Getting REFUSED on DNS queries

thebogeyman · November 10, 2023, 8:05pm

Pi-hole running on R-Pi 5, acting as both DNS server & DHCP server on my network (home/office setup).
It's been running fine since I set it all up. Raspberry Pi has been up for almost 4 days (3 days, 17:01).

Then, suddenly this morning, all my local browser instances start telling me I'm not connect.

Some quick attempts to dig keep returning REFUSED.

# dig facebook.com

; <<>> DiG 9.10.6 <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31880
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 17 ("..")
;; QUESTION SECTION:
;facebook.com.			IN	A

;; Query time: 1 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Fri Nov 10 10:52:40 PST 2023
;; MSG SIZE  rcvd: 47

I didn't have a lot of time to troubleshoot, so I tried restarting the DNS server/resolver - sudo pihole restartdns.

Now everything is working again.

Suggestions as to what steps to take to ensure this doesn't happen again?

Forgot to add log: generated log

chrislph · November 10, 2023, 11:15pm

The Pi-hole is at 192.168.1.3 with the gateway set to 192.168.1.1. Both of these addresses are running a DHCP server and both appear to have the same hostnames and settings. I'm not sure if these are two devices or a single device with some wider config than the log shows.

The error log is warning that the chosen DHCP hostname for the lease of the Pi-hole at .3 is in conflict with the already configured hostname for the Pi-hole.

Since the lease time is 24 hours I suspect it's working if one DHCP server responds and breaks if the other responds. How exactly is this all set up? Is the Pi-hole trying to be a DHCP client of itself? There should just be a single DHCP server.

thebogeyman · November 11, 2023, 12:01am

Interesting.
I missed that.
As you might expect, 192.168.1.1 is the address of my main router. The 192.168.1.3 is the address of the Pi-Hole.
I have turned off both DNS & DHCP on my router, and pointed both to the Pi-Hole address. At least I thought I had. Checking that now...

thebogeyman · November 11, 2023, 1:30am

Did some further checking.
Looks like my Pi-hole is set as both DHCP & DNS:

# ipconfig getpacket en0
op = BOOTREPLY
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 0x4552ce6b
secs = 0
ciaddr = 192.168.1.87
yiaddr = 192.168.1.87
siaddr = 192.168.1.3
giaddr = 0.0.0.0
chaddr = 5c:e9:1e:8d:2f:f6
sname =
file =
options:
Options count is 11
dhcp_message_type (uint8): ACK 0x5
server_identifier (ip): 192.168.1.3
lease_time (uint32): 0x15180
renewal_t1_time_value (uint32): 0x9b8b
rebinding_t2_time_value (uint32): 0x11a1b
subnet_mask (ip): 255.255.255.0
broadcast_address (ip): 192.168.1.255
domain_name_server (ip_mult): {192.168.1.3}
domain_name (string): local
router (ip_mult): {192.168.1.1}
end (none):

And for IPv6:

# ipconfig getv6packet en0
DHCPv6 REPLY (7) Transaction ID 0x95e029 Length 68
Options[4] = {
  CLIENTID (1) Length 14: DUID LLT HW 1 Time 744219841 Addr 5c:e9:1e:8d:2f:f6
  SERVERID (2) Length 14: DUID LLT HW 1 Time 752643734 Addr d8:3a:dd:98:a5:23
  DNS_SERVERS (23) Length 16: fd60:4bab:1e5a:4875:7c4:9541:e47:4c6d
  <unknown> (32) Length 4:  Data 00 01 51 80
}

system · November 18, 2023, 1:31am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.