Hi community! I have a strange problem: Since I have added a Pi-hole to my network the clients will begin to slow down loading websites after a while and then it gets worse, to the point where almost everything fails to load. When this happens I can see in Terminal that a ping to local LAN devices like my router, a fileserver or the Pi-hole suddenly has lots of packet loss (not 100%).
This is easily fixed by disabling and re-enabling the network interface, but the problem will return. At first I thought there was a problem with my Cisco switch and I replaced it, but to no avail. Then I suspected the Mac mini’s (2014 model) internal Ethernet port. I added a Thunderbolt-to-Ethernet-Adapter and switched the LAN cable to its port.
Everything was fine then and I thought I’d found the problem. But now I added an iMac (2015) to the network and it exhibits the same strange behaviour with its internal Ethernet interface. When I remove the Pi-hole from my network and use my router for everything (as was the case before getting a Pi-hole) everything works fine.
My setup:
DrayTek Vigor 2760 VDSL-Router, Cisco SG-200 Gigabit Switch, Pi-hole (up to date) on a dedicated Raspberry 4 Model B, Mac clients (Mac mini, MacBook Pro, iMac)
What I have changed since installing Pi-hole:
• I disabled DHCP on my router and configured its primary DNS to use the Pi-hole
• On the Pi-hole I enabled DHCP and set my router’s IP to use as router
• On the Pi-hole I only checked the two IPv4 Cloudflare Upstream DNS servers
• I use Pi-hole as my local DNS as well
Everything else on the Pi-hole is unaltered in its default configuration. If I remove the Pi-hole and re-enable DHCP on my router the problem goes away. Same goes for keeping the Pi-hole, but using Thunderbolt-Ethernet-Adapters on the Macs instead of the internal Ethernet port.
I would love to keep my Pi-hole, but I can no justify buying these expensive adapters for every client machine. I am currently stumped at why this even works.
I don't see anything in your debug log that would casue this problem. The debug log shows that Pi-hole is working normally.
Note that the the only relationship between the ping process and the DNS resolution provided by Pi-hole is if DNS resolution is required to ping a domain name.
ping dns.google requires a DNS resolution to get the IP for the domain.
ping 8.8.8.8 goes to the same place, but with no DNS resolution required.
Are you pinging a domain name or an IP on your LAN? Please provide examples of domain name resolution for domains on your lan (i.e. dig printer, etc.).
What device on your LAN is resolving local DNS names? If Pi-hole, where and how do you have these mapped?
The scenario is usually like this: A family member is surfing the net and after a while (can be hours) I hear that "the internet ist slow/not working". The computer is using Ethernet, WLAN is disabled. I then take a look at it and notice that websites are sometimes taking very long to load or fail to do so. A ping to the site yields lots of packet loss.
But it is not limited to just a few sites: As soon as this behaviour starts, any domain I ping gives packet loss. My next step is usually to check for a local problem, so I ping devices on my LAN. I am using Pi-hole for local DNS records, but it does not matter if I ping a device’s local hostname or its IP address, they both see packet loss the same way. Examples are:
ping nas
ping server
ping router
ping 10.0.77.1
ping 10.0.77.2
I have set up local IP/DNS mappings via /admin/dns_records.php on the Pi-hole, nothing fancy.
At this point it absolutely does not matter if I ping via IP address or hostname or if it’s external or local. To get back to normal behaviour I can
a) reboot the computer or disable/enable its network interface
or
b) reboot the switch
After that all is well for hours again. I even replaced the switch and the cables, but that was not the problem. The only reason I even tried Thunderbolt Ethernet is because, at first, I thought one of the Mac’s internal Ethernet was faulty. As stated above: removing the Pi from my LAN and enabling DHCP on my router solves the problem as well.
Since you suspect the problem is with Pi-hole, I would not use pings on your LAN as a troubleshooting tool. The next time this happens look in the Pi-hole query log and the dnsmasq log at /var/log/pihole.log to see if queries are being received and processed properly.
You can also look in the pihole-FTL log at /var/log/pihole-FTL.log and see if there are errors.
If Pi-hole is malfunctioning, I can see that DNS resolution could be delayed, resulting in "the internet is slow", but I don't see any involvement in packet loss. Data packets are directly between the client and the router/other client/internet, with no involvement from Pi-hole or the Pi.
Thanks. I will take a look at the logs you mentioned once the problem re-occurs. And yes, that is what I don’t get: The Pi-hole should only resolve the queries for the client and that’s it. The weird thing is that once I remove the Pi-hole and let my router do the DNS resolving and DHCP I do not get the packet loss problem.
Maybe it’s not directly related to the Pi-hole, but the Pi-hole somehow triggers this behaviour. Next I will try replacing the router (got a spare lying around) and using it for a week or so…
I am reluctant to mark this as solved, but since disabling STP on the switch, the problem has yet to re-occur. At first I tried using regular STP instead of Rapid STP, but this made no difference. I figured I could give it a try to completely disable it, since it is the only switch in use and loops are highly unlikely here. If this persists I won’t bother finding the cause. Should it return I will enable STP again and work through the logs.
Weird. The problem came back with STP disabled, so I enabled it again. The logs of the Cisco switch show recurring entries of this:
2147472237
2021-Feb-16 19:49:41
Warning
%STP-W-PORTSTATUS: gi2: STP status Forwarding
2147472238
2021-Feb-16 19:49:37
Informational
%LINK-I-Up: gi2
2147472239
2021-Feb-16 19:49:32
Warning
%LINK-W-Down: gi2
2147472240
2021-Feb-16 19:34:15
Warning
%STP-W-PORTSTATUS: gi2: STP status Forwarding
2147472241
2021-Feb-16 19:34:10
Informational
%LINK-I-Up: gi2
2147472242
2021-Feb-16 19:34:07
Warning
%LINK-W-Down: gi2
gi2 stands for Gigabit Ethernet Port 2 which is the port the iMac is connected to. What I do not get: Why is this happening after hours of use without problems? And why is it not happening when I use a Thunderbolt-Ethernet-Adapter instead of the built-in Ethernet?