Really slow dns resolutions in 4.1

femaven · December 13, 2018, 8:40pm

I'm having some DNS resolutions take upwards of 7000ms and CPU utilization of pihole-FTL is 90-95% on my raspberry pi. It will also sporadically stop resolving addresses that aren't cached because it times out.

Debug Token:

lfoni6j7jk
This is after changing my /etc/resolv.conf by commenting out nameserver 127.0.0.1 and adding _nameserver 8.8.8._8 after it failed to upload the debug file with the default resolv.conf contents.

IPTables rules

root@raspberrypi:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
root@raspberrypi:~#

Let me know what additional information I need to include!

Mcat12 · December 14, 2018, 12:56am

You have a lot of these lines in your FTL log (every few seconds):

   [2018-12-13 20:17:03.001] Compiled 3 Regex filters and 97 whitelisted domains in 1.4 msec (0 errors)
   [2018-12-13 20:17:04.372] /etc/pihole/black.list: parsed 22 domains (took 0.1 ms)
   [2018-12-13 20:17:09.075] /etc/pihole/gravity.list: parsed 615292 domains (took 4702.8 ms)

For some reason, dnsmasq is reloading everything every few seconds. One possibility is that it is being sent the SIGHUP signal over and over again. @DL6ER may have more ideas.

femaven · December 14, 2018, 1:14am

Interesting. I also see a lot of these entries in pihole -t

01:13:01 dnsmasq-dhcp[7933]: DHCPDISCOVER(eth0) 10.0.128.54 ac:84:c6:78:2c:a3
01:13:01 dnsmasq-dhcp[7933]: DHCPOFFER(eth0) 10.0.128.54 ac:84:c6:78:2c:a3
01:13:01 dnsmasq-dhcp[7933]: DHCPREQUEST(eth0) 10.0.128.54 ac:84:c6:78:2c:a3
01:13:05 dnsmasq-dhcp[7933]: DHCPACK(eth0) 10.0.128.54 ac:84:c6:78:2c:a3 KC120

DL6ER · December 14, 2018, 3:56pm

I only see this as a possibility, too.

What applications are running on the same server?

femaven · December 14, 2018, 4:02pm

I removed one of the sites from my blocklist because it looks like it had been moved from the SANS site. And CPU util seems to have settled down to around 48%. The only other thing that I've got running on this raspi is splunkd, which is taking ~2% CPU. I'm running an ARM splunk forwarder to forward logs to my splunk server.

femaven · December 14, 2018, 10:17pm

The CPU util dropped because I wasn't it resolve DNS for IPv6. When I set DHCPv6/RDNSS Name Server to the ip6 address of the pihole on my ubiquiti set up, the util stayed at around 98%. After a certain point, pihole-FTL would not start. I uploaded fresh debug logs after that happened. The token is 50cfkwwyl2. I've since disabled ipv6 on both my ubiquiti gear and on the pihole and it seems to be working better.

EDIT: I should clarify that IPv6 functionality is currently in alpha on the ubiquiti gear so that's probably the cause of all these headaches.

system · January 4, 2019, 10:27pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.