Every 2 minutes 0.debian.pool.ntp.org queries by both Raspberry Pi's in my network

deHakkelaar · June 14, 2022, 11:47pm

For Pi-OS/Raspbian, the default network manager is called dhcpcd and is responsible for what ends up in resolv.conf.
If the host is configured to acquire IP details automatically via DHCP, dhcpcd will configure the nameserver(s) in resolv.conf that are advertised via DHCP.
You can see/check those if run below (10.0.0.2 & 10.0.0.4 are both running Pi-hole):

pi@ph5b:~ $ pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
[..]
   dns-server: 10.0.0.2
   dns-server: 10.0.0.4

If instead have configured static IP details on the host like below:

pi@ph5b:~ $ tail /etc/dhcpcd.conf
[..]
interface eth0
  static ip_address=10.0.0.4/24
  static routers=10.0.0.1
  static domain_name=home.dehakkelaar.nl
  static domain_name_servers=10.0.0.1

The domain_name_servers= values will end up in resolv.conf.

In addition to that, if IPv6 is supported and enabled on your router for your LAN , clients normally also receive DNS server(s) via IPv6 router advertisement(RA).
So make sure your router is advertising Pi-hole's IPv6 ULA address for DNS!

Am not that familiar with diagnosing IPv6 RA DNS because I dont have IPv6 enabled on my LAN.
But you could check on clients what DNS server IP's are configured.
Below some hints:

tomislief · June 15, 2022, 9:59am

I have as well configured static DNS addresses in /etc/dhcpcd.conf, these are visible too in resolv.conf.

Interestingly I got an error, I am not sure if it matters:

pi@PiHole:~ $ pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
Timeout: 10 seconds

WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
* Received 300 bytes from eth0:192.168.1.150
  Offered IP address: 192.168.1.98
  Server IP address: 192.168.1.150
  Relay-agent IP address: N/A
  BOOTP server: (empty)
  BOOTP file: (empty)
  DHCP options:
   Message type: DHCPOFFER (2)
   server-identifier: 192.168.1.150
   lease-time: 86400 ( 1d )
   renewal-time: 43200 ( 12h )
   rebinding-time: 75600 ( 21h )
   netmask: 255.255.255.0
   broadcast: 192.168.1.255
   dns-server: 192.168.1.150
   domain-name: "lan"
   router: 192.168.1.1
   --- end of options ---

DHCP packets received on interface wlan0: 0
DHCP packets received on interface lo: 0
DHCP packets received on interface eth0: 1

As far as I understand things right now, my Vodafone Station is pushing the vodafone DNS through RA. I cannot change this.
On my Asus router I have enabled IPv6 passthrough and disabled automatic DNS server connection. Instead I have configured the local ´fe80´ IPv6 pihole address. This last one is not being picked up.

I will disable IPv6 for some time and assess if there are strong enough reasons to enable it again like e.g. performance.

Many thanks for your help @deHakkelaar !

low_rider · July 6, 2022, 3:29am

Non-technical advice, I recommwnd picking a debian pool out of the four, and blacklist the other three. I assume there are four for extra network use, debian forums probably knows. zI allow pool 0 for the ntp and packages.

deHakkelaar · July 6, 2022, 12:03pm

Any reason why you would do that?

You dont have to blacklist anything if you configure below file to use only one of the pool names:

deHakkelaar:

pi@ph5b:~ $ cat /etc/systemd/timesyncd.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See timesyncd.conf(5) for details.

[Time]
#NTP=
#FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

low_rider · July 11, 2022, 8:25pm

Hey that's cool!

deHakkelaar · July 12, 2022, 6:31pm

Why?

pi@ph5b:~ $ date; dig +short a 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org | sort -n
Tue 12 Jul 20:29:28 CEST 2022
5.135.158.34
5.39.184.5
5.79.108.34
45.85.15.40
46.243.26.34
81.169.204.140
83.137.149.135
94.198.159.15
95.85.21.89
149.210.142.45
158.69.20.38
162.159.200.1
164.92.216.152
185.224.145.68
185.35.202.197
213.109.127.82

pi@ph5b:~ $ date; dig +short a 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org | sort -n
Tue 12 Jul 20:30:21 CEST 2022
23.94.217.117
46.249.42.12
78.142.193.131
78.47.93.191
83.137.149.135
93.94.224.67
93.94.224.67
95.81.173.74
162.159.200.123
178.215.228.24
178.62.16.103
185.51.192.34
188.165.11.86
193.182.111.143
213.136.0.252
213.239.154.12

EDIT: To make matters even worse, it appears only one pool holds IPv6 addresses for if you have IPv6 support upstream from your ISP:

pi@ph5b:~ $ date; dig +short aaaa 2.debian.pool.ntp.org
Tue 12 Jul 21:00:26 CEST 2022
2603:c022:c003:c900::4
2a03:10c3:480::123
2a01:1b1:1::36
2606:4700:f1::1

Vs:

pi@ph5b:~ $ date; dig +short aaaa 0.debian.pool.ntp.org
Tue 12 Jul 21:00:16 CEST 2022

So if exlude that one, you wont have the benefits of syncing over IPv6 also.

system · August 2, 2022, 6:31pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.