pi-hole randomly stops resolving DNS queries

Please follow the below template, it will help us to help you!

Expected Behaviour:

pi-hole should continuously resolve DNS queries or somehow recover when it is unable to.

Actual Behaviour:

About once every few days, my (dockerized) pi-hole will fail to resolve DNS queries. It seems to happen randomly. Once I restart pi-hole everything is great again for a couple more days. This has been happening for several months so I thought I’d finally post about it to hopefully get some help. Any input is greatly appreciated!

Debug Token:

9108q1c1f4

   [2019-05-28 01:46:36.946 521] *************************************************************************
   [2019-05-28 01:46:36.946 521] * WARNING: Required Linux capability CAP_NET_ADMIN not available        *
   [2019-05-28 01:46:36.946 521] *************************************************************************

This error may have something to do with it. Please see the configuration instructions here:

Thanks @Mcat12! I’ll give that a shot. For anyone following, I launch pi-hole via docker run so I added this to my launch arguments:

--cap-add=NET_ADMIN

Fingers crossed! Somewhat tangential - I notice most examples also say to include the following as the first dns server (which I do):

--dns=127.0.0.1

but this throws a warning at me. Anything to be concerned about?

WARNING: Localhost DNS setting (--dns=127.0.0.1) may fail in containers.

The container has a DNS server running in it, so that warning can be ignored.

1 Like

Unfortunately it looks like the previous suggestion didn’t totally fix the problem :confused: In the past week DNS resolution has suddenly stopped working around three times total.

Here’s the latest log token - hoping someone will spot something that I didn’t: 7b638ommrc

@diginc may be able to help more with this, as it’s Docker.

After the container crashes gather it’s logs with docker logs <container> | tail -40 so we can get an idea what it was doing right before it died.

1 Like

Oh I didn’t consider that the container might be crashing :thinking:

Next time it happens I’ll do that!

Just had it happen again and exported the docker logs. I took 200 lines just to be safe. I’m not sure the container actually crashed but DNS definitely stopped resolving. Hopefully there’s something in here that helps. Log token is 1srpnq5uxm.

Does your docker run command include --dns 127.0.0.1 --dns 1.1.1.1 yet?

Startup can fail repeatedly when this isn’t present. Sounds a lot like this problem: Docker image run-time (internal) process errors

It does - this is the full command I use:

docker run -d \
    --name pihole \
    -h "$(scutil --get LocalHostName)" \
    -p 53:53/tcp \
    -p 53:53/udp \
    -p 80:80 \
    -p 443:443 \
    -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \
    -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \
    -e ServerIP="$IP" \
    -e WEBPASSWORD="$PASS" \
    -e DNS1=1.1.1.1 \
    -e DNS2=1.0.0.1 \
    --dns=127.0.0.1 \
    --dns=1.1.1.1 \
    --cap-add=NET_ADMIN \
    --restart=unless-stopped \
    pihole/pihole:latest

Can you post the docker logs (they aren’t included in the debut token)

The logs from yesterday? Sure thing:

> $ cat pihole.log 
  [i] Number of unique domains trapped in the Event Horizon: 113435
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting lighttpd
Starting crond
Starting pihole-FTL (no-daemon) as root
[services.d] done.
Stopping pihole-FTL
Stopping cron
Stopping lighttpd
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole
OK: Checks passed for /etc/resolv.conf DNS servers

nameserver 127.0.0.1
nameserver 1.1.1.1
  [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u3

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
::: Pre existing WEBPASSWORD found
Docker DNS variables not used
Existing DNS servers used (1.1.1.1 & 1.0.0.1)
DNSMasq binding to default interface: eth0
Added ENV to php:
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
			"ServerIP" => "192.168.7.80",
			"VIRTUAL_HOST" => "192.168.7.80",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: Retrieval successful

  [i] Target: sysctl.org (hosts)
  [✓] Status: No changes detected

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: No changes detected

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: No changes detected

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 135692
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 113433
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
Starting crond
[services.d] done.
Stopping pihole-FTL
Stopping cron
Stopping lighttpd
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole
OK: Checks passed for /etc/resolv.conf DNS servers

nameserver 127.0.0.1
nameserver 1.1.1.1
  [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u3

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
::: Pre existing WEBPASSWORD found
Docker DNS variables not used
Existing DNS servers used (1.1.1.1 & 1.0.0.1)
DNSMasq binding to default interface: eth0
Added ENV to php:
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
			"ServerIP" => "192.168.7.80",
			"VIRTUAL_HOST" => "192.168.7.80",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: No changes detected

  [i] Target: sysctl.org (hosts)
  [✓] Status: No changes detected

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: No changes detected

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: No changes detected

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 135692
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 113433
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting crond
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
[services.d] done.

Had the issue happen again and took another log sample. Token is pp4r18amit. I hope there is something useful in these logs… if not let me know what else I can provide to assist in debugging.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.