Please follow the below template, it will help us to help you!
Environment:
Standard pihole installation on a raspberrypi + unbound solution for using local DNS.
Expected Behaviour:
DNS performance is not a consideration for network performance.
Actual Behaviour:
DNS resolution is typically very slow at times taking upwards of 5-10 seconds to load any webpage. Not even brand new sites I've never been to before, but ones I visit all the time like youtube for example. I know that going to a domain for the first time will be slower before it gets cached, but even then I would expect it to take under 1 second or thereabouts. I'm not exactly sure what's causing this... I did do some searching and found topics like this:
But I don't really know myself if their reason for the issue is caused by the same thing as there could be any number of issues.
Perhaps unrelated, but your debug log shows your router to distribute itself as DNS server via DHCP:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
* Received 300 bytes from eth0:192.168.1.1
Offered IP address: 192.168.1.25
DHCP options:
Message type: DHCPOFFER (2)
dns-server: 192.168.1.25
dns-server: 192.168.1.1
router: 192.168.1.1
--- end of options ---
In order to to filter your DNS requests, Pi-hole has to be the sole DNS server for your network.
Let's see some related stats for the last week:
a.Total number of queries:
pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(*) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days');"
b. Number of queries with long reply times over a second:
pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(*) FROM queries \
WHERE reply_time > 1 AND timestamp > strftime('%s','now','-7 days');"
c. Top 10 most frequently requested domains with long reply times:
pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(domain), domain, round(avg(reply_time),2) FROM queries \
WHERE reply_time > 1 AND timestamp > strftime('%s','now','-7 days') \
GROUP BY domain ORDER BY 1 DESC LIMIT 10;"
That makes sense, I thought that's what I had configured but technically all I did was set my pi as the dns server with its static ip. Would I need to also enable this? (Asuswrt)
Your screenshot seems to show some WAN related settings, which usually control your router's upstream DNS server.
Commonly, the local DNS servers that your router tells its clients to use would be a LAN/DHCP kind of settings.
You should consult your router's documentation and support for its DNS configuration details.
As for your numbers:
6,840 out of ~350,000 is almost 2%, i.e. about one out of 50 DNS resolutions takes longer than a second. Compared with my own 0.1%, that seems a rather large percentage, and it is also seems to affect domains across the board, including your most popular websites.
How fast is your Internet uplink?
How is your Pi-hole host machine connected to your router?
And what's the overall average reply time for the last week?
pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT count(*), round(avg(reply_time*1000),1) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days');"
Your current debug log looks normal, and it shows you've succeeded in removing your router from the list of local DNS servers:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
Scanning all your interfaces for DHCP servers
* Received 300 bytes from eth0:192.168.1.1
Offered IP address: 192.168.1.25
DHCP options:
Message type: DHCPOFFER (2)
dns-server: 192.168.1.25
router: 192.168.1.1
--- end of options ---
As your issue seems to be genuinely longer reply times, this would usually suggest an issue with upstream connectivity.
In your case, your Pi-hole's upstream is unbound hosted on the same machine as Pi-hole.
As a recursive resolver, unbound sure takes a bit more time to initially walk the full recursion through all authoritative DNS servers involved with a given domain before it could cache the result for as long as TTL allows, but that should not result in ~174ms average reply times (I get ~40ms weekly averages with unbound).
To eliminate recursion from contributing to your observation, you could remove unbound as Pi-hole's upstream DNS server and switch to a public one, to see if that makes any difference.