QNAP / Slow host name resolution

  • I'm running the pi-hole docker on my QNAP NAS. It has a managing app for docker images, which uses some complex virtual switch setup.
  • I'm not a docker expert.
  • I can access the internet, websites, etc.
  • Clients are OSX, iPhone, iPads

Some websites load extremely slow, and I expect this to be because some timeouts have to happen before things move on, but I don't have an idea what to do about it.

pi-hole doesn't use IP6 name-servers (it's disabled, so I can't enable these, and I don't know why). My internal network is using IP4, but there might be some IP6 stuff going on, I'm not aware of.

Does anyone have an idea what to check, look at, try out to get rid of these delays?

Some more information:

| => nmap --reason pihole -p443 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:51 CEST
Nmap scan report for pihole (192.168.1.100)
Host is up, received user-set (0.0068s latency).
rDNS record for 192.168.1.100: pihole.home

PORT    STATE  SERVICE REASON
443/tcp closed https   conn-refused

Nmap done: 1 IP address (1 host up) scanned in 29.06 seconds
________________________________________________________________________________
| ~/Desktop @ imac-pro-559 (robby)
| => nmap --reason pihole -p80 -Pn
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:52 CEST
Nmap scan report for pihole (192.168.1.100)
Host is up, received user-set (0.0058s latency).
rDNS record for 192.168.1.100: pihole.home

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack

Nmap done: 1 IP address (1 host up) scanned in 21.04 seconds
________________________________________________________________________________

https://tricorder.pi-hole.net/dv2mvtzkdw

I'm wondering about this here:

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
   192.168.1.100/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

[✗] No IPv6 address(es) found on the eth0 interface.

And this is the content of /etc/pihole/setupVars.conf

QUERY_LOGGING=true                                                                                                                                                                                                                                                                                                                                                                       
INSTALL_WEB_SERVER=true                                                                                                                                                                                                                                                                                                                                                                  
INSTALL_WEB_INTERFACE=true                                                                                                                                                                                                                                                                                                                                                               
LIGHTTPD_ENABLED=true                                                                                                                                                                                                                                                                                                                                                                    
IPV4_ADDRESS=192.168.1.100                                                                                                                                                                                                                                                                                                                                                               
IPV6_ADDRESS=                                                                                                                                                                                                                                                                                                                                                                            
WEBPASSWORD=0000                                                                                                                                                                                                                                                                                                             
PIHOLE_INTERFACE=eth0                                                                                                                                                                                                                                                                                                                                                                    
BLOCKING_ENABLED=true                                                                                                                                                                                                                                                                                                                                                                    
DNSMASQ_LISTENING=single                                                                                                                                                                                                                                                                                                                                                                 
PIHOLE_DNS_1=8.8.8.8                                                                                                                                                                                                                                                                                                                                                                     
PIHOLE_DNS_2=8.8.4.4                                                                                                                                                                                                                                                                                                                                                                     
PIHOLE_DNS_3=1.1.1.1                                                                                                                                                                                                                                                                                                                                                                     
PIHOLE_DNS_4=1.0.0.1                                                                                                                                                                                                                                                                                                                                                                     
DNS_FQDN_REQUIRED=false                                                                                                                                                                                                                                                                                                                                                                  
DNS_BOGUS_PRIV=false                                                                                                                                                                                                                                                                                                                                                                     
DNSSEC=true                                                                                                                                                                                                                                                                                                                                                                              
CONDITIONAL_FORWARDING=true                                                                                                                                                                                                                                                                                                                                                              
CONDITIONAL_FORWARDING_IP=192.168.1.1                                                                                                                                                                                                                                                                                                                                                    
CONDITIONAL_FORWARDING_DOMAIN=home                                                                                                                                                                                                                                                                                                                                                       
CONDITIONAL_FORWARDING_REVERSE=1.168.192.in-addr.arpa

The IPV4_ADDRESS line is supposed to include the netmask. Did you manually edit that file or did you allow Pi-hole to configure that line?

I didn't touch this file. (the only thing I obfuscated for posting here was the webpassword)

Did you pull the image straight from the Docker hub or did it come from somewhere else?

the missing netmask is probably docker's start.sh script's fault :slight_smile: woops

I got it directly from docker hub.

I created a new container, which now explicitly uses the mapped volumes, and now it seems to work pretty good. No request delays so far.

Not sure, if the volume mapping could make such a difference.

Hmm... seems like things start to become slow again... I see a very constant level of queries, even at night, where I would expect much less queries. And I don't understand the clients level... I hope I'm not running 10.000 clients somewhere I'm not aware of.

Do you recognize the IPs they're coming from? Are you sure you're not acting as an open dns relay to the internet?

edit: n/m I see you just have 1 IP address now...do you recognize the types of site being queried?

All the requests are coming from my router, which uses pi-hole as its DNS server. And the pi-hole IP is not accessible from the outside. So, I don't think it's an open relay. Is there any way to test this?

Since around 10:00 today the queries dropped down from about 12.000 in an hour to 200. I think I restarted the container... hell I'm getting old, I can't remember :wink:

These are the top domains permitted:

Doesn't look suspicous to me... or what do you think?

I looks like you've got your router's external DNS to be the pi hole - is that by design?

The top domains are DNS Discovery Service requests. With this number of requests, you may have a loop between the router and Pi-Hole. This can be caused by conditional forwarding.

@amilroy I set the external DNS of my router manually to the pi-hole.

@jfb I enabled spanning-tree protocol on my router but seems it didn't detect it. And yes, I had "conditional forwarding" enabled and disabled it, which might have triggered the restart and the drop of the number of queries.

Response time is much better now. There are only occasionally delays and some apps on my iPhone or iPad show dome delays but looks good so far.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.