Pi-Hole DNS stops running

One in a while PiHole drops off-line as can be seen in the clip below. This is what I saw when I started work this morning. This happens every couple of weeks. Debilitating as we rely on it. I "restart system" command from the PiHole menu did not help but a reboot command issued via Remote Desktop did -- for now.

I am running the current versions.

Any solution?

1 Like

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

1 Like

Thank you @Bucking_Horn .
" Your debug token is: https://tricorder.pi-hole.net/yQCDRMwK/ "

I wonder if someone could take a look at this?

Your debug log shows your Pi-hole to be fully operational, with full IPv4 and link-local IPv6 connectivity.

Likely unrelated, but I notice that your DHCP server is distributing a second IP on a different subnet as local DNS server beside Pi-hole:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 300 bytes from eth0:192.168.99.2
     Offered IP address: 192.168.99.185
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.99.10
      dns-server: 192.168.25.10

Is that by intention?

While that would not explain the 'DNS service not running' message, it could mean that your Pi-hole is by-passed via that other IP.

Also, let's look into your logs for any signs of recent real pihole-FTL crashes:

sudo zgrep 'FTL crashed!' /var/log/pihole/FTL.log*

Hi @Bucking_Horn . I very much appreciate your looking at this.
Yes, there are two PiHoles and they are at the addresses you show above. One (the one that failed) is on the local network. The 2nd (192.168.25.10) is several miles away and is accessible via Peplink's SpeedFusion. One backs up the other -- a good thing in this case. :<)

Sorry -- I'm a linux noob. Not sure what to do with the command you suggested. When I run it at the Pi's command line it simply returns a prompt. :<(

That's good, as that would indicate that grep couldn't find any instances of a real crash. :wink:

I'll also admit that I've updated above using the zgrep command to consider all available logs, instead of just the most recent one.
So please run that updated command again.

For reassurance, you may verify that zgrep does its job by searching for FTL starts:

sudo zgrep 'FTL started' /var/log/pihole/FTL.log*

I'm confident that this will return results, just so you can be assured that there really are no recent signs of crashes when grepping for 'FTL crashed!' instead . :wink:

pi@pihole:~ $ sudo zgrep 'FTL started' /var/log/pihole/FTL.log*
/var/log/pihole/FTL.log.1:[2022-08-03 05:16:47.145 530M] ########## FTL started on pihole! ##########
/var/log/pihole/FTL.log.1:[2022-08-03 05:17:07.984 531M] ########## FTL started on pihole! ##########
/var/log/pihole/FTL.log.1:[2022-08-03 05:18:04.874 532M] ########## FTL started on pihole! ##########
/var/log/pihole/FTL.log.1:[2022-08-03 05:19:15.086 532M] ########## FTL started on pihole! ##########
/var/log/pihole/FTL.log.1:[2022-08-03 07:18:43.953 14526M] ########## FTL started on pihole! ##########

I guess that means the more exhaustive zgrep for 'FTL crashed!' indeed didn't reveal any recent crashes? Good news then, you've not encountered any real crashes, at least not during the log retention period.

Another reason for tempory inavailability or inaccessibilty of Pi-hole's DNS services would be excessive query volumes, probably triggering Pi-hole's rate limiting. Those would often be triggered by a DNS loop, but there are no indications for such a loop in your current debug log.

If you encounter this situation again, could you run the following commands

  • from a client
nslookup pi.hole
nslookup pi.hole 192.168.99.10
  • from your Pi-hole host machine
pihole status

Sure will. Thank you @Bucking_Horn.

Interesting you mention about query volumes. I will say that I have two PiHole installations. Both have suffered from the same issues as I have described here. I'll also mention that there are Wyzecams on both networks that reply on these PiHoles. On both networks these little ChiCom-manufactured devices have been observed to launch >800 DNS inquiries per hour. Indeed, I submitted two support tickets to Wyze but the behavior continues and Wyze has been unresponsive to the well-documented issue.

I'll also say that this behavior was discovered because of the PiHole's nice GUI -- otherwise we would not know about this aberrant behavior of these little DDoS boxes.

Just wondering if this issue could be related to the "NAN" issue I previously reported here. Again -- thank you very much for your help.