I use DNSquerySniffer (on windows), here, to get info about the queries made by the system.
Lately, I get a lot of strange entries, looking like this (just an example, multiple queries for different domains show the same behaviour):
The matching pihole query log entries:
what could be the reason for this, can it be avoided?
debug token is: https://tricorder.pi-hole.net/CqMf9w4T/
can it be avoided?
The application making them should be fixed.
Looking at your first screenshot (I have never used this software myself), it appears that the first A e14.whatsapp.net query has been made at millisecond 190, the next at 218. There have been only 28 milliseconds in between and your unbound may simply not have been quick enough to reply. The reply then arrived at 218+21 = 239 so 49 msec after the initial attempt. Not bad at all I'd say when this wasn't in unbounds cache.
I see four possibilities (roughly sorted from worse to best):
use-stale-cache (details here), and/or,unbound is pre-fetching these queries, and/orunbound issue, orI assume this is basically the same unbound + redis does, origininal topic here. Have been using that solution for a long time, without any negative experiences.
Except, apparently,
You may need to debug your particular configuration. In comparison, the cache in pihole-FTL would be able to reply within sub-milliseconds.
again, just an observation:
resolver is kresd in this case (server=/discourse-cdn.pi-hole.net/127.10.10.5#5555)
probably the only option ...
Have you tuned your operating system to use extremely small DNS timeouts or does it even lack its own DNS caching? That seems to be the only option (well, besides a bug, of course) for these observations.
Windows 10 x64 22H2 without any DNS cache modifications (default). DNS client service is up and running.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
