Every night, are around 23h00 every DNS query causes the following error in the log file and no DNS result is returned:
May 29 23:05:27 dnsmasq[7338]: config error is REFUSED
Restarting the dns service resolves the issue until the same or similar time that night. (pihole restartdns)
I tried enabling FTP debug logging and disabling the new throttling feature per some other related threads, but saw no clues (other than filling up my disk with log files)
I don't know if it's coincidence that its always towards the end of the the day every day, but it is strangely regular.
Not sure of why I might be rate limited. I don't have an OpenDNS account. Are you suggesting I should try a different provider and see if the issue persists?
What else is happening on the Pi or in your network around 2300 daily? Look in /var/log/syslog.1 for yesterday's entries and see what shows around 2300. Any cron scripts running, etc?
So most likely one of your clients is misbehaving at around that time causing the upstream OpenDNS to refuse.
Inspect the Pi-hole logs whats being queried around that time and who is querying that might cause this (when have OpenDNS upstream):
zgrep -E 'May 30 (22|23)' /var/log/pihole.log* | less
Adjust date and the "22" & "23" PM hour above to refine your search.
I figured the same, but according to the Pihole dashboard my queries are spread evenly across the day (with natural dips at night due to lower activity).
However, you have pointed me in the right direction. I have another issue that I need advice to solve. I've posted it here 47388
I'm getting a lot of "not found: 3 (NXDOMAIN)" errors. Which I'm guessing could result in the rate limiting?
Can you confirm that tftp-server line? The email notification I received shows:
tftp-server: "192.168.1.20%{email_content}"
ntp-server: 192.168.1.4
router: 192.168.1.1
--- end of options ---
That would be a misconfigured tftp-server line and that % is right where the debug upload broke. I've seen other uploads break in similar ways and they all had illegal characters as the cause.
Are you using the built-in TFTP server that comes with dnsmasq|pihole-FTL?
Edit: And I'm not sure, but I don't think spaces work well in dhcp-option lines, like the smartdns line. I don't know if these changes will help with the REFUSED issue but they will help us rule things out.
Changing to the Cloudflare DNS was a red herring as it's still happening. We've had rolling blackouts here in South Africa so the timing of the REFUSED entries has varied. This really seems like it's some sort of rate limiting but I can't find a pattern as to what.
I combed the logs around the time I see the REFUSED responses start to show up but nothing out of the ordinary.
We're also now getting a clean TFTP server entry in the DHCP response:
Add below line at the bottom to schedule every minute:
* * * * * /root/pi-hole-watchdog.sh
And save/exit.
Consequences are that a considerable amount of queries will be logged in the dbase plus Pi-hole will be restarted every minute if for whatever reason the dig command cant resolve that DOMAIN.
EDIT: my initial attempt failed running inside cron.
Have tested the changes I made.