Yes, that's an accurate summation! 
For all the kids, that's a Goonies reference.
... as a corollary to all this, I blocked google.com.onion this afternoon (the only recent config change) and since then the Pi-hole has become unreachable twice, requiring a reboot. Prior to this I had no trouble since I started using Pi-hole several weeks ago.
Adding in a domain to be blocked shouldn't have an affect on the availability of the Pi-hole server. Can you get a debug run immediately after the reboot if you see this coming up again?
what do I do?
Oh, sorry, pihole -d and follow the prompts.
Okay, the log doesn't show why it became unresponsive, there's no graceful (or ungraceful) shutdown message. It's just working away and then a new session is started.
[2020-02-29 14:05:04.353 14274] /etc/pihole/gravity.list: parsed 125246 domains (took 3660.0 ms)
[2020-02-29 14:48:41.090 14274] Resizing "/FTL-strings" from 65536 to 69632
[2020-02-29 16:01:48.653 496] Using log file /var/log/pihole-FTL.log
[2020-02-29 16:01:48.656 496] ########## FTL started! ##########
[2020-02-29 16:01:48.656 496] FTL branch: master
[2020-02-29 16:01:48.657 496] FTL version: v4.3.1
It does seem to be over an hour though between the last entry of the previous uptime and the next startup message.
yes, that's the first time it became unresponsive. The second was about 15 mins ago (times are UTC).
You might be able to look through /var/log/pihole-FTL.log and see if there are any crash messages.
In both cases the last message was
[2020-02-29 19:53:21.835 498] Resizing "/FTL-strings" from 45056 to 49152
Yes, that's a general log entry. We log every time the SHM grows to store more data.
I'll report back if it happens again with onion allowed.
1 Like
One more for the record.
I have a Samsung Galaxy a20e phone 10.0.0.143 and it doesnt make those oooogle queries over the last 24 hours (86400 seconds) with a substantial amount of apps installed:
pi@noads:~ $ sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain FROM queries WHERE client='10.0.0.143' AND timestamp>='$(($(date +%s) - 86400))' AND domain LIKE '%gle.com'" | sort | uniq -c | sort -n -r
130 www.google.com
22 mail.google.com
15 android.clients.google.com
6 supl.google.com
6 inbox.google.com
4 translate.google.com
4 dl.google.com
4 clients1.google.com
4 accounts.google.com
2 clients4.google.com
1 mobile-mail.google.com
1 history.google.com
1 clients2.google.com
Plus Samsung has another registrar not GoDaddy.com:
pi@noads:~ $ whois samsung.com
[..]
Registrar: Whois Networks Co., Ltd.
pi@noads:~ $ whois samsungapps.com
[..]
Registrar: Whois Networks Co., Ltd.
So I suspect its an installed app doing the ooooogle queries not Samsung related.
Seems to be specific to the Galaxy S10 line.
Added model in my posting above.
My wife and I have Australian Galaxy S9s, and recently upgraded to Android 10. Only her phone is causing the same DNS lookup since upgrade, so it seems to be a combination of the OS and another app.
I'd setup a regex block in the pi-hole blacklist, but the DNS query still gets through - www.goo{2,}gle.com initially, and (.|^)goo(o+)gle..+$ as suggested above - but still waiting to see if the latter works.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.