You may ignore nprampage's link for now:
It would only reveal what was available from your debug log already (confirming that pihole-FTL is correctly listening for both protocols). Specifically, while it would list ports in use, it wouldn't tell you whether they are blocked by your firewall or not.
Let's see how using your Pi-hole host's IPv6 address is currently handled.
Please run the following command twice and share its outputs:
Once from your machine hosting Pi-hole, and once from your Windows client:
nslookup pi.hole fe80::f196:2503:f70e:1815
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fe80::f196:2503:f70e:1815
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
How is your Windows client connected to your network? Directly to the same router as your Pi-hole machine, or through a switch or AP?
It's interesting that those nslookups did not fail with a time-out both, since your debug log did show that resolution failed via fe80::f196:2503:f70e:1815.
Could you provide a fresh debug token?
What firewall does your system use?
EDIT: Did you perhaps configure it using some guide, or does that script you are using install some firewall package or enforce a specific ruleset?
Assuming it's using iptables, what's the output of:
sudo iptables -L -n
Also, run on your Windows client, what's the ouput of:
on my PC, just regular windows firewall. the USG-3P in the image I posted is also a firewall but I doubt that has any bearing on why the Pihole keeps locking up and is slow to respond..
I didn't configure anything firewall wise. its all the same as the previous install except for RasberryPi
Configuration for interface "Ethernet"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: None
Just to note, I tend to not use IPV6 and normally I have that protocol entirely disabled inside my internal network.so I purposefully had to activate it because all your tests are focused on it.
To be honest with you, I'm getting kind of frustrated by this issue. and the shit internet performance its causing, to the point where I'm willing to scrap the whole configuration, reset it all to factory and start fresh without using that auto install script I used.
Your iptables output suggests that there are no port blocks for iptables in place.
I'm sorry it's frustrating, but your observation of Pi-hole not receiving DNS requests at times indicates that Pi-hole is being by-passed.
Among the other possibilities I've mentioned, IPv6 would be a common way for that to happen, even if its only link-local IPv6. And if your router's own IPv6 would be involved, that by-pass would happen regardless of Pi-hole's configuration.
As that could have explained your observation, we were checking both your IPv6 DNS servers as known by clients as well as accessibility to Pi-hole's IPv6.
So whatever you've changed in the meantime, your most recent debug log is in line again with your nslookup results via your IPv6:
*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] m94afx.pp8.com is :: on lo (::1)
[✓] m94afx.pp8.com is :: on eth0 (fe80::f196:2503:f70e:1815)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)
For your windows client at least, netsh output shows that it isn't aware of any IPv6 DNS servers. This is good, but if that client had IPv6 protocols disabled, then it may only be true for that client.
Does your router allow you to configure DNS settings for IPv6?
that observation is based on the fact that the whole raspberry Pi is slow and unresponsive. like something is hammering the CPU on it. Like I mentioned a while ago, even SSH, which is talking directly to the Raspberry Pi's IP is slow to respond to commands.
The router is told that DCHP should route any and all DNS requests to the IP that I've assigned the pihole. so any client to the network should bounce to the Pi-hole. and only the Pi-hole will ask google (8.8.4.4 or 8.8.8.8) for a DNS resolve if the requested address is not on the block list.
only time that it is not the case is if you manually input another DNS into your network adapters IPv4 properties. which is what I'm doing right now to be able to post here without the constant "can resolve DNS name" errors.
Yes, haven't touched it as IPv6 is outside of my experience, which is why I tend to ignore it and just turn it off where I can.
I saw you are using a Raspberry Pi 4B to run pi-hole.
I also saw your Debug Log shows your load is 4.21.
In this case, 4 would mean 100% of your 4 cores are busy. 4.21 means your machine were slightly above this (above 100% means there were threads waiting to be executed).
It is VERY unlikely Pi-hole is causing this excessive load.
Pi-hole runs on much older Raspberry Pi hardware.
Why do you think this is caused by Pi-hole? What else do you have running on this machine?
Yes, any time I check Htop on the machine, I can't seem to catch what is causing it. its only Pi-hole thats reporting it and is negatively effected by it.
ok I tried that, don't see much difference in the loads.
the problem is that the high load is intermittent so its hard to catch. is there some sort of logging that I can setup so that if the load goes to above 99%, it'll capture a list of the CPU usage?
