Pi-Hole on docker - Stops working intermittently

Help Community Help
1

Hello!

I have recently setup Pi-Hole server and intermittently the DNS look up just stops working. The browsing on the client machine (Iphone / desktop) stops working and I have to wait about 1 minute for it to start looking up websites again. This happens multiple times during the day at random times.

I have setup Pi-Hole as a docker on a Ubuntu 22.04 LTS Installation and use manual DNS configuration on the clients to connect to Pi-Hole.

My server is an Intel 12th Gen NUC with Ubuntu as the host OS. 32 GB of RAM. I also use the machine as a Plex Server / Transmission / Home Assisstant server.

My debug token is: https://tricorder.pi-hole.net/1B9KFMaS/

Appreciate if someone can point me in the right direction.

2

I was able to capture some log when I am not able to browse from the pihole.log. Appreciate if someone can advise what is going on

Jun 12 21:41:08: query[HTTPS] stocks-data-service.apple.com from 192.168.1.220
Jun 12 21:41:08: forwarded stocks-data-service.apple.com to 208.67.222.222
Jun 12 21:41:08: query[A] stocks-data-service.apple.com from 192.168.1.220
Jun 12 21:41:08: forwarded stocks-data-service.apple.com to 208.67.222.222
Jun 12 21:41:08: reply stocks-data-service.apple.com is
Jun 12 21:41:08: reply stocks-data-service.lb-apple.com.akadns.net is
Jun 12 21:41:08: reply stocks-data-service.apple.com.edgesuite.net is
Jun 12 21:41:08: reply a1091.dscw154.akamai.net is 23.199.68.35
Jun 12 21:41:08: reply a1091.dscw154.akamai.net is 23.199.68.80
Jun 12 21:41:09: reply stocks-data-service.apple.com is
Jun 12 21:41:09: reply stocks-data-service.lb-apple.com.akadns.net is
Jun 12 21:41:09: reply stocks-data-service.apple.com.edgesuite.net is
Jun 12 21:41:09: reply a1091.dscw154.akamai.net is NODATA
Jun 12 21:41:09: query[A] www.ozbargain.com.au from 192.168.1.220
Jun 12 21:41:09: forwarded www.ozbargain.com.au to 208.67.222.222
Jun 12 21:41:09: reply www.ozbargain.com.au is 104.22.40.174
Jun 12 21:41:09: reply www.ozbargain.com.au is 104.22.41.174
Jun 12 21:41:09: reply www.ozbargain.com.au is 172.67.8.209
Jun 12 21:41:10: query[HTTPS] netcts.cdn-apple.com from 192.168.1.220
Jun 12 21:41:10: forwarded netcts.cdn-apple.com to 208.67.222.222
Jun 12 21:41:10: query[A] netcts.cdn-apple.com from 192.168.1.220
Jun 12 21:41:10: forwarded netcts.cdn-apple.com to 208.67.222.222
Jun 12 21:41:10: query[HTTPS] www.google.com from 192.168.1.220
Jun 12 21:41:10: forwarded www.google.com to 208.67.222.222
Jun 12 21:41:10: query[A] www.google.com from 192.168.1.220
Jun 12 21:41:10: forwarded www.google.com to 208.67.222.222
Jun 12 21:41:10: reply netcts.cdn-apple.com is
Jun 12 21:41:10: reply netcts.cdn-apple.com.edgesuite.net is
Jun 12 21:41:10: reply a1744.dscw154.akamai.net is 23.199.68.24
Jun 12 21:41:10: reply a1744.dscw154.akamai.net is 23.199.68.17
Jun 12 21:41:10: reply www.google.com is 142.250.70.196
Jun 12 21:41:10: reply netcts.cdn-apple.com is
Jun 12 21:41:10: reply netcts.cdn-apple.com.edgesuite.net is
Jun 12 21:41:10: reply a1744.dscw154.akamai.net is NODATA
Jun 12 21:41:10: reply www.google.com is
Jun 12 21:41:11: query[A] www.ozbargain.com.au from 192.168.1.220
Jun 12 21:41:11: forwarded www.ozbargain.com.au to 208.67.222.222
Jun 12 21:41:11: reply www.ozbargain.com.au is 172.67.8.209
Jun 12 21:41:11: reply www.ozbargain.com.au is 104.22.40.174
Jun 12 21:41:11: reply www.ozbargain.com.au is 104.22.41.174
Jun 12 21:41:13: query[HTTPS] gateway.fe.apple-dns.net from 192.168.1.229
Jun 12 21:41:13: forwarded gateway.fe.apple-dns.net to 208.67.222.222
Jun 12 21:41:13: query[A] gateway.fe.apple-dns.net from 192.168.1.229
Jun 12 21:41:13: forwarded gateway.fe.apple-dns.net to 208.67.222.222
Jun 12 21:41:13: query[SVCB] _dns.resolver.arpa from 192.168.1.229
Jun 12 21:41:13: forwarded _dns.resolver.arpa to 208.67.222.222
Jun 12 21:41:13: reply gateway.fe.apple-dns.net is NODATA
Jun 12 21:41:13: reply _dns.resolver.arpa is
Jun 12 21:41:13: reply _dns.resolver.arpa is

3

Run from your Docker host machine, what's the output of

sudo docker exec -it <container> sudo grep REFUSED /var/log/pihole/pihole.log*

Substitute <container> with your Pi-hole container's name or id.

4

It returns a blank value... i reviewed the file and there are no refused requests there

5

That would preclude that Pi-hole has been rate-limiting your clients, or that Pi-hole's upstream DNS servers would have refused replying, at leats not recently.
You may want to analyse your log files when you encounter your observation again.
Also, Pi-hole's diagnosis should contain a respective message if rate-limiting would kick in.

Another explanation for your observation would be if Pi-hole would have been blocking the sites that a client would have requested, or if an upstream DNS server would not have answered at all.

The log excerpt you've shown above does not support those assumptions:
Instead, it confirms that Pi-hole has successfully forwarded queries upstream and received replies.

The information that you've shared so far would suggest that Pi-hole isn't involved in short inaccessibility periods of sites as observed in your client's browser.

Turning to other potential causes, the OS hosting Pi-hole may drop its network connection when entering power saving mode, specifically for wireless interfaces.

As you are running a dockered Pi-hole, information on your host machine's actual network interfaces may not be accurate in your debug log.

Would that Ubuntu machine running your Docker be connected via wifi (e.g. wlan0)?

6

Thank you for the reply. There is no rate limit being applied to my client. I have Pi-hole installed on my host machine (Ubuntu on NUC12) which is connected via Ethernet to the network. The NUC12 also has Wifi, but I have not connected it to the Wifi Network. There is no drop in the Host machine from the network as this behavior happens when I am actually connected and monitoring Pi-hole via web browser and I can see monitor the client request as it happens.

For e.g. this logfile was captured a few minutes ago from Pi-hole when I tried accessing the website "www.ozbargain.com.au" from my iPhone 13 (connected via WiFi) using PiHole DNS. During this time the DNS server is receiving multiple requests from my phone (IP: 192.168.1.220) but I could not receive any response on my mobile browser.

1.txt (46.9 KB)

7

Okay I think the issue is mostly with apple devices. Since all the phones in my house are apple and they are the ones mostly impacted, I assumed it to be an overall issue with Pi-Hole.

Is there any whitelist for apple domains that may be able to fix my issue?

8

This log looks like the previous:
It confirms that Pi-hole is forwarding and replying DNS queries as expected.

The only blocked domain is

Jun 13 10:50:59: gravity blocked app-measurement.com is 0.0.0.0

And that appears only twice out of 737 lines of your log.

That is to say that there are no hints at all that or how Pi-hole would be involved in your observation.

Are you using Apple's Private Relay feature?

9

I don't think I am. I just read and added the line BLOCK_ICLOUD_PR=false to my pihole-FTL.conf file

Is this what you are referring to?

10

Yes, though strictly speaking, I was referring to the respective configuration of your Apple devices. If you are not using it (not sure, but I think its a paid Apple service), then we can disregard that as well.

11

I have turned off the "Private Wifi Address" on all my apple devices, way before using Pi-hole as it keeps on randomizing my mac address (if that's what you mean by the device configuration)

I have modified the pihole-FTL.conf file with the BLOCK_ICLOUD_PR=false and renewed lease to all my devices in the network. I will monitor the behavior if it solves the issue now. Will update in the morning.

Thank you for your advise @Bucking_Horn. Appreciate it loads!

12

I don't think this will have an impact.

If it would, you should be aware that BLOCK_ICLOUD_PR=false would allow Apple devices to by-pass Pi-hole via Apple's Private Relay.

13

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.