-operating system: Raspberry Pi OS Lite
-hardware:Raspberry Pi 4 Model B
If a new device connects to the network via WiFi, that device will begin sending hundreds of queries. Almost all sent queries will receive reply "N/A" while some will receive reply "SERVFAIL". Due to the amount of queries sent, all other devices on the network will experience extremely slow network speeds or will be unable to connect to the internet at all.
I am able to consistently get these results by terminating the DHCP Lease for a given device. Ethernet enabled devices are able to reconnect to the network without issue, WiFi enabled devices will always crash the network.
What could possibly be causing this?
Your router is the DHCP server. I don't think this is a Pi-hole issue, you're just able to see it because Pi-hole is showing DNS queries. To be sure, what kind of devices are doing this and what queries are you seeing? Can you give examples?
What do these commands give you, run on the Pi-hole in the terminal?
echo ">stats >quit" | nc 127.0.0.1 4711
echo ">querytypes >quit" | nc 127.0.0.1 4711
Note that your Pi OS is using Pi-hole (itself) for DNS. This is configured in /etc/resolv.conf. It is better to use something other than itself, to help avoid a situation where Pi-hole blocks something the OS needs, or Pi-hole stops working, and then the OS cannot resolve anything to fix it. Kind of a chicken and egg situation. Change this by editing that file and entering an external nameserver, for example Cloudflare's.
sudo nano /etc/resolv.conf
Change the IP address to, eg, 1.1.1.1 and save the file with Ctrl-o and quit with Ctrl-x.
Now the Pi OS will use Cloudflare and will be able to resolve domains even if Pi-hole stops working or is blocking something the OS needs.
I'm pretty sure this is a Pi-Hole issue, or at least how my router is interacting with it, because this only happens when the Pi-Hole is set as the DNS.
I'm testing this on several iPhones and 3 PCs, only one of which is connected via Ethernet. Queries are for a wide variety of sources associated with the OS of the testing devices and the websites I was trying to access, but every one that returns N/A repeats several times.
It would be unusual to mix two public with a local DNS server on the same machine.
127.0.0.1#5335 is often associated with a local unbound recursive resolver, and if you'd installed that, you would want all of your Pi-hole's allowed DNS requests to public domains to pass through it.
Furthermore, your debug log shows that there is no process listening on port 5335 at all, suggesting that unbound isn't installed or has been disabled.
As this misconfigured upstream wouldn't be limited to wifi devices, but affect all DNS requests when used, it is likely that your wifi observation is just a coincidence.
You should remove 127.0.0.1#5335 from Pi-hole's upstreams.
