Pi-hole v5.17.1
FTL v5.23
Rasbian OS: Buster (10)
Pihole is showing an excessive amount of the same repeated query from my router (Unifi UDMP). Repllys tend to be N/A and the statuses are OK. This has started to occur after flashing my Raspberry Pi and re-installing PiHole with a restore through the web interface.
It looks like the way you have this set up is that the router on .1 is the DHCP server and is giving itself out as the DNS server. And then presumably your Pi-hole is configured as the DNS server for the router. Is that correct?
If so, this does work but it means Pi-hole will see all queries coming from your router. This can result in Pi-hole rate-limiting your your router if there are more than 1000 queries per minute in total. In your screenshot you can see all those requests take place within the same single second. You would see a warning message in Tools > Pi-hole diagnosis (with an orange marker to get your attention).
Your debug doesn't show a warning message but it does show a client on your network was being rate-limited earlier today, and that the router has been rate-limited too:
...
[2023-06-16 00:28:33.816 520M] Rate-limiting 192.168.1.1 for at least 60 seconds
[2023-06-16 00:29:33.739 520/T876] Ending rate-limitation of 192.168.1.1
[2023-06-16 00:29:36.784 520M] Rate-limiting 192.168.1.1 for at least 57 seconds
[2023-06-16 00:30:33.801 520/T876] Ending rate-limitation of 192.168.1.1
[2023-06-16 00:30:35.846 520M] Rate-limiting 192.168.1.1 for at least 58 seconds
[2023-06-16 00:31:33.863 520/T876] Ending rate-limitation of 192.168.1.1
... lots like this
You might instead consider changing things around. If you can edit your router's DHCP settings and change the DNS server from .1 (the router) to .94 (the Pi-hole) your devices will each start using Pi-hole directly instead of going through your router (disconnect and reconnect your devices so they pick up the new settings). You will also be able to see which devices are the most busy, and it should enable you to identify which device is making most of those calls.
Hey Chrislph, thanks for the quick reply and looking into this. You are right that I am having my router serve DHCP and the Pi-hole as DNS. This issue actually occurs when I point DNS traffic to the Pi-hole directly from the router. I've attached an image on how this is configured.
The client that is being rate-limited with all of these queries is actually coming from my router (192.168.1.1). I actually rebooted my router and Pi-hole to see if that would help resolve this; however, it seems like there's still several URLs that are seeing these multiple repeated queries.
It seems that as far as the client that is making these calls back to the router, then to the Pi-hole varies and is not consistent with a single device.
This is my laptop
This is my iPhone
With Pi-hole as the router's DNS server, all the clients on your network are using your router for DNS, and the router is using Pi-hole for DNS. So Pi-hole sees everything coming from the router, and that's what is making the router appear so active to Pi-hole.
I'd be inclined to set it up the way I describe above, if you can. This will let your laptop, phone and other clients use the Pi-hole directly, and it can reply directly to them. Then you'll be able to separate out their requests in Pi-hole from any extra noise coming from your router.
Thanks, Chris. What you're saying absolutely makes sense. It looks like Ubiquiti changed up a few things on the current release I have for my UDM Pro (router) so I can't find a way to edit the router's DNS, only the one I showed above for the WAN. I'm guessing when I flushed everything and re-flashed my Pi-hole it also lost a lot of its own records which might explain some of the increased traffic? From my understanding though, nothing else "changed" in my setup/configuration which is what caused the initial concern.
It looks like I'll need to go back to the drawing board and do a little more homework to see how best to use my Pi-hole for DNS. I really do appreciate all of your help and detailed explanations.
There should be a section where you configure the DHCP settings (the range, etc) and in there is a place for the DNS you want to use on the LAN. Then again, maybe it always enforces using itself, and the only place you can edit anything is the UDM's upstream server, which is what you've already done. As mentioned that does work with Pi-hole but it means all your client lookups appear to come from the UDM, and that means you can't easily separate stuff out and leads to rate limit issues.
You may be able to sidestep the rate-limit issues if you change the thresholds in Settings > DNS > Rate-limiting and increase the numbers a bit. That won't help with splitting up the queries though.
Hopefully there is a place for the DHCP DNS setting buried in the UDM somewhere and you can edit it. Have a good scout around. If you do find a place where it's located by all means post a followup and a screenshot, that will help any future visitor with the same model.
If the UDM really is crippled like this, then another option is to disable its DHCP entirely and switch on the DHCP server in the Pi-hole (in Settings > DHCP) instead. That will allow the Pi-hole to take over the role. The Pi-hole DHCP uses itself for DNS as default.
You would have to set the DHCP IP range needed. Once it was ready you'd have to take everything off the network and back on so they all pick up their new IP addresses from the Pi-hole's DHCP.
Using this approach gives you back control, lets you see individual devices in Pi-hole, and turns your UDM into basically just connectivity and a gateway for the traffic in and out. Here's a post about it on this forum.
I just found the setting under: Networks > Default > DHCP DNS Server. It appears to have been in one of those places hiding in plain site. I went ahead and made the updates there pointing client devices to the pihole and leaving the WAN set out to Quad 9.
While I'm not seeing a lot of traffic yet (assuming clients are using local DNS). I'll keep monitoring this to see if anything changes. As an aside, I'm guessing Pi-hole is still doing its job since ADs and other items are still being blocked.
I really do appreciate your help and support, Chris!
Cheers,
Other Chris
Ace, that's perfect, thanks for the screenshots too.
If you take a client and disconnect and reconnect it to your network (wifi or ethernet) it will re-request its IP settings and will pick up the new DNS setting and so should start using the Pi-hole directly. You'll see it in the Dashboard's top clients and the Query Log (try a noisy site like cnn.com or dailymail.com, they trigger whole rafts of lookups and blocks!)
Any super noisy clients should be easily visible now that you'll be able to see them individually, and the splits will prevent the rate-limiting problem.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
