Internet Disconnecting After a Few Hours

Expected Behaviour:

I have a pihole installed on a RPi4 2 gb, connected to my Netgear Orbi using ethernet. The expectation is that the pihole will block ads without impeding other internet traffic.

Actual Behaviour:

After a few hours, the internet becomes completely unavailable. The only resolution I've found is to reset the DNS settings on the router, then put them back.

Debug Token:

With default DNS: https://tricorder.pi-hole.net/tpconjv1ty
With pihole as DNS: https://tricorder.pi-hole.net/rrbo2p6650

Let's take a look at the activity the Pi-hole is seeing. Please post the outputs of the following commands from the Pi terminal:

echo ">stats >quit" | nc localhost 4711

echo ">top-clients >quit" | nc localhost 4711

echo ">top-domains >quit" | nc localhost 4711

echo ">top-ads >quit" | nc localhost 4711

echo ">stats >quit" | nc localhost 4711

domains_being_blocked 82465
dns_queries_today 202224
ads_blocked_today 47214
ads_percentage_today 23.347378
unique_domains 4087
queries_forwarded 144808
queries_cached 10201
clients_ever_seen 31
unique_clients 31
dns_queries_all_types 202224
reply_NODATA 2455
reply_NXDOMAIN 579
reply_CNAME 3720
reply_IP 11133
privacy_level 0
status enabled

echo ">top-clients >quit" | nc localhost 4711

0 180877 192.168.1.1
1 7001 192.168.1.206 desktop-h0ec2vm.lan
2 5401 192.168.1.237 jakedesktop.lan
3 3671 192.168.1.223
4 1093 192.168.1.203 office.lan
5 905 192.168.1.242 jakedesktop.lan
6 539 192.168.1.207 google-nest-hub-max.lan
7 313 192.168.1.253 google-nest-mini.lan
8 310 192.168.1.221 google-nest-hub.lan
9 293 192.168.1.226 lgwebostv.lan

echo ">top-domains >quit" | nc localhost 4711

0 21697 connectivitycheck.gstatic.com
1 17354 www.gstatic.com
2 8930 www.google.com
3 3861 www.youtube.com
4 3266 clients4.google.com
5 3194 mtalk.google.com
6 2849 play.googleapis.com
7 2402 clients3.google.com
8 2193 ssl.gstatic.com
9 1999 lh3.googleusercontent.com

echo ">top-ads >quit" | nc localhost 4711

0 15171 secure-dcr.imrworldwide.com
1 12685 secure-drm.imrworldwide.com
2 3009 mobile.pipe.aria.microsoft.com
3 1372 www.google-analytics.com
4 919 telemetry.dropbox.com
5 852 mobile-collector.newrelic.com
6 754 app-measurement.com
7 753 log.go.com
8 717 ssl.google-analytics.com
9 652 cdn.optimizely.com

You do have a bit of a busy Pi-hole, but nothing that should cause memory or other problems. When your internet stops again, please run the following commands from the command prompt or terminal of a connected client (and not from the Pi terminal):

nslookup pi.hole

nslookup flurry.com 192.168.1.42

So just from my desktop, rather than from the SSH client?

Yes, from the desktop on a client (not the Pi desktop, if you have one) and not via ssh session to the Pi terminal. You want to run these commands directly on the client OS.

I don't want to leave this hanging, but it seems to have gone away? There hasn't been an outage since the last message, which seems strange, but there it is. I'm certainly worried that this will return, but at the moment there's no issue.

Well, it just happened again. I unfortunately didn't have this tab open, but will reconfigure the DNS settings back to the pihole after class and try again.

A couple of things can stop/crash pihole-FTL:

  1. On Raspberry Pi's, under-voltage can ocure:
    503 Service Not Available

  2. Running out of memory.
    Maybe bc dbase grows too large bc of DNS loop or other excessive querying:
    DNS not running, FTL down

  3. Filesystem errors:
    Pihole intermittently stops resolving until hardware reboot

Or maybe a power saver if connected via WiFi:

And I'm probably missing a few others :wink:

Ok! It just happened again. Results as below:

C:\Users\jbrat>nslookup pi.hole
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.42

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\jbrat>nslookup flurry.com 192.168.1.42
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.42

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    flurry.com
Address:  0.0.0.0

@jfb any thoughts?

No. Appears to be an intermittent stall of some sort. The first nslookup completely timed out, but the second one correctly provided the answer to the query.

I would run pihole -r and select repair. May not fix it, but can't hurt anything either.

Well, it didn't help anything, but it doesn't seem to have hurt! Is there anything else I can try, or am I SOL?

I see you have very active clients, like

Is this your router? If so, why does it query > 180.000 domains in 24 hours? Is there a DNS loop? Your device may be stale when trying to store this massive amount of queries onto your SD card if it is slow.

Oh dang! Yeah, I had no idea what that meant! How do I resolve that?

Well, depends on your router and what you see. When you navigate to your dashboard -> Query Log, I assume the vast majority of queries comes from your router. What is the domain they query?

And how did you configure the Pi-hole in your router? Did you use the router then again as upstream destination in Pi-hole?

I'm not seeing any identifiable pattern, although I don't understand why there are so many background queries. They're not coming from my router though - I've got the pi-hole passing out ip's, so most of the traffic I'm seeing comes from my computers, with a few queries from my smart home devices.

edit: Ok, the largest number is coming from an LG device, but not my TV. To the best of my knowledge, there are only 3 LG devices in the house, which means either the laundry machine or dryer is putting out a ton of queries (750,000)

edit 2: More the fool I: That LG device is actually my phone.

Sorted by number of queries:

The early time-outs you see in your nslookup may indeed indicate a DNS loop, limited to local lookups.
Both nslookup prompt time-outs when trying to resolve local names (pi-hole) or IP addresses (192.168.1.42).

This may be the case when you enable Conditional Fowarding (CF) while having your router use Pi-hole as least as one of its upstream DNS servers.

Try if either disabling CF in Pi-hole or avoiding Pi-hole as upstream DNS in your router would resolve your issue.

I'm sorry @Bucking_Horn but I'm a complete novice. How would I do that?

If you don't know that, you may well not be using those features, ruining my theory for fixing your issue altogether. :wink:

You'll find Conditional Fowarding to the very bottom of Pi-hole's Settings | DNS pane.

As to how and whether you'd configure your router to use Pi-hole as upstream DNS:
I honestly wouldn't (and couldn't) have a clue, since I do not know your router.

In general, a router may allow you to either configure upstream DNS (commonly, a WAN or Internet setting) or local DNS servers (a LAN / DHCP setting).

If you can configure Pi-hole as the latter, there would be less or no need to configure it as the former.