Pi Hole loses internet connectivity

Every few days (sometimes multiple times a day) the connection on several (but not all) of my devices in my home suddenly starts failing to find any servers. After a few minutes, all devices in the home will hit this error.

When this happens I will see a few (probably 2-4) warnings in the diagnosis that all say

Warning in `dnsmasq` core:
Maximum number of concurrent DNS queries reached (max: 150)

This typically happens when internet usage is high, like streaming a show while another device is on a video chat, or downloading large files. What can work to reset the system is to run pihole restartdns and this will typically bring connectivity back for an indefinite period of time.

Details about my system:
I have a single Eero router that my Pi is connected to via ethernet. My Pi-hole is configured to just serve as the DNS server, not DCHP, as this isn't configurable with Eero. Because of this, all my traffic to the Pi-hole all has my router's IP. Almost all of my devices are Apple devices too, so they have iCloud Private Relay enabled, but I do have BLOCK_ICLOUD_PR=false

pi@raspberrypi:~ $ cat /etc/pihole/pihole-FTL.conf 
#; Pi-hole FTL config file
#; Comments should start with #; to avoid issues with PHP and bash reading this file
PRIVACYLEVEL=0
RATE_LIMIT=0/0
BLOCK_ICLOUD_PR=false

Here's a debug log from when everything is working, I'll try to get another log when the internet goes back down (but often times getting a debug log brings it back up)
[✓] Your debug token is: https://tricorder.pi-hole.net/33hPDDqr/

150 concurrent queries is nothing your would normally see on a home network by far.

It often would suggest a DNS loop of sorts, but as your debug log doesn't show any hints of such a loop, that would suggest that your observation may be be caused by misbehaving client(s), desperate to resolve a blocked or otherwise unavailable domain.

Since it's only your router forwarding DNS requests to Pi-hole on behalf of its clients, it would be hard to pinpoint this to a specific device.

Nevertheless, what's the output of:

echo ">stats >quit" | nc localhost 4711

echo ">top-domains >quit" | nc localhost 4711

echo ">top-ads >quit" | nc localhost 4711

echo ">top-clients >quit" | nc localhost 4711

I hit this situation a few times yesterday and saw SERVFAIL errors from several domains and clients, but what you’re saying seems possible, that there’s a client trying to spam an unresolved domain.

pi@raspberrypi:~ $ echo ">stats >quit" | nc localhost 4711
domains_being_blocked 220652
dns_queries_today 126847
ads_blocked_today 4458
ads_percentage_today 3.514470
unique_domains 3078
queries_forwarded 115135
queries_cached 2744
clients_ever_seen 19
unique_clients 19
dns_queries_all_types 126847
reply_UNKNOWN 18465
reply_NODATA 22165
reply_NXDOMAIN 2301
reply_CNAME 42947
reply_IP 34581
reply_DOMAIN 242
reply_RRNAME 82
reply_SERVFAIL 4679
reply_REFUSED 391
reply_NOTIMP 0
reply_OTHER 0
reply_DNSSEC 0
reply_NONE 0
reply_BLOB 994
dns_queries_all_replies 126847
privacy_level 0
status enabled
pi@raspberrypi:~ $ echo ">top-domains >quit" | nc localhost 4711
0 5220 gateway.fe.apple-dns.net
1 4339 a79f7b502bae9945a.awsglobalaccelerator.com
2 3861 api.ring.com
3 1622 gateway.icloud.com
4 1551 e673.dsce9.akamaiedge.net
5 1102 canary.mask.apple-dns.net
6 1032 www.apple.com.edgekey.net
7 1012 e6858.dscx.akamaiedge.net
8 1010 us-sw-courier-4.push-apple.com.akadns.net
9 949 api.apple-cloudkit.fe.apple-dns.net
pi@raspberrypi:~ $ echo ">top-ads >quit" | nc localhost 4711
0 849 metrics.icloud.com
1 308 app-measurement.com
2 191 us.dev.zeronaught.com
3 180 googleads.g.doubleclick.net
4 177 fls-na.amazon.com
5 136 notify.bugsnag.com
6 103 sessions.bugsnag.com
7 77 alb.reddit.com
8 70 cdnssl.clicktale.net
9 69 cdn.dynamicyield.com
pi@raspberrypi:~ $ echo ">top-clients >quit" | nc localhost 4711
0 121566 192.168.4.1 
1 1303 fd38:ae48:87af:1:107e:f984:9ac5:8719 
2 756 fd38:ae48:87af:1:181b:4951:3a22:91f8 
3 717 fd38:ae48:87af:1:842:7502:fc9f:3d7c 
4 556 fd38:ae48:87af:1:403:1cce:f2:13c0 
5 464 127.0.0.1 localhost
6 324 fd38:ae48:87af:1:46a:3a8:9cef:5ccc 
7 317 fd38:ae48:87af:1:8ee:275f:772:4d33 
8 233 fd38:ae48:87af:1:1c4b:a8e3:d966:12f7 
9 182 fd38:ae48:87af:1:8210:6995:3b91:f4bd pi.hole

Since when do you experience this problem?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.