I've been using pi-hole for over 6 months on a raspberry pi and everything was working fine with no issues, except I couldn't see the number of clients connected.
Everything was being passed by USGPRO client
I followed this advice, saying i should change the DHCP Server on my unifi system and point it to my Pi-hole. I did this for all my 3 networks ( Guest, Default & Vip).
It worked as advertised new clients started showing up on the interface, but now i have several queries per seconds, non-stop...
How were addresses handed out before? How were your clients configured to use pi-hole for DNS?
My suspicion is that previously some of your network clients (maybe IoT devices) were NOT using pi-hole. By establishing pi-hole as your DHCP, every client on your network will use it for DNS, including things that 'call home' a lot.
You should be able to look at your top clients to see which devices and what domains are being requested.
Agreed, what's probably happening now is all the LAN and WAN traffic from your USG-Pro is going to the Pihole device, when really you probably only want your LAN traffic doing that. If you set all your DHCP settings for the LAN networks you've defined, it should accomplish this.
The USG-Pro is likely doing a lot of querying back to ui.com for various housekeeping reasons and that's probably why your query numbers went up so much. You can keep it that way and it should work, but it's a lot of noise added to your stats.
You can hover your mouse over the bars in the graph and see which clients are making the requests. You can also click the bars to see a selection of queries from that period. Don't be alarmed – your clients are doing all this DNS chatter on the network all the time, it's just that now for the first time you are able to see it. Your Pi is safe and won't overload, this is all easily handled by your Pi and Pi-hole.
So you had your USPGPRO configured to use Pi-hole as its upstream DNS server, and now you have it point its DHCP clients to use Pi-hole as local DNS server instead.
In theory, that would only change the client your Pi-hole sees from one to many, but it wouldn't change the number of DNS requests your clients are sending, and it wouldn't change the number of DNS requests that your Pi-hole is receiving - provided your USGPRO would not have cached any of those DNS records.
In practice, your USGPRO likely did cache DNS replies, and that alone may explain a surge in numbers.
By chance, your debug log contains a signature series of DNS requests that would suggest you are running a monitoring software that targets DNS, quite probably netdata:
*** [ DIAGNOSING ]: Pi-hole log
-rw-r----- 1 pihole pihole 35M May 10 13:24 /var/log/pihole/pihole.log
-----head of pihole.log------
May 10 00:00:14 dnsmasq[1077]: config cachesize.bind is <TXT>
May 10 00:00:14 dnsmasq[1077]: config insertions.bind is <TXT>
May 10 00:00:14 dnsmasq[1077]: config evictions.bind is <TXT>
May 10 00:00:14 dnsmasq[1077]: config hits.bind is <TXT>
May 10 00:00:14 dnsmasq[1077]: config misses.bind is <TXT>
May 10 00:00:14 dnsmasq[1077]: config servers.bind is <TXT>
Certain Netdata collectors would issue those requests as often as once per second.
Your USGPRO may have cached those requests and thus shielded your Pi-hole from seeing them all.
Would those queries make up the majority of the additional queries your Pi-hole is receiving?
If not, you want to verify that you didn't close a (partial) DNS loop:
Your debug log shows have enabled Pi-hole's Conditional Forwarding.
Are you still using Pi-hole as your USGPRO's upstream server?
Also after further debugging I believe, i found what seems to be the issue however i don't know to resolve it...
After looking at the queries, I have 4 devices that excessively high queries and all within the same range. Between 55,547 and 55,563 queries.
When i went to look at the IP addresses they correspond to my 4 Unifi access points, which on my unifi Web UI appear offline, even though everything is working fine and i have WiFi in all areas
When I had the same exact problem on my UniFi network, I just went to the individual Device Settings in the UniFi configuration and set the DNS entries to 9.9.9.9. UniFi devices won't be hitting anything but unifi.com addresses anyway, I think.
Before I had my UniFi system set to use Pi-hole as a DNS server, now I've kept that setting and also added Pi-hole as the DHCP DNS Server as shown in the screenshots above.
Yes, you seem to be correct as all the new queries come from the 4 access points that currently appear offline (even though, they are working normally), and they are all pinging Unifi and unifi.localdomain.
Looking at the query log I don't think net data is the issue
From the info I could gather, it seems my access points, are not able to ping my USG PRO.
Thus why they appear offline and keep querying Unifi non stop ?
What I do on my Unifi setup is point all the Unifi devices, which use a static IP, to use my UDM-Pro (or in your case, the USG-Pro). To do that:
Go to Devices//Settings then scroll down to the Network section. Under IP Configuration/Static IP, enter the IP of your USG-Pro.
Then go back to your Internet connection setup under Settings/Internet and select your WAN connection. Scroll down to DNS servers and enter whatever public DNS servers you want your Unifi devices to use that aren't your Pihole.
That way the DHCP-provided DNS for your clients will be Pihole, but your Unifi devices will use the your Unifi gateway, which will use whatever public DNS you specified above.
Indeed, those look like Unifi equipment related lookups.
What is the output of:
dig unifi.localdomain
dig unifi @192.2.77.111
dig unifi @192.2.77.1
Configuring your Unifi nodes as suggested by nprampage' should take them off Pi-hole - it's worth giving that a try.
Netdata may still contribute to your observed increase in query volume.
The following statements could help in finding busy clients and/or domains from the last 24 hours:
