Please follow the below template, it will help us to help you!
Expected Behaviour:
DNS should be resolved on first try.
Actual Behaviour:
I am running pihole inside a container with Unbound as my resolver. Pihole takes a long time to resolve the first DNS request to the point where browsing experience is better without pihole. Subsequent requests are better.
pi@raspberrypi:~ $ dig facebook.com
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> facebook.com
;; global options: +cmd
;; connection timed out; no servers could be reached
pi@raspberrypi:~ $ dig facebook.com
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9867
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;facebook.com. IN A
;; ANSWER SECTION:
facebook.com. 287 IN A 157.240.13.35
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 10 09:41:23 +08 2019
;; MSG SIZE rcvd: 57
On my Windows Machine
C:\Users\User>tracert facebook.com
Tracing route to facebook.com [157.240.13.35]
over a maximum of 30 hops:
1 1 ms 1 ms 5 ms 192.168.1.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * 4 ms 4 ms IP_ADDRESS_REMOVED.unknown.m1.com.sg [IP_ADDRESS_REMOVED]<- This is my ISP
5 6 ms 4 ms 4 ms IP_ADDRESS_REMOVED.unknown.m1.com.sg [IP_ADDRESS_REMOVED]<- This is my ISP
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 5 ms 5 ms 5 ms po744.psw03.sin6.tfbnw.net [129.134.43.99]
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 93 ms 5 ms 5 ms edge-star-mini-shv-02-sin6.facebook.com [157.240.13.35]
Trace complete.
I have tried a "hack" which is to increase dns cache size and ttl so that dns lookup will be faster. but not a lot anyway.
I am running OpenWRT as my DHCP on my router and I can provide more info if needed. Thanks for any help provided!
*** [ DIAGNOSING ]: Ports in use
[*:53] is in use by pihole-FTL
[*:53] is in use by pihole-FTL
[127.0.0.1:4711] is in use by pihole-FTL
[[::1]:4711] is in use by pihole-FTL
There is no Unbound resolver listening as you have configured setupVars.conf:
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] www.fiestasypinatas.net is 0.0.0.0 via localhost (127.0.0.1)
[✓] www.fiestasypinatas.net is 0.0.0.0 via Pi-hole (192.168.1.138)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (8.8.8.8)
/etc/dnsmasq.d/01-pihole.conf has some misconfigurations as well:
Please check /var/log/pihole.log to see if there are explanations for the delays you see (or if just no response comes back). You can also enable logging in unbound to see what it is doing and why things are taking as long as they do. It is normal that initial lookups are slower as unbound first has to walk down from the root zone over the TLD. However, this shouldn't take more than (very) few seconds and should also not happen more than once (after restarting unbound).
yes this was intended. As per my previous comment, it was a "backup" DNS server. I have since removed the DNS entry in pihole. (PIHOLE_DNS_2=127.0.0.1#5053)
It depends on your definition of "couple of times". I just did this 500 times to 8.8.8.8 and always received a reply (query time is about 15msec for me).
Someoe* (or rather something**) seems to be rate-limiting your Internet connection.
This explains why you have more issues with unbound as it has to do many more requests when walking the entire DNS path compared to a single request you send out to some external recursive DNS resolving service such as Google's DNS.
*) Maybe your Internet service provider (ISP)?
**) Maybe even your router?
probably my router since I doubt my ISP throttle my network. thanks for your help. Could be my router 2 having issues since if i were to directly connect to router 1, there is no problems at all.(Yes I took CCNA in 2016 but I didn't went for certification )
Why is your Pi-Hole on the router for untrusted devices? Have you tried connecting it to Router 1? With your routers in this configuration, are you double-NAT'd?