Pi-hole diagnosis

Amr_Samy · January 7, 2025, 7:39pm

I have these messages in Pi-hole diagnosis.

I don't understand the first one. It keeps appearing when I first start Pi-hole.

I also don't know why I'm getting the second and third ones. These clients aren't doing anything abnormal.

Amr_Samy · January 14, 2025, 7:43pm

Any help? I keep getting these warnings from time to time.

CallMeCurious · January 14, 2025, 8:23pm

I can't speak to the 1st error but rate limiting is caused by client behavior. Have you looked at the dashboard / query logs for the timeframe in question? Depending on your traffic volume, they ususally standout as large spikes.

Amr_Samy · January 14, 2025, 10:08pm

Do you mean this?

CallMeCurious · January 14, 2025, 10:10pm

LOL - I would say that qualifies as a spike

Amr_Samy · January 14, 2025, 10:45pm

In this case, I should investigate what this device was doing, right?

CallMeCurious · January 14, 2025, 11:00pm

Yes, if you look at the client activitiy windows on the dash board ( bottom graph ), each client is broken down by a color. In this case you can click on the light blue section of the graph and it will pull up what that client is and what it was looking at.

You can sort it and get and idea of what domains it s accessing by flipping through the pages.

You can also do a sqlite3 data base query that can help. I'm not well versed in that though. Perhaps a Dev / Community Member could help with that. The basic search I've outlined above is often enought to point you in the right direction.

Amr_Samy · January 14, 2025, 11:08pm

Actually, the blue one is pi-hole itself.

CallMeCurious · January 14, 2025, 11:14pm

Well that would be strange. What does it show the pihole doing? Roughly 14K queries over 20 minutes for the pihole itself seems very odd.

Amr_Samy · January 14, 2025, 11:27pm

Example of what pihole is doing

CallMeCurious · January 14, 2025, 11:36pm

Interesting. This is saying that your Router ( assuming 192.168.1.1. is the Router ) is returning the "REFUSED" response. How is your pihole configured for its upstream server? From the Web gui Settings > DNS

Also post what cat /etc/resolv.conf shows

Amr_Samy · January 14, 2025, 11:40pm

Setting -> DNS

resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 192.168.1.251
nameserver 192.168.1.1

CallMeCurious · January 14, 2025, 11:49pm

Having the router as a named server is a problem. This is causing a loop as you router is configured to point to the pi and the pi as pointed to use the router. This likely ties to your other post .

I'm not familiar with Ubuntu, which you seem to be using, but you should change the DNS Server for your PI's network connection to use 127.0.0.1 for the pi itself or choose a DNS Server that you prefer. The router IP needs to be removed though.

Amr_Samy · January 14, 2025, 11:54pm

I understand. But if I remove the router IP, my changes will be overwritten as the comment at the beginning of the file says.

CallMeCurious · January 14, 2025, 11:58pm

Yep, you cannot change the file itself. It needs to be changed on the interface itself. Lets start by getting exactly what your running. what is the output of cat /etc/os-release Then we can figure out the proper way to change it on the interface.

Amr_Samy · January 15, 2025, 12:34pm

Here it is:

PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

CallMeCurious · January 15, 2025, 12:56pm

It looks like you can use nmtui to do this. Here is a guide for reference. You will want to read through that first.

When ready you will want to verify the active connection using nmcli connection show --active It should show the active connection as the first entry and in a different shade of green from the other entries. Make note of the name.

Then run sudo nmtui and choose edit a connection. Choose the name of the connection from the previous step and hit enter. It will give you a list of network options that can be changed.

You will want to pay attention to the IPV4 Section. Change the DNS Servers to 127.0.0.1 or to a DNS Provider like 1.1.1.1.

Once the change is made arrow down to the bottom tab to "ok" and then hit enter and then you can hit "esc" till your back to the menu that shows the connections. Make sure the connection you edited is highlighted and tab over to "activate" and hit enter. That should restart the interface with the new settings. You can quit or just keep hitting "esc" to exit. Check cat /etc/resolv.conf to make sure it took.

Amr_Samy · January 18, 2025, 8:10pm

Actually, when I remove 192.168.1.1 from /etc/resolv.conf, I can't access the internet.

CallMeCurious · January 18, 2025, 8:19pm

I'm guessing you put it back as it was?

I'm not sure what is going on but something is misconfgured if you have to have the router as your DNS Server in order to access the internet.

Amr_Samy · January 18, 2025, 8:31pm

I can have 1.1.1.1 only and it will work. I mean that Pi-hole IP only in /etc/resolv.conf is not enough.