Your debug log shows you are using local
as local domain name:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
* Received 300 bytes from eth0:192.168.1.111
DHCP options:
Message type: DHCPOFFER (2)
dns-server: 192.168.1.111
domain-name: "local"
router: 192.168.1.254
--- end of options ---
This may be unrelated to your observation, but you should note that .local
is the TLD reserved for mDNS usage and should not be used with plain DNS.
In addition, your Pi-hole host is aware of different local domains altogether:
-rw-r--r-- 1 root root 150 Dec 12 11:20 /etc/resolv.conf
search home.arpa fritz.box
After we've addressed your issue, you should change that to one of the domains recommended for private network use, e.g. .internal
, .lan
or .home.arpa
, or perhaps fritz.box
if you'd be using a FritzBox router.
In general, a client would be rate limited when sending excessive DNS requests exceeding Pi-hole' default threshold of 1,000 requests per minute.
You'd be likely to observe that in configurations where clients use the router for DNS while the router is using Pi-hole as its upstream, aggregating DNS requests for the entire network.
However, your Pi-hole DHCP server is distributing Pi-hole as local DNS server, so your DHCP clients would talk to Pi-hole, avoiding aggregation.
You also do not have Conditional Forwarding enabled, which may have closed a partial DNS loop if your router would use Pi-hole as its upstream.
This would eliminate the two most common causes for rate limiting, leaving you to find out why your router would send excessive DNS requests at times.
Inspecting the actual queries your router has sent may reveal if blocking would be involved, or hint at stray clients still using your router for DNS.
Fortunately, your most current debug log contains the exact log lines when rate limiting has occurred:
*** [ DIAGNOSING ]: contents of /var/log/pihole
-rw-r--r-- 1 pihole pihole 86K Dec 18 09:08 /var/log/pihole/FTL.log
-----tail of FTL.log------
[2024-12-18 08:54:31.630 4911M] Rate-limiting 192.168.1.254 for at least 8 seconds
[2024-12-18 08:54:39.339 4911/T4947] Still rate-limiting 192.168.1.254 as it made additional 2850 queries
[2024-12-18 08:55:39.401 4911/T4947] Ending rate-limitation of 192.168.1.254
This allows us to take a closer look at the DNS requests that your router has send in the prior 60 seconds.
Run from your Pi-hole machine, please share output of:
pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, reply_type, count(*) FROM queries \
WHERE timestamp > strftime('%s','2024-12-18 08:54:31.630', '-1 minute', 'utc') \
AND timestamp <= strftime('%s','2024-12-18 08:54:31.630', 'utc') \
AND client = '192.168.1.254' GROUP BY domain, reply_type ORDER BY 3 DESC LIMIT 10;"