PiHole at 100% CPU usage/not resolving client DNS

IHochmeisterI · August 30, 2023, 6:47pm

Expected Behaviour:

PiHole properly functioning as expected behaving as current home network's DNS server; normal levels of CPU usage, and no errors.

Actual Behaviour:

This morning logging on my main home PC, DNS wasn't functioning as intended - I could ping out just fine over IP, but DNS was not resolving - I swapped my home router's DNS to point to just Cloudflare (1.1.1.1, 1.0.0.1) for the time being to get functional again, instead of my PiHole instance.

However, even with my router no longer pointing to my PiHole instance, and reboots of the actual Pi itself, the CPU immediately spikes to 100%, even with no client querying the PiHole instance any longer for DNS.

I suspected that it was possible having Conditional Forwarding enabled was causing the issue, so I did disable that, but that did not seem to fix anything.

I also went ahead and tried both repairing and re-installing my PiHole instance using pihole -r, but that also did not alleviate the issue.

Only other items I have really done with this Pi device thus far outside PiHole have been installing Wireguard, and making use of fail2ban, but both of those have been in place for some time - nothing new.

I am able to successfully update Gravity with no issue - tested that a few times now and it seems to update appropriately.

I am also getting the following error on the System tab itself, but searching this error I have not found anything particularly specific to the symptoms I am currently seeing, especially since I do not have my router pointing to the Pi at this time:

There was a problem applying your settings.
Debugging information:
PHP error (2): fsockopen(): unable to connect to 127.0.0.1:4711 (Connection refused) in /var/www/html/admin/scripts/pi-hole/php/FTL.php:47

FTL version: 5.23

Debug Token:

https://tricorder.pi-hole.net/sAgy1mvk/

jfb · August 30, 2023, 7:01pm

Your debug log shows no active diagnosis messages.

"PiHole at 100% CPU usage"

Have you verified (using htop or top) which process on the host OS is using the CPU? Pi-hole is just one process running on the computer, and our web interface shows total CPU use, not the specific use by Pi-hole software only.

IHochmeisterI · August 30, 2023, 7:07pm

Yes - forgot to include that piece - it seems to be FTL itself:

100% CPU - /usr/bin/pihole-FTL -f

Checking /var/log/pihole-FTL.log, I am mostly seeing messages like this:

Resizing "FTL-queries" from 1289502720 to (29310976 * 44) == 1289682944 (/dev/shm: 1.3GB used, 2.0GB total, FTL uses 1.3GB)

but it then goes into a bunch of this, which I did not see earlier today:

WARN: Could not write() everything in getAllQueries() [src/api/api.c:1074]: Broken pipe

I also got a brief moment where the FTL portion of the WebUI for PiHole loaded here briefly... and I saw many, many allowed queries to some a specific host and being allowed out - I am wondering if there is some bad-actor client in play that wasn't behaving like this prior - I noticed all of those queries were earlier today - over 42,700,000 queries.

IHochmeisterI · August 30, 2023, 9:17pm

After searching around a bit more on my own, I found this other post you had commented on: Pihole-ftl using all my CPU and breaks all internet connectivity - #6 by jfb.

I went ahead and followed the mv instructions there and restarted FTL - I am going to forward my router back over to point to PiHole and monitor - see if the same traffic shows up again like before.

I did run a pcap on my router and didn't see the issue traffic there this afternoon - but will continue to monitor.

system · September 20, 2023, 9:30pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.