Requete innondante jusqu'à perte de service

Bonjour à vous,

J'ai formatter récemment mon raspberry pi w zero étant donner les messages de clé (j'aurais jamais dû formatter).

J'ai trouver la solution pour le message d'erreur du OS mais depuis, mon pihole reçoit d'inombrable requête à chaque seconde et je perds mes conexion internet dont le filtrage est fait par celui-ci. J'ai chercher sur le web et vu un post dont quelqu'un ajouter en whitelist des regex permettant de donné un adresse IP local non utiliser par une machine mais respectant sa structure réseau.

Aujourd'hui un des flood est créer par un domain ayant le regex ... donc possiblement que j'ai des erreurs dans mon appellation.

Donc cela me pose quelques questions. Est-ce que mon raspberry pi est rendu désuet a faire exécuter le pi hole ? Suis-je le seul ayant eu des problèmes suites à l'installation (ou réinstallation) à neuf de raspberry pi OS (sans GUI) et du pihole ???

JE vous laisse donc mes whitelist selon les "attaques"






merci beaucoup pour votre aide ... je suis désespéré

Can anyone help me please ???

Apologies for answering in English.

Pi-hole runs fine on low spec hardware.
I run it on a NanoPi and on a Zero without issues.

I have difficulties understanding your actual issue.
Could you try to give an example of what is not working?

And as your earlier debug log has long since expired, could you provide a fresh debug token, please?

Here's my issue. After awhile, I loose internet on my devices that use the pihole as DNS. The raspberry pi is still running, not issue at all. I need to restart the raspberry so I could get my internet back. Each time it occurs, I can see that I've got many request from and others.

What I'm suspecting it's a DDOS until I lost the internet. There is no error report from the DDOS. Each time i've tried to put in whitelist the specific request with the regex editor but it's seems that I do mistakes.

So I would like to stop to restart my pihole on each few days and to solve what make my pihole flood


I suspect that you do not observe requests from, but rather that clients are excessively requesting resolution of

Run from the machine hosting your Pi-hole, what is the result of:

echo ">stats >quit" | nc localhost 4711
echo ">top-clients >quit" | nc localhost 4711
echo ">top-domains >quit" | nc localhost 4711
echo ">top-ads >quit" | nc localhost 4711

And a fresh debug token, please.

pi@raspberrypi:~ $ echo ">stats >quit" | nc localhost 4711
domains_being_blocked 153664
dns_queries_today 12571
ads_blocked_today 2866
ads_percentage_today 22.798504
unique_domains 1507
queries_forwarded 7714
queries_cached 1620
clients_ever_seen 5
unique_clients 5
dns_queries_all_types 12571
reply_UNKNOWN 186
reply_NODATA 1104
reply_NXDOMAIN 206
reply_CNAME 3802
reply_IP 6863
reply_DOMAIN 40
reply_RRNAME 0
reply_SERVFAIL 163
reply_REFUSED 184
reply_NOTIMP 0
reply_OTHER 0
reply_DNSSEC 0
reply_NONE 0
reply_BLOB 23
dns_queries_all_replies 12571
privacy_level 0
status enabled
pi@raspberrypi:~ $ echo ">top-clients >quit" | nc localhost 4711
0 6939 
1 4069 
2 694 
3 550 
4 319 localhost
pi@raspberrypi:~ $ echo ">top-domains >quit" | nc localhost 4711
0 941
1 879
2 217
3 187
4 136
5 128
6 115
7 102
8 84
9 84
pi@raspberrypi:~ $ echo ">top-ads >quit" | nc localhost 4711
0 451
1 375
2 226
3 161
4 93
5 72
6 65
7 64
8 63
9 62

thanks again for your help

For the API stats, nothing strikes as conspicuous.
There are a few reply_REFUSED, but their count isn't that high.
Still, let's see which domains and clients have been refused:

pihole-FTL sqlite3 "/etc/pihole/pihole-FTL.db" "SELECT domain, count(domain), client FROM queries WHERE timestamp > strftime('%s','2024-01-24') AND reply_type=8 GROUP BY domain ORDER BY 2 DESC LIMIT 20;"

Your debug log also looks normal, apart from your network configuration:

*** [ DIAGNOSING ]: Network interfaces and addresses
   2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
       inet brd scope global noprefixroute wlan0
          valid_lft forever preferred_lft forever
       inet brd scope global secondary dynamic noprefixroute wlan0
          valid_lft 256379sec preferred_lft 256379sec
       inet6 fe80::<redacted>66/64 scope link noprefixroute 
          valid_lft forever preferred_lft forever

You have configured two IP addresses for your single wifi interface.
Is that by intention?

pihole-FTL sqlite3 "/etc/pihole/pihole-FTL.db" "SELECT domain, count(domain), client FROM queries WHERE timestamp > strftime('%s','2024-01-24') AND reply_type=8 GROUP BY domain ORDER BY 2 DESC LIMIT 20;"|76||76||68||60||12||8||8|

no, I wasn't aware of a second IP adress. I didn't even thought it wa possible. Probably the first one that have been givin before setting a static one.

Today I had to reset again my pihole. It's often while I sleep that I loose connectivity. It's totally strange. I will try to find something to fix my second IP adress.

thanks for your support.

I just found out what is the problem that cause to make my devices who use the pihole to lost internet connexion. I lost wifi on the raspberry pi zero and for a reason that i don't understand it won't reconnect to that connection or a second one that i have.

I don't know if it would be a problem with the debian team or raspberry pi OS that could help to solve or if i should make a script to query the wifi connection.

I dont know if it's a common issue but i didn't had that problem before formatting my SD card and starting a brand new installation

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.