Intermittent 'config error is REFUSED'

Help
24

Here's the suggested query as well as a traditional nslookup of the same name to the same target.

;; Connection to 192.168.1.60#53(192.168.1.60) for download.docker.com failed: connection refused.
root@lurker:~# nslookup download.docker.com 192.168.1.60
Server:         192.168.1.60
Address:        192.168.1.60#53

Non-authoritative answer:
download.docker.com     canonical name = d2h67oheeuigaw.cloudfront.net.
Name:   d2h67oheeuigaw.cloudfront.net
Address: 13.226.193.49
Name:   d2h67oheeuigaw.cloudfront.net
Address: 13.226.193.65
Name:   d2h67oheeuigaw.cloudfront.net
Address: 13.226.193.113
Name:   d2h67oheeuigaw.cloudfront.net
Address: 13.226.193.25

My pihole-FTL.conf now looks like this:

PRIVACYLEVEL=0
DEBUG_QUERIES=true
DEBUG_FLAGS=true

After restart, the dig command got the following output:


; <<>> DiG 9.10.3-P4-Debian <<>> +tcp download.docker.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 62022
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;download.docker.com.           IN      A

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 23 14:37:44 CDT 2020
;; MSG SIZE  rcvd: 48

The associated pihole-FTL.log entry for this query is here:

[2020-08-23 14:37:44.122 15047/F15035] **** new TCP query[A] "download.docker.com" from 127.0.0.1 (ID 16, FTL 107002, /root/project/src/dnsmasq/forward.c:1947)
[2020-08-23 14:37:44.122 15047/F15035] Resizing "/FTL-strings" from 57344 to 61440
[2020-08-23 14:37:44.122 15047/F15035] download.docker.com is not known
[2020-08-23 14:37:44.124 15047/F15035] **** got reply error is ::500:a505:dcc1:1656:0 (ID 16, /root/project/src/dnsmasq/rfc1035.c:1041)
[2020-08-23 14:37:44.124 15047/F15035]      Flags:
[2020-08-23 14:37:44.124 15047/F15035] TCP worker terminating (client disconnected)

New debug token is: https://tricorder.pi-hole.net/1r7gllaspl

I was able to go through my system and clean up the networking a little bit. trimmed out two of the 192.168.1 addresses, and pruned some docker interfaces as well. The ones that remain all relate to the bare-bones needed for docker to function, as best I can tell.