Pihole slowing just image loading to a crawl

Pihole in the last few months has completely slowed image loading to a crawl, basically dial-up style, across multiple major sites (Reddit, Twitter (X), Imgur, Discord), across all my devices (Windows, Android, TVs, etc.) YouTube and Twitter videos also quickly drop quality. Issue goes away when Pihole is completely removed from the chain.

Expected Behaviour:

Images load near instantaneously at full or best quality

Actual Behaviour:

Pages themselves load fine but each image takes about 30+ seconds to start displaying, and another 15 seconds to load the entire image line by line. Add 15+ seconds if full quality was not loaded the first time.

Debug Token:

https://tricorder.pi-hole.net/lUYy3wKK/

Currently running with Unbound. Old machine was a i5-650 with Lubuntu 22.04. New machine is Celeron J4105 thin-client with Xubuntu 24.04. Exact same behavior.

Testing with a Twitter media tab. Different Twitter profiles each time. But even profile pictures stutter.

Nothing related blocked in the query or tail log. first time dig to either Reddit or Twitter takes 800ms or more. Subsequent digs about 150-200ms. Before this issue, usually they're <50ms with Pihole

Checking Chrome's network waterfall if I'm reading it right seems to show the first image taking 30+ seconds just to get a response, then an additional 10-15-ish seconds to load line by line, starting with a very crunchy, low quality version, dial-up style. Add on 10 more seconds to load a normal quality version. Then the next image starts. If I'm lucky, a second preview thumbnail will start loading simultaneously, at crunchy quality of course.

Disabling Pihole in dashboard did not help.
Using various DNS servers in the dashboard instead of Unbound did not help.
Tried enabling Unbound forwarding to Quad9 and Cloudflare. Did not help.

Removing Pihole by:
Enabling a VPN restored expected performance
Switching router DNS back to ISP default or another provider, also seems to restores normal performance.

Enabling DNS Relay in my router seems to help a bit? I cannot leave it enabled as restarting the router resets WAN DNS to ISP defaults.

There is only one other post about this that describes a nearly identical issue (unsolved): Reddit, specifically, is suddenly taking forever to load, but only when using PiHole for DNS. /r/pihole

Run on your Pi-hole host machine, please share the results of the following SQL commands:

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT round(avg(reply_time),5) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days');"

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, count(domain), round(avg(reply_time),5), max(id) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days') \
GROUP BY domain ORDER BY 3 DESC LIMIT 10;"

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, count(domain), round(avg(reply_time),5), max(id) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days') \
GROUP BY domain ORDER BY 2 DESC LIMIT 10;"

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT round(avg(reply_time),5) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days');"

0.0335

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, count(domain), round(avg(reply_time),5), max(id) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days') \
GROUP BY domain ORDER BY 3 DESC LIMIT 10;"

us-east-wum.alibaba.com|5|4.1453|193629
cache.marriott.com|4|2.3208|532725
image.laodong.com.vn|2|1.8871|146348
1.4.9.0.c.4.f.e.8.9.c.6.e.9.0.e.9.b.0.5.b.3.3.e.0.9.b.f.7.0.6.2.ip6.arpa|1|1.8855|289615
www-igorslab-de.webpkgcache.com|4|1.879|413687
www.nba.com|2|1.8061|422701
gju1.alicdn.com|1|1.7961|405503
live-production.wcms.abc-cdn.net.au|6|1.7619|333550
traveldetail.feizhu.com|1|1.7483|490019
b.5.c.6.f.7.9.7.8.b.b.2.c.0.5.9.6.c.3.1.7.e.f.0.1.9.b.f.7.0.6.2.ip6.arpa|1|1.7251|330655

pihole-FTL sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, count(domain), round(avg(reply_time),5), max(id) FROM queries \
WHERE timestamp > strftime('%s','now','-7 days') \
GROUP BY domain ORDER BY 2 DESC LIMIT 10;"

mobile.events.data.microsoft.com|55919|0.00012|579977
dsadata.intel.com|48331|7.0e-05|157862
teams.events.data.microsoft.com|29345|0.00043|578576
api.wyzecam.com|19290|0.02423|573903
cc-api-data.adobe.io|19040|0.00013|576154
telemetry.sdk.inmobi.com|14011|0.00055|558868
logx.optimizely.com|13288|0.00033|563902
log.ngsm.nexon.com|12565|0.00061|529372
www.google.com|8368|0.00737|579944
optimizationguide-pa.googleapis.com|8092|0.00019|579953

Those SQL commands give us some statistics for the most current 7 days.

Your Pi-hole's overall average reply time during that period was 33.5ms, which seems reasonably fast.

The second command lists the 10 domains with the highest average reply time during that period.

Reply times are relatively high for those, but note that the count of corresponding DNS queries is rather low, ranging from only 1 up to 6 DNS requests over the course of the last seven days, i.e. they have been queried at most once per day.

When using unbound as a recursive upstream, response times can be expected to be higher when requesting a domain for the first time, so that observation is somewhat expected as well.

The last SQL returns the top 10 domains that have been requested most often during the last 7 days.

Request counts range from about 8,000 to 56,000 requests, i.e. those domains have been requested about 50 to 330 times per hour during the last week.
The average reply times for those is quite low, ranging from as low as 0.07 up to about 24ms, with the majority well under 1ms.
This would also be expected, as Pi-hole would cache DNS replies for as long as a domain's TTL allows, and serving DNS replies from cache is close to instantaneous.

All in all, that data does not seem to support that it would be your Pi-hole that is significantly contributing to your observation of slowly loading images.

I also note that Pi-hole -as much as any DNS filter- would be completely indifferent as to what content a domain would serve, so a correlation between slow loading of images (on some specific sites only) and DNS would be fairly unlikely.

Note that I am not dismissing your observation, I just have a hard time finding how DNS would be involved.

You should therefore consider to also investigate other potential causes.

One such potential lead:
Your debug log shows that you are running a Wireguard installation next to your Pi-hole.

Your observation wouldn't relate to only those devices connecting through Wireguard? Would you route their entire traffic via Wireguard, instead of just routing DNS?

If so, that could perhaps explain slow loading resources, as your home ISP's maximum upload speed would become the limit for your Wireguard clients download.

I understand that DNS shouldn't be affecting loading speed, but after so many months of troubleshooting I needed to make a post. The reddit post showed I wasn't the only one experiencing this kind of issue, and the other users in my home also experiencing the issue showed it's not just my devices.

I could only narrow it down to Pihole being on the chain versus not on the chain, resulting in my issue. I've even factory reset my router, made Pihole and one PC the only connected devices, set DNS, the same issue occurs.

Using a VPN service such as ProtonVPN or removing Pihole entirely restores loading speed.

Wireguard is from a PiVPN installation and is basically never used, just for out-of-home access. Speed tests show appropriate max download of 150 mbps, as my upload is a measly 5 mbps. PiVPN with Wireguard has also been installed for at least 2 years, well before the issue started.

When setting up the new Pihole machine in the past week, I did try it without PiVPN and Wireguard installed, same issue.

That would rule out a Wireguard routing issue then.

Your debug log shows that your DHCP server is distributing two DNS servers:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 305 bytes from enp1s0:192.168.2.1
     Offered IP address: 192.168.2.230
     DHCP options:
      Message type: DHCPOFFER (2)
      router: 192.168.2.1
      dns-server: 192.168.2.230
      dns-server: 192.168.2.254

.230 is your Pi-hole - what is the other one?

.254 is an unassigned IP, outside the router's DHCP range.

My router does not allow duplicate, blank, or 0.0.0.0 for secondary LAN DNS settings. I've tried other addresses. It used to be 127.0.0.1 at one point. Changing it to this does not change the issue.

Right now after another router factory reset, gateway is 0.1, Pihole is 0.230, and secondary as 0.0.0.230.

My WAN DNS settings allow any secondary DNS, and can pass it to LAN DNS with DNS Relay, but as mentioned if the router restarts, they are reset. Currently they are set to Quad9 servers, relay off. Additionally, router DHCP cannot be disabled. I've tried the limit the router DHCP to Pihole, then let Pihole do the rest of the range, such a mess, had to reset, but that's beside the issue.

*Talked with the ISP, they said everything looked fine on their end, but did a refresh anyway. No changes.

This could explain sporadic delays in DNS resolution, if a client would reassess its DNS servers and try to resolve via that non-existent IP: It may have to wait for a request to .254 to time out before switching to Pi-hole and discarding that unresponsive IP.

However, it fails to explain your observation:

DNS would not be involved once an IP address is known.
An image loading slowly line by line could suggest connectivity issues.

It would seem that at least for reddit, there are plenty of complaints, older and recent, about slow loading images (e.g. Images slow to load for anyone else? or Images are loading extremely slow while browsing reddit on PC).

The most relevant database query would seem to be domains with the total resolving time for each domain, ordered by the time descending, over all dns queries (or only those that caused a cache miss, but the results should be nearly identical). Both concentrating on frequently hit domains as well as on average time feels like picking a proxy variable that might be less than perfect.

--
Ian

Some additional abnormal behavior observed:

Streamed TV channels, e.g. Roku TV, Google TV, Samsung TV, are also starting to buffer when starting playback/changing channels.

Removing the Pihole machine restores expected behavior with near instantaneous loading, like in the original post.

Please provide a fresh debug token.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.