc="service ${resolver} ${svcOption}"
  fi
  # Print output to Terminal, but not to Web Admin
@ -359,9 +362,6 @@ restartDNS() {
    [[ ! -t 1 ]] && local OVER=""
    echo -e "${OVER}  ${CROSS} ${output}"
  fi
  # Send signal to FTL to have it re-parse the gravity files
  killall -s SIGHUP pihole-FTL
 }
 piholeEnable() {
@ -621,6 +621,7 @@ Options:
  -q, query           Query the adlists for a specified domain
                        Add '-h' for more info on query usage
  -up, updatePihole   Update Pi-hole subsystems
                        Add '--check-only' to exit script before update is performed.
  -v, version         Show installed versions of Pi-hole, Admin Console & FTL
                        Add '-h' for more info on version usage
  uninstall           Uninstall Pi-hole from your system
@ -645,7 +646,7 @@ case "${1}" in
  "-wild" | "wildcard"          ) wildcardFunc "$@";;
  "-d" | "debug"                ) debugFunc "$@";;
  "-f" | "flush"                ) flushFunc "$@";;
-  "-up" | "updatePihole"        ) updatePiholeFunc;;
+  "-up" | "updatePihole"        ) updatePiholeFunc "$@";;
  "-r"  | "reconfigure"         ) reconfigurePiholeFunc;;
  "-g" | "updateGravity"        ) updateGravityFunc "$@";;
  "-c" | "chronometer"          ) chronometerFunc "$@";;
--- a/test/test_automated_install.py
+++ b/test/test_automated_install.py
@ -80,7 +80,7 @@ def test_configureFirewall_firewalld_running_no_errors(Pihole):
    source /opt/pihole/basic-install.sh
    configureFirewall
    ''')
-    expected_stdout = 'Configuring FirewallD for httpd and dnsmasq'
+    expected_stdout = 'Configuring FirewallD for httpd and pihole-FTL'
    assert expected_stdout in configureFirewall.stdout
    firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
    assert 'firewall-cmd --state' in firewall_calls