Resolving Host taking a long time unexpectedly

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

Quick host resolution

Actual Behaviour:

Websites can take close to or even multiple mintues to load, stuck on "Resolving Host" for the time it's working. This behavior popped up overnight after working fine for the past few months. This has happened before in the past. I'm not sure exactly what I did to resolve it.

Debug Token:

n2zkzo7giv

This has happened previously (once every 2-3 months) and I've tried many different things to fix it so I'm not sure exactly what does the trick. I've tried, restarting the DNS resolver, restarting the system, repairing pihole, rebooting my pi.

Running pihole on a Pi Zero W (connected via wireless but that has given no problems up to now). Pi-hole Version v4.3.2 Web Interface Version v4.3.2 FTL Version v4.3.1

2

There might be several causes for seemingly arbitrary delays.

I'd like to highlight just two:

  1. If the delays you perceive occur erratically, your upstream DNS servers may experience short periods of overload and/or high latency .
    This would be more likely if you’d see a substantial increase in reply times (up from tens to hundreds of ms) for all your clients in your Query Log.

Try pinging your upstream DNS servers when you experience a delay to verify this, preferably simultaneously from both a client that exhibits the delay as well as from another client.

Defining additional upstream DNS servers may help mitigate this problem - Pi-hole will always choose the most responsive DNS server automatically, at any time.

  1. As your Pi-hole is connected to your network via WiFi exclusively, external noise may disturb the connection to your Pi-hole, e.g. a weather radar operating in your vicinity may force your router (and connected devices with it) to switch to another WiFi channel, or you (or maybe your next-door neighbour) may have recently added some smart equipment (e.g. ZigBee lamps or smart room temp thermostats) that is close to your router or Pi-hole and happens to communicate on the same WiFi channel.

For confirmation, try pinging your Pi-hole when you experience a delay. If it doesn't reply with 0% package loss, your WiFi connection is indeed temporarily disturbed.

If applicable, you could try to keep smart r/c devices at a good distance to Pi-hole and/or your router.
Connecting your Pi-hole via Ethernet would alleviate this for sure. This would also be the preferred way of connecting Pi-hole to your network, as it not only provides superior stability but also brings down local latency by roughly an order of magnitude.
If you do go for an USB Ethernet adaptor for your Zero, they start at about 10€ - just be sure not to grab one of the cheap 9700 variety that boasts a USB2 interface but supports only 10Mbit.

1 Like
3

I'm using google as my upstream DNS server. I've pinged that on both a device that works and a device that is slow, and received nearly identical responses. I also have OpenDNS as an additional server, so I don't feel like congestion should be an issue.

On the WiFi issue, we have not done anything in my network that may interfere, but I can't rule out external interference. I pinged my Pi and received an 8ms (average 23ms) response time and 0% packet loss. I repeated this multiple times to confirm, and never saw any packet loss. At the same time, attempting to open facebook took 24.7 seconds to load the base page and over 1 minute to fully load the page. So even if there was WiFi interference it does not seem to be the direct cause.

I'll also note that up until this morning the PiHole was working absolutely flawlessly without any delays in loading up webpages.

4

Your tests rule out both of the possible causes I suggested.

Do the delays for facebook register in your current Query Log?

5

When this happens, have you checked the available memory on the Pi? You are running a number of additional blocklists that total 1.57M domains, which use more memory than fewer blocklists.

6

@jfb Looking at the web interface I'm seeing a load of "Memory usage: 39.6 %"

@Bucking_Horn There's no direct indication of delay in the query log. Here's a section of pihole.log when I attempt to access facebook. Note the times range from 11:00:52 to 11:01:48

Jan  6 11:00:52 dnsmasq[4177]: query[A] www.facebook.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:00:52 dnsmasq[4177]: forwarded www.facebook.com to 208.67.222.222
Jan  6 11:00:52 dnsmasq[4177]: reply www.facebook.com is <CNAME>
Jan  6 11:00:52 dnsmasq[4177]: reply star-mini.c10r.facebook.com is 157.240.18.35
Jan  6 11:01:02 dnsmasq[4177]: query[AAAA] pcdkpdbclgglc.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:02 dnsmasq[4177]: query[A] pcdkpdbclgglc.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:02 dnsmasq[4177]: query[A] yvrbmkrheqayjzy.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:02 dnsmasq[4177]: query[AAAA] yvrbmkrheqayjzy.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:02 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:02 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:04 dnsmasq[4177]: query[AAAA] pcdkpdbclgglc.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:04 dnsmasq[4177]: query[A] pcdkpdbclgglc.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:04 dnsmasq[4177]: forwarded pcdkpdbclgglc.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:04 dnsmasq[4177]: query[A] yvrbmkrheqayjzy.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:04 dnsmasq[4177]: query[AAAA] yvrbmkrheqayjzy.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:04 dnsmasq[4177]: forwarded yvrbmkrheqayjzy.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:10 dnsmasq[4177]: query[AAAA] ljfeanjwyuzeipr.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:10 dnsmasq[4177]: query[A] ljfeanjwyuzeipr.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:10 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:12 dnsmasq[4177]: query[AAAA] ljfeanjwyuzeipr.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:12 dnsmasq[4177]: query[A] ljfeanjwyuzeipr.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.8.8
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccd::2
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2620:0:ccc::2
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.220.220
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 208.67.222.222
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 11:01:12 dnsmasq[4177]: forwarded ljfeanjwyuzeipr.nyroc.rr.com to 8.8.4.4
Jan  6 11:01:32 dnsmasq[4177]: query[AAAA] 0-edge-chat.facebook.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:32 dnsmasq[4177]: forwarded 0-edge-chat.facebook.com to 208.67.220.220
Jan  6 11:01:32 dnsmasq[4177]: query[A] 0-edge-chat.facebook.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:32 dnsmasq[4177]: forwarded 0-edge-chat.facebook.com to 208.67.220.220
Jan  6 11:01:32 dnsmasq[4177]: reply 0-edge-chat.facebook.com is <CNAME>
Jan  6 11:01:32 dnsmasq[4177]: reply star.c10r.facebook.com is 2a03:2880:f027:20e:face:b00c:0:2
Jan  6 11:01:32 dnsmasq[4177]: reply 0-edge-chat.facebook.com is <CNAME>
Jan  6 11:01:32 dnsmasq[4177]: reply star.c10r.facebook.com is 157.240.18.15
Jan  6 11:01:48 dnsmasq[4177]: query[AAAA] edge-chat.facebook.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:48 dnsmasq[4177]: forwarded edge-chat.facebook.com to 208.67.220.220
Jan  6 11:01:48 dnsmasq[4177]: query[A] edge-chat.facebook.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 11:01:48 dnsmasq[4177]: forwarded edge-chat.facebook.com to 208.67.220.220
Jan  6 11:01:48 dnsmasq[4177]: reply edge-chat.facebook.com is <CNAME>
Jan  6 11:01:48 dnsmasq[4177]: reply star.c10r.facebook.com is 2a03:2880:f027:20e:face:b00c:0:2
Jan  6 11:01:48 dnsmasq[4177]: reply edge-chat.facebook.com is <CNAME>
Jan  6 11:01:48 dnsmasq[4177]: reply star.c10r.facebook.com is 157.240.18.15
7

Timestamp resolution in pihole.log is too coarse to allow gauging DNS response times.
Pi-hole's current Query Log provides response times under its Reply column.

If you don't see a flood of values well in and above the hundreds of ms there while you experienced a slow loading page, we can rule out slow host name resolution itself as a cause for your delays.

But the portion of the log you provided shows that you are not only using Google as DNS, but also others like 2620:0:ccc::2 or OpenDNS (208.67.220.220) . At least that last one is providing it's own filtering when resolving hosts, which may or may not happen to disagree with facebook.

Try getting rid of additional DNS servers and see if you receive the same slow loading results.

8

Looks like the name resolutions are in the 30-40ms range, so that seems to be ruled out:

2020-01-06 11:23:23	AAAA	scontent-ort2-2.xx.fbcdn.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (7.1ms)	 Blacklist
2020-01-06 11:23:05	A	scontent-ort2-2.xx.fbcdn.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (9.1ms)	 Blacklist
2020-01-06 11:23:05	AAAA	scontent-ort2-2.xx.fbcdn.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (10.3ms)	 Blacklist
2020-01-06 11:23:05	A	video-ort2-2.xx.fbcdn.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (6.4ms)	 Blacklist
2020-01-06 11:23:05	AAAA	video-ort2-2.xx.fbcdn.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (7.7ms)	 Blacklist
2020-01-06 11:22:47	A	qagodsoi.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:47	AAAA	qagodsoi.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:46	AAAA	facebook.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (7.1ms)	 Blacklist
2020-01-06 11:22:45	AAAA	oauthaccountmanager.googleapis.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (10.4ms)	 Blacklist
2020-01-06 11:22:45	A	qagodsoi.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:45	AAAA	qagodsoi.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:45	AAAA	wpypbfpqmkmpg.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:45	A	wpypbfpqmkmpg.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:43	AAAA	wpypbfpqmkmpg.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:43	A	wpypbfpqmkmpg.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:33	AAAA	lp-push-server-817.lastpass.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:32	AAAA	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:32	A	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:31	AAAA	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:31	A	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:31	AAAA	stats.g.doubleclick.net	2604:6000:150e:cbab:4952:d88d:2955:7788	Blocked (gravity)	- (0.7ms)	 Whitelist
2020-01-06 11:22:31	A	stats.g.doubleclick.net	2604:6000:150e:cbab:4952:d88d:2955:7788	Blocked (gravity)	- (0.7ms)	 Whitelist
2020-01-06 11:22:31	A	www.facebook.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME	 Blacklist
2020-01-06 11:22:26	A	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:26	AAAA	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:26	AAAA	www.gstatic.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (36.2ms)	 Blacklist
2020-01-06 11:22:26	A	www.gstatic.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (37.1ms)	 Blacklist
2020-01-06 11:22:26	A	lh3.googleusercontent.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (45.9ms)	 Blacklist
2020-01-06 11:22:26	AAAA	lh3.googleusercontent.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME	 Blacklist
2020-01-06 11:22:25	A	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:25	AAAA	vetaevyxbhkt.nyroc.rr.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 11:22:25	AAAA	ssl.gstatic.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (35.1ms)	 Blacklist
2020-01-06 11:22:25	A	ssl.gstatic.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (11.0ms)	 Blacklist
2020-01-06 11:22:25	A	stats.g.doubleclick.net	2604:6000:150e:cbab:4952:d88d:2955:7788	Blocked (gravity)	- (0.7ms)	 Whitelist
2020-01-06 11:22:25	AAAA	stats.g.doubleclick.net	2604:6000:150e:cbab:4952:d88d:2955:7788	Blocked (gravity)	- (0.8ms)	 Whitelist
2020-01-06 11:22:25	AAAA	www.facebook.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (39.7ms)	 Blacklist
2020-01-06 11:22:25	A	www.facebook.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (40.4ms)	 Blacklist
9

If that reading was taken during a slow page load, then host resolution times are indeed totally inconspicuous.

The delayed page might waste its time by trying to access blocked resources repeatedly. If Pi-hole is not doing the blocking, your upstream filtering DNS servers may (as mentioned above, but I was expanding that post the very moment you answered), so you probably didn't see it yet).

Your memory usage could also contribute (mine is at 14% on a Zero with little more than default lists), though we should wait for @jfb's verdict on this.

10

I set the DNS servers to only use Googles two IPv4 and IPv6 servers, and I still saw this issue (even when I cut it down to just one of each or even just the IPv4 servers). I could try to cut down on my blocklists to minimize the list and see how that works, but I feel that since it's been running without problems for the past few months that I won't see an improvement there.

I had OpenDNS running, but I didn't think I had OpenDNS IPv6 selected. I'll try restarting the system only using google as my DNS.

UPDATE: No luck when selecting only google and then restarting.

11

I had a closer look at the host names your network is trying to resolve, as provided by your pihole-log excerpt.

Specifically these three are conspicious, as they get requested repeatedly, sport exceptionally high response times and are unkown to public DNS servers (as NXDOMAIN shows when I tried to access those sites on my PC):

Time Type Domain Client Status Reply Action
2020-01-06 18:07:33 A pcdkpdbclgglc.nyroc.rr.com pc.lan OK (forwarded) NXDOMAIN (175.0ms) Blacklist
2020-01-06 18:07:02 A yvrbmkrheqayjzy.nyroc.rr.com pc.lan OK (forwarded) NXDOMAIN (181.7ms) Blacklist
2020-01-06 18:05:49 A ljfeanjwyuzeipr.nyroc.rr.com pc.lan OK (forwarded) NXDOMAIN (336.9ms) Blacklist

Can you confirm this behaviour at your site as well?

As there is no such domain, any repetition would be futile.

Any ideas what device is causing this, and why?

Edit:
Your network seems being spammed with those queries to unresolvable domains, as your Query Log excerpts also shows another few of these *.nyroc.rr.com sites.

12

The device is the same primary computer, but the domains I'm not entirely sure, I see the nyroc.rr.com domain occasionally (sometimes as wpad.nyroc.rr.com). Those unknown domains seem like they might be specific to chrome or a chrome addon I have, since I did not have the same domains when I tried to access using firefox. When I run without chrome addons I'm still seeing those domains, so it may be chrome itself. Either way, both chrome without addons and firefox are very slow in resolving domains still.

Firefox Facebook Log:

Time	Type	Domain	Client	Status	Reply	Action
2020-01-06 12:27:24	A	www.mozilla.org	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (16.9ms)	 Blacklist
2020-01-06 12:27:15	AAAA	www.gstatic.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (21.3ms)	 Blacklist
2020-01-06 12:27:14	A	classify-client.services.mozilla.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (12.0ms)	 Blacklist
2020-01-06 12:27:14	AAAA	classify-client.services.mozilla.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (13.1ms)	 Blacklist
2020-01-06 12:27:14	A	push.services.mozilla.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (7.0ms)	 Blacklist
2020-01-06 12:27:04	A	r3---sn-vgqsknez.gvt1.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (14.0ms)	 Blacklist
2020-01-06 12:26:44	AAAA	detectportal.firefox.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (7.1ms)	 Blacklist
2020-01-06 12:26:44	AAAA	spocs.getpocket.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (cached)	CNAME (0.8ms)	 Blacklist
2020-01-06 12:26:24	A	scontent-ort2-2.xx.fbcdn.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (15.1ms)	 Blacklist
2020-01-06 12:26:24	AAAA	scontent-ort2-2.xx.fbcdn.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (16.5ms)	 Blacklist
2020-01-06 12:26:24	A	facebook.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (17.7ms)	 Blacklist
2020-01-06 12:26:24	AAAA	getpocket.cdn.mozilla.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (8.3ms)	 Blacklist
2020-01-06 12:26:04	AAAA	safebrowsing.googleapis.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (8.8ms)	 Blacklist
2020-01-06 12:25:54	AAAA	download.cdn.mozilla.net	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (40.9ms)	 Blacklist
2020-01-06 12:25:54	AAAA	download.mozilla.org	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (7.9ms)	 Blacklist
2020-01-06 12:25:54	A	download.mozilla.org	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (55.9ms)	 Blacklist
2020-01-06 12:25:54	AAAA	mozilla.org	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	N/A	 Blacklist
2020-01-06 12:25:24	A	ocsp.sca1b.amazontrust.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (8.3ms)	 Blacklist
2020-01-06 12:25:14	AAAA	oauth.accounts.firefox.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	NODATA (53.4ms)	 Blacklist
2020-01-06 12:25:08	A	remotedesktop-pa.googleapis.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (16.4ms)	 Blacklist
2020-01-06 12:25:08	AAAA	remotedesktop-pa.googleapis.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	IP (17.5ms)	 Blacklist
2020-01-06 12:25:04	AAAA	www.facebook.com	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME	 Blacklist
2020-01-06 12:24:24	AAAA	www.mozilla.org	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME	 Blacklist
2020-01-06 12:24:24	A	www.mozilla.org	2604:6000:150e:cbab:4952:d88d:2955:7788	OK (forwarded)	CNAME (10.6ms)	 Blacklist
13

Let's look at a bit more detail - please post the output of this command from the Pi terminal - it will be a bit lengthy.

tail -n100 /var/log/pihole.log

14

See below:

pi@PiHole:~ $ tail -n100 /var/log/pihole.log
Jan  6 13:00:45 dnsmasq[750]: query[A] gbpiiyqlwhvou.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:45 dnsmasq[750]: query[AAAA] gbpiiyqlwhvou.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:45 dnsmasq[750]: forwarded gbpiiyqlwhvou.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:46 dnsmasq[750]: query[AAAA] pnishiljheoflkj.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:46 dnsmasq[750]: query[A] pnishiljheoflkj.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:46 dnsmasq[750]: forwarded pnishiljheoflkj.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:51 dnsmasq[750]: query[AAAA] static.xx.fbcdn.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:51 dnsmasq[750]: forwarded static.xx.fbcdn.net to 8.8.8.8
Jan  6 13:00:51 dnsmasq[750]: reply static.xx.fbcdn.net is <CNAME>
Jan  6 13:00:51 dnsmasq[750]: reply scontent.xx.fbcdn.net is 2a03:2880:f027:212:face:b00c:0:3
Jan  6 13:00:54 dnsmasq[750]: query[A] wpad.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:54 dnsmasq[750]: query[AAAA] wpad.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:54 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:56 dnsmasq[750]: query[A] wpad.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.8.8
Jan  6 13:00:56 dnsmasq[750]: query[AAAA] wpad.nyroc.rr.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8844
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 2001:4860:4860::8888
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.4.4
Jan  6 13:00:56 dnsmasq[750]: forwarded wpad.nyroc.rr.com to 8.8.8.8
Jan  6 13:01:12 dnsmasq[750]: query[AAAA] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:12 dnsmasq[750]: query[A] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:12 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:13 dnsmasq[750]: query[AAAA] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:13 dnsmasq[750]: query[A] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:13 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:14 dnsmasq[750]: query[AAAA] fonts.gstatic.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:14 dnsmasq[750]: forwarded fonts.gstatic.com to 8.8.8.8
Jan  6 13:01:14 dnsmasq[750]: reply fonts.gstatic.com is <CNAME>
Jan  6 13:01:14 dnsmasq[750]: reply gstaticadssl.l.google.com is 2607:f8b0:4009:812::2003
Jan  6 13:01:15 dnsmasq[750]: query[AAAA] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:15 dnsmasq[750]: query[A] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:15 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:19 dnsmasq[750]: query[AAAA] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:19 dnsmasq[750]: query[A] msftspeechmodelsprod.azureedge.net from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8844
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 2001:4860:4860::8888
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.4.4
Jan  6 13:01:19 dnsmasq[750]: forwarded msftspeechmodelsprod.azureedge.net to 8.8.8.8
Jan  6 13:01:24 dnsmasq[750]: query[AAAA] clients4.google.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:24 dnsmasq[750]: forwarded clients4.google.com to 8.8.8.8
Jan  6 13:01:24 dnsmasq[750]: query[A] clients4.google.com from 2604:6000:150e:cbab:4952:d88d:2955:7788
Jan  6 13:01:24 dnsmasq[750]: forwarded clients4.google.com to 8.8.8.8
Jan  6 13:01:24 dnsmasq[750]: reply clients4.google.com is <CNAME>
Jan  6 13:01:24 dnsmasq[750]: reply clients.l.google.com is 2607:f8b0:4009:80c::200e
Jan  6 13:01:24 dnsmasq[750]: reply clients4.google.com is <CNAME>
Jan  6 13:01:24 dnsmasq[750]: reply clients.l.google.com is 172.217.8.206
15

Hmm.. Chromium would indeed issue requests to random sites on startup in order to optimize its search heuristics, but would normally expand these with the local domain name, e.g. yvrbmkrheqayjzy.lan or yvrbmkrheqayjzy.fritz.box.
In contrast, the domain rr.com seems to belong or have belonged to TimeWarner/Roadrunner.

And Chromium would normally only contact 3 such sites once on each startup, not continously :thinking:

Anyway, not sure whether this is related to your delays or not - let's see what @jfb has to say on your logs.

16

For what it's worth, I have Spectrum/Time Warner as my internet provider. Maybe chromium identified rr.com as the site to check based on my ISP?

17

Good thought :wink:
If you didn't configure one, your router may have come preconfigured with nyroc.rr.com as local domain, if provided by your ISP, or your ISP may have remotely configured such a local domain (could nyroc stand for Rochester, NY?).

That would at least explain these requests, if not the long resolution times (Chromium probes resolve in about 5 ms on my network) and the perceived frequency of occurence in your logs. The latter may be purely coincidental, but so far, all your log excerpts do show these requests.

Do you see these requests even when your Chrome browser is not running?
Can you confirm observing these triple requests multiple times when running Chrome, even some time after starting up Chrome?
Could there be something causing Chromium to restart repeatedly on your machine?
Chromium (Chrome's open source core engine) may be used as render enginge by non-browser programs as well, e.g. some mail clients will use Chromium to render HTML mails.

If the answer to the above is always No, we can put aside these requests as reason for your delays.

18

That is a reasonable number and should not cause problems. Plenty of memory overhead.

19

My router is my own, not ISP provided. I do have it configured to request DNS server from the ISP (current netgear software has a bug when attempting to set the DNS server internally, and I've had issues with just using google as my DNS provider). These settings handle the devices on my network that are not configured to use PiHole.

I do believe I see wpad.nyroc.rr.com when chrome itself is not open, but I don't attempt to fully shut it down, so there may be some background programs. Even so, I've been using chrome for years now, so if pihole is suddenly not working I don't believe that would be the cause.

I would have to watch the logs over a day or so to confirm all of your questions, because I do not know when I have my browser open and shut. My best guess to these questions based on what I'm pretty sure I remember (I would not say these answers are 100% accurate):

Do you see these requests even when your Chrome browser is not running?

  • For wpad.nyroc.rr.com, yes. For the random string of characters, no.

Can you confirm observing these triple requests multiple times when running Chrome, even some time after starting up Chrome?

  • Yes, they occur after starting chrome

Could there be something causing Chromium to restart repeatedly on your machine?

  • Not that I know of. I do not believe anything is shutting it down.

Chromium (Chrome’s open source core engine) may be used as render enginge by non-browser programs as well, e.g. some mail clients will use Chromium to render HTML mails.

  • Only mail clients are Outlook (rarely) and web-based gmail (most frequent)
20

We could also scan your log file for these occurences.

The following statement, executed on your Pi-hole machine, would find all queries to *.nyroc.rr.com in pihole.log:

grep "query\[A.*.nyroc.rr.com" /var/log/pihole.log

Mine contains only 3 entries (when issued with my domain suffix, of course), as I have started a Chromium browser just once today, and only on one machine.

Hmm. So you are using a Netgear router. As far as I am aware, Netgear normally would use .net as its local domain suffix.
Let's check what that your network is using as local domain suffix with the following commands:
On your Pi-hole machine:

grep "search" /etc/resolv.conf

On a windows client command prompt:

ipconfig /all | find /i "suffix"