I've set up cloudflared to use DoH and verified that works great. In pihole, I've configured a single custom DNS server at 127.0.0.1#5053, all typical. In the pihole-FTL.log, TWO DNS servers are listed when only one should be there. Here is the log snippet:
[2022-10-18 14:43:12.027 484M] Imported 0 alias-clients
[2022-10-18 14:43:12.027 484M] Database successfully initialized
[2022-10-18 14:43:12.154 484M] New upstream server: 127.0.0.1:5053 (0/1024)
[2022-10-18 14:43:12.156 484M] New upstream server: 1.1.1.1:53 (1/1024)
[2022-10-18 14:43:12.163 484M] Imported 762 queries from the long-term database
I noticed this happening after I had selected Cloudflare in the settings GUI screen. I unchecked it and when the settings come up in the GUI, only the custom localhost is listed.
In /etc/dnsmasq.d, there is only 01-pihole.conf for DNS configuration and it only lists the server shown in the GUI (file pasted below). That is, there is no 02-pihole.conf.
Where is the second upstream server configuration coming from that pihole is using?
What upstream server does the query log or the query history webpage show? Are any queries actually going to 1.1.1.1? Did you have 1.1.1.1 as an upstream in the past?
The section you have quoted is the section that lists what is being imported from the long term database. Any query in the long term database that used 1.1.1.1 would cause a "New Upstream server" to be logged.
The 1.1.1.1 is in the history since it was selected at one point in time so your explanation makes sense. Would the way to fix it be to remove the long term database? Or is there a way to stop that importing from the long term database?
Thanks for the info, at least now I understand where it is coming from.
What exactly are you trying to fix? The long term database is correct - those queries were answered by 1.1.1.1, which was the upstream DNS server in effect at the time.
The query log shown on the dashboard is for the past 24 hours. After 24 hours following your upstream DNS server change, you will no longer see the older queries in the dashboard, and the pie graphs on the home page should show only localhost as your upstream DNS resolver.
On restart, the most recent 24 hours of the long term database are imported to populate the query log, so a restart won't show the old data after 24 hours.
The log would suggest to me that there is an upstream DNS server added which would suggest that new queries could be sent to it meaning it would get added again because new records would exist. If the log is just saying that upstream server existing in the past and will not be used in the future, you are correct. The fact that it is just saying it existed in the past is new information to me.
I can wait to see if restarting it later removes the log entry because the database no longer has the records.
Understood...I was just commenting that "adding upstream server" in the log can be interpreted as that being the case. My final entry notes how removing the long-term database and restarting eliminated the message.
