PiHole Randomly Says [✗] DNS resolution is currently unavailable

Expected Behaviour:

DNS resolution should be consistent and work every time.

I have two PiHoles running and they both have the same issue:

  • Linux PIHOLE01 5.15.84-v7l+ #1613 SMP Thu Jan 5 12:01:26 GMT 2023 armv7l GNU/Linux on Raspberry Pi B+
  • Linux PIHOLE02 5.15.84-v7l+ #1613 SMP Thu Jan 5 12:01:26 GMT 2023 armv7l GNU/Linux on Raspberry Pi B+

Actual Behaviour:

PiHole is randomly not able to resolve DNS queries. When I try to do a gravity update or pinhole update, for example, I will get errors related to not being able to resolve a domain (that exists) or I will see this error:
[✗] DNS resolution is currently unavailable

It will wait and try again and everything works just fine.

I had tried changing the PiHole DNS Servers from Level3 to Google with no luck.

My clients are all having random issues with dns resolution as well. I will issue an nslookup from a client and it will timeout and then immediately reissue it and it will work.

This seems to have just started in the past two or three days with no other network changes.

Debug Token:

PIHOLE01: https://tricorder.pi-hole.net/CL5WIoXk/
PIHOLE02: https://tricorder.pi-hole.net/k1A9ftyX/

Example of the issue from PiHole01:


   * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
[i] Debug script running in automated mode
    * Using curl for transmission.
    * curl failed, contact Pi-hole support for assistance.
    * Error message: curl: (6) Could not resolve host: tricorder.pi-hole.net

[✗] There was an error uploading your debug log.
   * Please try again or contact the Pi-hole team for assistance.
   * A local copy of the debug log can be found at: /var/log/pihole/pihole_debug.log

pi@PIHOLE01:~ $ nslookup tricorder.pi-hole.net

Non-authoritative answer:
tricorder.pi-hole.net   canonical name = docker-2-ny1.pi-hole.net.
Name:   docker-2-ny1.pi-hole.net

pi@PIHOLE01:~ $ 

At the same time this happened on PiHole02:

pi@PIHOLE02:~ $ nslookup tricorder.pi-hole.net
;; connection timed out; no servers could be reached

pi@PIHOLE02:~ $ 

I did a PCAP from my router/firewall and see this for the traffic from PIHOLE01:

Your debug logs log inconspicuous, though they suggest you run a pretty elaborate DHCP setup for a multitude of network interfaces.

There is one peculiarity related to those interfaces, though:
The main interface eth0 is unconfigured:

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:

It only carries a link-local IPv4 address.
What's the motivation for that?

LLAs should only appear on interfaces that haven't been able to acquire a proper IP address by DHCP nor through any other means like static configurations.
I'm unsure whether that would actually affect your DNS resolution.
But if that's not by your design, you should probably address that.

There are also slight differences between your configurations, e.g. only one of your Pi-hole's has a 05-pihole-custom-cname.conf.
I can't tell whether that's by intention, and whether that would have an impact on your observation.

And likely unrelated to your observation, but still:
As you are using .local as part of your local domain names, note that *.local FQDNs are reserved for usage by the mDNS protocol - they should NOT be used with plain DNS.