Hi all,
I wonder if you could help.
I have two pihole servers at work, and for some reason I get this on the primary server
and this on the secondary server
There should not be any gaps in requests. Our business is a 24/7 business, so there will be requests over a 24-hour period.
Primary Server log
https://tricorder.pi-hole.net/yY2RYUUS/
Secondary server log
https://tricorder.pi-hole.net/2hXjPjN3/
I don't see any gaps in your graphs?
All time slots do show client activity on at least one of your Pi-holes.
If there really were time slots without any client activity, then that could indicate that your Pi-holes are being by-passed.
Your debug logs don't show any IPv6 RAs, but they do show that your network has link-local IPv6 connectivity.
If your router's DHCPv6 server would offer your router's IPv6 as local DNS server, then IPv6 capable clients would be able to use your router's IPv6 to by-pass Pi-hole.
In addition, your debug logs show your Pi-hole machines to run on .177 in both of your subnets.
But both your Pi-hole host OSs are using local DNS servers that aren't Pi-hole, as distributed by your DHCP server:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 6 seconds)
Scanning all your interfaces for DHCP servers and IPv6 routers
* Received 299 bytes from 192.168.16.1 @ eth0
Offered IP address: 192.168.16.155
DHCP options:
Message type: DHCPOFFER (2)
dns-server: 10.2.7.50
dns-server: 192.168.16.66
Those DNS servers seem to forward DNS queries to your Pi-holes.
Are those DNS servers perhaps aware of additional DNS servers besides your Pi-holes?
Unless you have specifically configured a server order, there is no primary server.
When a client has multiple DNS servers available, it is free to use any of them at any time. Instead of primary and secondary, think of them as this DNS server and this other DNS server.
Sorry guys I forgot to mention that we have two Domain Controllers, 10.2.7.50 and 192.168.16.66 and they both run DNS service for our company devices and even remote offices and VPN users. Everybody is using those two DNS IPs. The 10.2.7.177 and 192.168.16.177 are the first two DNS servers set as forwarders hence you can only see requests from those two DC IPs.
All clients will have the DC01 DNS IP 10.2.7.50 as the first DNS and DC02 DNS IP 192.168.16.66 as the second DNS.
On DC01:
On DC02:
Clients will make a request to DC01 or DC02 but naturally DC01 will receive more requests, followed by pihole01
For example this my home pihole (and I also have two pihole servers at home, but with not as many requests)
We don't use DHCPv6. All requests are going through the above DCs. The IPv6 connectivity is not supposed to be enabled on pihole01. When I upgraded pihole v5 to v6, something went wrong so I just built a new Ubuntu server VM and installed pihole v6 from scratch.
The reason I say gaps is because I'd expect a continuous flow of requests, and no dips.
You can see that the second pihole spikes kind off (but not quite) correspond to the first pihole's dips.
and this is a combined image
So even if all client devices switched to the second DNS (DC02) periodically, I'd expect the second graph to fill the gaps but this is not the case if you look at the combined graph.
Yes the requests are still made, but why so little when compared to other times, like every 80 minutes or so, it's regular.
Please note that this was behaving in the same way when I was running pihole v5.
The only thing I noticed yesterday was this
I knew how to increase this in v5 but not sure about v6. Although, increasing in v5 didn't help.
Could the reason I'm seeing those gaps be because I have more than just those two Pi-hole servers listed under DNS forwarders on both domain controllers? I've not checked the logs in DCs yet.
You should consider removing those public DNS entries, as they would allow your DCs to switch to those public upstreams at their own discretion.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
