DNS Resolution Very Slow

Please follow the below template, it will help us to help you!

Environment:

Standard pihole installation on a raspberrypi + unbound solution for using local DNS.

Expected Behaviour:

DNS performance is not a consideration for network performance.

Actual Behaviour:

DNS resolution is typically very slow at times taking upwards of 5-10 seconds to load any webpage. Not even brand new sites I've never been to before, but ones I visit all the time like youtube for example. I know that going to a domain for the first time will be slower before it gets cached, but even then I would expect it to take under 1 second or thereabouts. I'm not exactly sure what's causing this... I did do some searching and found topics like this:

But I don't really know myself if their reason for the issue is caused by the same thing as there could be any number of issues.

Debug Token:

https://tricorder.pi-hole.net/9BsAPIxy/

Perhaps unrelated, but your debug log shows your router to distribute itself as DNS server via DHCP:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 300 bytes from eth0:192.168.1.1
     Offered IP address: 192.168.1.25
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.1.25
      dns-server: 192.168.1.1
      router: 192.168.1.1
      --- end of options ---

In order to to filter your DNS requests, Pi-hole has to be the sole DNS server for your network.

Let's see some related stats for the last week:

a.Total number of queries:

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(*) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days');"

b. Number of queries with long reply times over a second:

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(*) FROM queries \
WHERE reply_time > 1 AND timestamp > strftime('%s','now','-7 days');"

c. Top 10 most frequently requested domains with long reply times:

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(domain), domain, round(avg(reply_time),2) FROM queries \
WHERE reply_time > 1 AND timestamp > strftime('%s','now','-7 days') \
GROUP BY domain ORDER BY 1 DESC LIMIT 10;"

Hi thanks for the reply, here's what I'm seeing:

351282

6840

49|login.live.com|2.61
47|www.google.com|5.81
45|accounts.google.com|7.54
37|www.youtube.com|10.11
36|signaler-pa.clients6.google.com|7.22
36|mail.google.com|3.61
34|calendar.google.com|5.05
32|fonts.googleapis.com|3.34
30|spclient.wg.spotify.com|7.45
29|i.ytimg.com|4.03

That makes sense, I thought that's what I had configured but technically all I did was set my pi as the dns server with its static ip. Would I need to also enable this? (Asuswrt)

or is it something else?

I can't really comment on any router screenshots.

Your screenshot seems to show some WAN related settings, which usually control your router's upstream DNS server.
Commonly, the local DNS servers that your router tells its clients to use would be a LAN/DHCP kind of settings.

You should consult your router's documentation and support for its DNS configuration details.

As for your numbers:
6,840 out of ~350,000 is almost 2%, i.e. about one out of 50 DNS resolutions takes longer than a second. Compared with my own 0.1%, that seems a rather large percentage, and it is also seems to affect domains across the board, including your most popular websites.

How fast is your Internet uplink?
How is your Pi-hole host machine connected to your router?
And what's the overall average reply time for the last week?

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(*), round(avg(reply_time*1000),1) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days');"

Oh I got it, would be this:
image

After disabling above:
image

So should be good on that now.

100% agreed, and when it starts to slow down, it's VERY noticeable and tends to last for a little while.

I'm on direct-to-home fiber, 1Gbps up and down. I can also say I've never experienced these kinds of issues before adding my pihole to my network.

Ethernet to the router's 1st port.

352545|174.1

THis one escaped my attention, apologies for the late reply.

Then I'd expect much faster average reply times than those ~174ms.

In the meantime, did reconfiguring your DHCP server to distribute only your Pi-hole machine's IP change anything about your observation?

If not, could you provide a fresh debug token?

Coincidentally, it just happened which prompted me to check this thread for a reply. Here's a new debug:
https://tricorder.pi-hole.net/wISxfNpJ/

Your current debug log looks normal, and it shows you've succeeded in removing your router from the list of local DNS servers:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 300 bytes from eth0:192.168.1.1
     Offered IP address: 192.168.1.25
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.1.25
      router: 192.168.1.1
      --- end of options ---

As your issue seems to be genuinely longer reply times, this would usually suggest an issue with upstream connectivity.

In your case, your Pi-hole's upstream is unbound hosted on the same machine as Pi-hole.

As a recursive resolver, unbound sure takes a bit more time to initially walk the full recursion through all authoritative DNS servers involved with a given domain before it could cache the result for as long as TTL allows, but that should not result in ~174ms average reply times (I get ~40ms weekly averages with unbound).

To eliminate recursion from contributing to your observation, you could remove unbound as Pi-hole's upstream DNS server and switch to a public one, to see if that makes any difference.

138358|31.9

^results of overall average reply time query for the past 2 days since switching to cloudflare public DNS on my pihole's settings.

Number of queries that took longer than 1 second over the past 2 days is 623 out of 138,190 (less than half of a percent)

I haven't experienced any periods where I noticed a site took ages to load over the past 2 days.