pi-hole randomly stops resolving DNS queries

anthony · May 28, 2019, 10:24pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

pi-hole should continuously resolve DNS queries or somehow recover when it is unable to.

Actual Behaviour:

About once every few days, my (dockerized) pi-hole will fail to resolve DNS queries. It seems to happen randomly. Once I restart pi-hole everything is great again for a couple more days. This has been happening for several months so I thought I'd finally post about it to hopefully get some help. Any input is greatly appreciated!

Debug Token:

9108q1c1f4

Mcat12 · May 29, 2019, 3:45am

   [2019-05-28 01:46:36.946 521] *************************************************************************
   [2019-05-28 01:46:36.946 521] * WARNING: Required Linux capability CAP_NET_ADMIN not available        *
   [2019-05-28 01:46:36.946 521] *************************************************************************

This error may have something to do with it. Please see the configuration instructions here:

anthony · May 29, 2019, 4:52pm

Thanks @Mcat12! I'll give that a shot. For anyone following, I launch pi-hole via docker run so I added this to my launch arguments:

--cap-add=NET_ADMIN

Fingers crossed! Somewhat tangential - I notice most examples also say to include the following as the first dns server (which I do):

--dns=127.0.0.1

but this throws a warning at me. Anything to be concerned about?

WARNING: Localhost DNS setting (--dns=127.0.0.1) may fail in containers.

Mcat12 · May 30, 2019, 2:52am

The container has a DNS server running in it, so that warning can be ignored.

anthony · June 11, 2019, 9:43pm

Unfortunately it looks like the previous suggestion didn't totally fix the problem In the past week DNS resolution has suddenly stopped working around three times total.

Here's the latest log token - hoping someone will spot something that I didn't: 7b638ommrc

Mcat12 · June 13, 2019, 3:49am

@diginc may be able to help more with this, as it's Docker.

diginc · June 13, 2019, 4:42am

After the container crashes gather it's logs with docker logs <container> | tail -40 so we can get an idea what it was doing right before it died.

anthony · June 14, 2019, 3:09am

Oh I didn’t consider that the container might be crashing

Next time it happens I’ll do that!

anthony · June 15, 2019, 2:26am

Just had it happen again and exported the docker logs. I took 200 lines just to be safe. I'm not sure the container actually crashed but DNS definitely stopped resolving. Hopefully there's something in here that helps. Log token is 1srpnq5uxm.

diginc · June 16, 2019, 12:10am

Does your docker run command include --dns 127.0.0.1 --dns 1.1.1.1 yet?

Startup can fail repeatedly when this isn't present. Sounds a lot like this problem: Docker image run-time (internal) process errors - #7 by diginc

anthony · June 16, 2019, 12:16am

It does - this is the full command I use:

docker run -d \
    --name pihole \
    -h "$(scutil --get LocalHostName)" \
    -p 53:53/tcp \
    -p 53:53/udp \
    -p 80:80 \
    -p 443:443 \
    -v "${DOCKER_CONFIGS}/pihole/:/etc/pihole/" \
    -v "${DOCKER_CONFIGS}/dnsmasq.d/:/etc/dnsmasq.d/" \
    -e ServerIP="$IP" \
    -e WEBPASSWORD="$PASS" \
    -e DNS1=1.1.1.1 \
    -e DNS2=1.0.0.1 \
    --dns=127.0.0.1 \
    --dns=1.1.1.1 \
    --cap-add=NET_ADMIN \
    --restart=unless-stopped \
    pihole/pihole:latest

diginc · June 16, 2019, 12:17am

Can you post the docker logs (they aren't included in the debut token)

anthony · June 16, 2019, 12:24am

The logs from yesterday? Sure thing:

> $ cat pihole.log 
  [i] Number of unique domains trapped in the Event Horizon: 113435
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting lighttpd
Starting crond
Starting pihole-FTL (no-daemon) as root
[services.d] done.
Stopping pihole-FTL
Stopping cron
Stopping lighttpd
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole
OK: Checks passed for /etc/resolv.conf DNS servers

nameserver 127.0.0.1
nameserver 1.1.1.1
  [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u3

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
::: Pre existing WEBPASSWORD found
Docker DNS variables not used
Existing DNS servers used (1.1.1.1 & 1.0.0.1)
DNSMasq binding to default interface: eth0
Added ENV to php:
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
			"ServerIP" => "192.168.7.80",
			"VIRTUAL_HOST" => "192.168.7.80",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: Retrieval successful

  [i] Target: sysctl.org (hosts)
  [✓] Status: No changes detected

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: No changes detected

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: No changes detected

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 135692
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 113433
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
Starting crond
[services.d] done.
Stopping pihole-FTL
Stopping cron
Stopping lighttpd
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole
OK: Checks passed for /etc/resolv.conf DNS servers

nameserver 127.0.0.1
nameserver 1.1.1.1
  [i] Existing PHP installation detected : PHP version 7.0.33-0+deb9u3

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf
::: Pre existing WEBPASSWORD found
Docker DNS variables not used
Existing DNS servers used (1.1.1.1 & 1.0.0.1)
DNSMasq binding to default interface: eth0
Added ENV to php:
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",
			"ServerIP" => "192.168.7.80",
			"VIRTUAL_HOST" => "192.168.7.80",
Using IPv4 and IPv6
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
 ::: Docker start setup complete
  [i] Pi-hole blocking is enabled
  [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range

  [i] Target: raw.githubusercontent.com (hosts)
  [✓] Status: Retrieval successful

  [i] Target: mirror1.malwaredomains.com (justdomains)
  [✓] Status: No changes detected

  [i] Target: sysctl.org (hosts)
  [✓] Status: No changes detected

  [i] Target: zeustracker.abuse.ch (blocklist.php?download=domainblocklist)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_tracking.txt)
  [✓] Status: No changes detected

  [i] Target: s3.amazonaws.com (simple_ad.txt)
  [✓] Status: No changes detected

  [i] Target: hosts-file.net (ad_servers.txt)
  [✓] Status: No changes detected

  [✓] Consolidating blocklists
  [✓] Extracting domains from blocklists
  [i] Number of domains being pulled in by gravity: 135692
  [✓] Removing duplicate domains
  [i] Number of unique domains trapped in the Event Horizon: 113433
  [i] Number of whitelisted domains: 13
  [i] Number of blacklisted domains: 0
  [i] Number of regex filters: 0
  [✓] Parsing domains into hosts format
  [✓] Cleaning up stray matter

  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting crond
Starting lighttpd
Starting pihole-FTL (no-daemon) as root
[services.d] done.

anthony · June 27, 2019, 9:34pm

Had the issue happen again and took another log sample. Token is pp4r18amit. I hope there is something useful in these logs... if not let me know what else I can provide to assist in debugging.

system · July 18, 2019, 9:36pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.