DNS requests are approved but client traffic not going outbound

aerie91 · August 30, 2023, 5:19pm

My setup, and recent changes:

Pi-Hole is running on an Ubuntu 22.04 machine which has a Ryzen 2700X CPU, and which also happens to host my Plex server and various other server apps for other devices on my LAN. I recently upgraded my internet connection to 2gb, and to take full advantage of it, I added a new 2.5gbe NIC to the Pi-Hole machine, which is assigned to interface enp35s0. Previously, it was using the motherboard's onboard NIC which is interface enp37s0. I also had to upgrade the router to support > 1 gbe connections. The new one is a Ubiquiti Dream Machine SE.

In my old router, I had configured the Pi-Hole IP address (192.168.1.18 - static thanks to a DHCP reservation) on the WAN-side DNS configuration. Clients made DNS requests to the router IP (192.168.1.1) and the router forwarded them to the Pi-Hole server. That worked fine, although from Pi-Hole's perspective all requests came from one client (the router).

In the new router, the same approach does not work for some reason, so I've configured the Pi-Hole IP on the LAN-side DNS. The router passes the Pi-Hole server IP to clients as the DNS server, and they connect directly to the Pi-Hole server as expected. Nice bonus, now I can see the client details in Pi-Hole.

The Problem:

Everything works fine for some period of time. Then suddenly, all internet-bound traffic fails, for all clients on the LAN. This happens without any configuration change on my part. All clients report no internet connection. Checking Pi-Hole, no new issues are reported and it sees the inbound DNS requests, and indicates request status "OK", yet the traffic doesn't reach the destination. Disabling blocking in Pihole does not solve the problem. If I disable Pi-Hole from the router by setting the router IP for DNS, then the problem is solved. If I add Pi-Hole back to the router with the same configuration, it works again, for some hours until the cycle repeats. I tried switching to a different router but the problem was the same.

Help requested:

I need help to figure out why the problem happens, and how to fix it. Since several things changed at once on my network, it's been difficult for me to pinpoint the root cause.

Debug Token:

https://tricorder.pi-hole.net/yTq6x5CG/
Note: The problem was not happening at the time the log was captured. If helpful, I can wait for the problem to happen again and capture another log.

aerie91 · August 30, 2023, 5:26pm

I should mention that I've been seeing this message in Tools -> Pi-Hole Diagnosis:

Warning in dnsmasq core:

using interface enp37s0 instead

I don't know if it's related to the problem, as it appears even when things are working fine. There is no ethernet cable connected to that interface.

Bucking_Horn · August 31, 2023, 3:59pm

According to your debug log, that's not how your router is configured - it is handing out its own IP as DNS server:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 304 bytes from enp35s0:192.168.1.1
     Offered IP address: 192.168.1.18
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.1.1
      router: 192.168.1.1
      --- end of options ---

That would probably imply that you've set your router to use Pi-hole as upstream, and in that configuration, enabling Pi-hole's Conditional Forwarding would close a partial DNS loop, which in turn could temporarily affect Pi-hole's DNS services when triggered.
However, that would only be for a very short interval, until Pi-hole's rate limiting or max concurrency warning would kick in.

Both of those messages would get logged in Pi-hole's diagnosis section - those messages are absent from your debug log, though.

Note that the message table may have been flushed by a Pi-hole restart, so you may want to watch Pi-hole diagnosis when your issue reoccurs.

aerie91 · August 31, 2023, 10:11pm

Thank you, I probably caused that confusion because at the time I captured the log, I had disabled pihole by setting the router IP as DNS, since I couldn't afford to have the problem occur again during the work day. I've since re-enabled it and it's been working fine since last night. If/when it happens again, I'll capture the log before disabling it. Hopefully that will shed some light on the issue. Thank you!

aerie91 · September 11, 2023, 3:16pm

The problem happened today after the machine running Pi-hole was rebooted. After the server was back up, all clients started reporting no internet connection. I captured the Pi-hole log but it could not be uploaded automatically as even the server could not connect to internet. I disabled Pi-hole by changing the DNS server on the router back to default, and all devices are back up and running (after release/renew IP). I then re-enabled Pi-hole by setting the Pi-Hole as DNS server on the router, and it still works fine.

Trying to upload the log manually to tricorder.pi-hole.net but after login I just get a blank page. Anyone know how to manually upload it?

Bucking_Horn · September 11, 2023, 9:05pm

A local copy of the most recent debug log run can be found at /var/log/pihole/pihole_debug.log.

You may upload that manually by running:

cat /var/log/pihole/pihole_debug.log | pihole tricorder

and share the token afterwards.

aerie91 · September 11, 2023, 10:47pm

Thank you! Here it is: https://tricorder.pi-hole.net/n2XLcWQq/

system · October 2, 2023, 10:48pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.