PiHole freezing/crashing(?) after adding a HiSense Roku TV

twiz · March 11, 2021, 8:23pm

I've had a PiHole running for over a year and it was working well with no noticeable issues, but once we got a HiSense Roku TV I noticed that sporadically pages stopped loading. After a bit of troubleshooting I found that the PiHole web interface is unreachable, both via "pi.hole" and the local address 192.168.1.200/admin. During this time I can still SSH into the pihole as normal, but "pihole restartdns" returns an error (See below).
I wiped the MicroSD and did a fresh install of the latest Raspberry Pi OS Lite (January 11th 2021) and PiHole, and nothing else other than PiHole's dependencies, but the problem still persists. I imagine that since I can still SSH into the Pi it's related to the PiHole software rather than a hardware/OS issue. Sometimes it is fine for a few hours, other times it happens every 5 minutes. I have no clue where to go from here.

Thanks in advance!

Expected Behaviour:

Resolve DNS and not become unresponsive

Actual Behaviour:

Hardware: Raspberry Pi 3B+
OS: Raspberry Pi OS Lite (January 11th 2021)

"pihole restartdns" output/error:

Job for pihole-FTL.service failed because the control process exited with error code.
See "systemctl status pihole-FTL.service" and "journalctl -xe" for details.

"systemctl status pihole-FTL.service" output: https://i.imgur.com/NzY9Bpi.png
"journalctl -xe" output: https://i.imgur.com/X7x5cNc.png

Debug Token:

https://tricorder.pi-hole.network/rci07o7l6h

Bucking_Horn · March 12, 2021, 8:37am

Run from your Pi-hole machine, what's the output of

echo ">stats >quit" | nc localhost 4711

echo ">top-clients >quit" | nc localhost 4711

echo ">top-domains >quit" | nc localhost 4711

echo ">top-ads >quit" | nc localhost 4711

twiz · March 12, 2021, 3:40pm

pi@raspberrypi:~ $ echo ">stats >quit" | nc localhost 4711
domains_being_blocked 365733
dns_queries_today 35220
ads_blocked_today 12940
ads_percentage_today 36.740490
unique_domains 5917
queries_forwarded 13489
queries_cached 8497
clients_ever_seen 89
unique_clients 48
dns_queries_all_types 35214
reply_NODATA 259
reply_NXDOMAIN 298
reply_CNAME 669
reply_IP 5232
privacy_level 0
status enabled

pi@raspberrypi:~ $ echo ">top-clients >quit" | nc localhost 4711
0 24329 66.189.***.*** books.gpl.org
1 4819 192.168.1.1
2 1547 127.0.0.1 localhost
3 1468 89.39.107.167 customer.worldstream.nl
4 579 5.183.92.248
5 409 5.183.92.200
6 405 72.188.226.19 072-188-226-019.res.spectrum.com
7 250 5.183.92.128
8 218 5.183.92.80
9 200 5.183.92.98

pi@raspberrypi:~ $ echo ">top-domains >quit" | nc localhost 4711
0 4822 a.root-servers.net
1 842 api.roku.com
2 551 fireoscaptiveportal.com
3 533 www.google.com
4 455 api.amazonalexa.com
5 405
6 296 spectrum.s3.amazonaws.com
7 253 gc-openapi-zinny3.kakaogames.com
8 234 security-app.eufylife.com
9 153 api.amazon.com

Line "5 405" shows in the WebUI as:

Time: 2021-03-12 10:29:28
Type: ANY
Domain: .
Client: 072-188-226-019.res.spectrum.com
Status: OK (forwarded to resolver1.opendns.com#53)
Reply: NOTIMP (0.0ms)

pi@raspberrypi:~ $ echo ">top-ads >quit" | nc localhost 4711
0 6635 pubsub.plex.tv
1 664 msh.amazon.com
2 607 scribe.logs.roku.com
3 532 unagi-na.amazon.com
4 391 aviary.amazon.com
5 224 device-metrics-us.amazon.com
6 223 device-metrics-us-2.amazon.com
7 204 display.ravm.tv
8 194 incoming.telemetry.mozilla.org
9 193 uapi.adrise.tv

Bucking_Horn · March 13, 2021, 8:58am

twiz:

pi@raspberrypi:~ $ echo ">top-clients >quit" | nc localhost 4711
0 24329 66.189.***.*** books.gpl.org
1 4819 192.168.1.1
2 1547 127.0.0.1 localhost
3 1468 89.39.107.167 customer.worldstream.nl
4 579 5.183.92.248
5 409 5.183.92.200
6 405 72.188.226.19 072-188-226-019.res.spectrum.com
7 250 5.183.92.128
8 218 5.183.92.80
9 200 5.183.92.98

All your top clients, except 192.168.1.1 and localhost, are public IP addresses, i.e. some machines from the public Internet, outside of your home network, are using your Pi-hole.

You've turned your Pi-hole into an open resolver, which poses a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.

The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver , and we won't provide support in that case.

twiz · March 13, 2021, 9:22am

How do I disable that?
I had tried (and failed) to set up OpenVPN in the past, but have since formatted the SD card and reinstalled the OS/Pi-Hole. I imported my blacklists from backup, but nothing else.

Bucking_Horn · March 13, 2021, 9:23am

Close inbound port 53/DNS on your router.

twiz · March 13, 2021, 9:44am

Thank you so much for the help. I removed the port and am not getting the outside IP addresses anymore.
I am still getting the 66.189.***.*** books.gpl.org one, which is my IP address. Is that normal/OK?

Bucking_Horn · March 14, 2021, 9:09pm

This may indicate that your router is not blocking port 53 yet.

Public IPv4 addresses should not show up in Pi-hole at all.

system · April 4, 2021, 9:09pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.