pi-hole randomly stops resolving DNS queries

#1

Please follow the below template, it will help us to help you!

Expected Behaviour:

pi-hole should continuously resolve DNS queries or somehow recover when it is unable to.

Actual Behaviour:

About once every few days, my (dockerized) pi-hole will fail to resolve DNS queries. It seems to happen randomly. Once I restart pi-hole everything is great again for a couple more days. This has been happening for several months so I thought I’d finally post about it to hopefully get some help. Any input is greatly appreciated!

Debug Token:

9108q1c1f4

#2
   [2019-05-28 01:46:36.946 521] *************************************************************************
   [2019-05-28 01:46:36.946 521] * WARNING: Required Linux capability CAP_NET_ADMIN not available        *
   [2019-05-28 01:46:36.946 521] *************************************************************************

This error may have something to do with it. Please see the configuration instructions here:

#3

Thanks @Mcat12! I’ll give that a shot. For anyone following, I launch pi-hole via docker run so I added this to my launch arguments:

--cap-add=NET_ADMIN

Fingers crossed! Somewhat tangential - I notice most examples also say to include the following as the first dns server (which I do):

--dns=127.0.0.1

but this throws a warning at me. Anything to be concerned about?

WARNING: Localhost DNS setting (--dns=127.0.0.1) may fail in containers.
#4

The container has a DNS server running in it, so that warning can be ignored.

1 Like
#5

Unfortunately it looks like the previous suggestion didn’t totally fix the problem :confused: In the past week DNS resolution has suddenly stopped working around three times total.

Here’s the latest log token - hoping someone will spot something that I didn’t: 7b638ommrc

assigned diginc #6
#7

@diginc may be able to help more with this, as it’s Docker.

#8

After the container crashes gather it’s logs with docker logs <container> | tail -40 so we can get an idea what it was doing right before it died.

1 Like
#9

Oh I didn’t consider that the container might be crashing :thinking:

Next time it happens I’ll do that!

#10

Just had it happen again and exported the docker logs. I took 200 lines just to be safe. I’m not sure the container actually crashed but DNS definitely stopped resolving. Hopefully there’s something in here that helps. Log token is 1srpnq5uxm.

#11

Does your docker run command include --dns 127.0.0.1 --dns 1.1.1.1 yet?

Startup can fail repeatedly when this isn’t present. Sounds a lot like this problem: Docker image run-time (internal) process errors

#12

It does - this is the full command I use:

docker run -d \
    --name pihole \
    -h "$(scutil --get LocalHostName)" \
    -p 53:53/tcp \
    -p 53:53/udp \
    -p 80:80 \
    -p 443:443 \
    -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \
    -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \
    -e ServerIP="$IP" \
    -e WEBPASSWORD="$PASS" \
    -e DNS1=1.1.1.1 \
    -e DNS2=1.0.0.1 \
    --dns=127.0.0.1 \
    --dns=1.1.1.1 \
    --cap-add=NET_ADMIN \
    --restart=unless-stopped \
    pihole/pihole:latest
#13

Can you post the docker logs (they aren’t included in the debut token)

#14

The logs from yesterday? Sure thing:

> $ cat pihole.log 
  [i] Number of unique domains trapped in the Event Horizon: 113435
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting lighttpd
Starting crond
Starting pihole-FTL (no-daemon) as root
[services.d] done.
Stopping pihole-FTL
Stopping cron
Stopping lighttpd
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole
OK: Checks passed for /etc/resolv.conf DNS servers

nameserver 127.0.0.1
nameserver 1.1.1.1
  [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u3

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
::: Pre existing WEBPASSWORD found
Docker DNS variables not used
Existing DNS servers used (1.1.1.1 & 1.0.0.1)
DNSMasq binding to default interface: eth0
Added ENV to php:
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
			"ServerIP" => "192.168.7.80",
			"VIRTUAL_HOST" => "192.168.7.80",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: Retrieval successful

  [i] Target: sysctl.org (hosts)
  [✓] Status: No changes detected

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: No changes detected

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: No changes detected

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 135692
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 113433
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
Starting crond
[services.d] done.
Stopping pihole-FTL
Stopping cron
Stopping lighttpd
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole
OK: Checks passed for /etc/resolv.conf DNS servers

nameserver 127.0.0.1
nameserver 1.1.1.1
  [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u3

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
::: Pre existing WEBPASSWORD found
Docker DNS variables not used
Existing DNS servers used (1.1.1.1 & 1.0.0.1)
DNSMasq binding to default interface: eth0
Added ENV to php:
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
			"ServerIP" => "192.168.7.80",
			"VIRTUAL_HOST" => "192.168.7.80",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: No changes detected

  [i] Target: sysctl.org (hosts)
  [✓] Status: No changes detected

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: No changes detected

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: No changes detected

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 135692
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 113433
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting crond
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
[services.d] done.