Slow DNS Resolution - Weekly Occurence

FredsReich · November 6, 2023, 9:46pm

We're running PiHole 5.17.2 on Ubuntu 22.04.3. Every few days or so, resolution becomes very slow and the only way to resolve the issue is by restarting the DNS resolver. Can someone please help me? I'm pretty lost on Ubuntu.

Debug Token is https://tricorder.pi-hole.net/fbpHjVVr/

chrislph · November 6, 2023, 10:38pm

The log shows your Pi-hole is running okay. Your network is a /22 which is not so common but not a problem. Your two upstream DNS servers are internal and they are resolving okay. When you say you need to restart the DNS resolver, are you referring to Pi-hole or one or both of those DNS servers?

Have a look in /var/log/pihole and you should see the current pihole.log as well as the previous pihole.log.1 and then earlier pihole.log.2.gz, 3, 4, etc. The .gz files are just zipped up older .log files. It's all automated. You can see the dates these files were updated, they go back a few days.

In that directory you can view .log files with

sudo less filename.log

and view .gz files with

sudo zless filename.gz

Based on when the slowdown last happened, can you find a log file from that time and take a look at it? See if anything stands out, any errors.

jfb · November 7, 2023, 3:30am

Also extend your search to the similarly named FTL.log files in the same directory - /var/log/pihole.

FTL logs activity here, and there may be something of interest just before or after the time of a slowdown or crash.

FredsReich · November 8, 2023, 8:15pm

I do see something occurring in that gz file that is close to the date/time of the issue:

Line 7361468: Nov  3 20:01:46 dnsmasq[618]: reply error is SERVFAIL
	Line 7361469: Nov  3 20:01:46 dnsmasq[618]: reply error is SERVFAIL
	Line 7361478: Nov  3 20:01:46 dnsmasq[618]: reply error is SERVFAIL
	Line 7361479: Nov  3 20:01:46 dnsmasq[618]: reply error is SERVFAIL
	Line 7364746: Nov  3 20:02:52 dnsmasq[618]: query[HTTPS] errors.imrworldwide.com from 172.21.1.88
	Line 7364747: Nov  3 20:02:52 dnsmasq[618]: gravity blocked errors.imrworldwide.com is NODATA

Ever seen something similar?

jfb · November 8, 2023, 8:40pm

SERVFAIL is one of the messages Pi-hole can receive when your upstream DNS server is unable to resolve the domain.

In your specific case, it appears you are using two local IPs (Pi-holes, local recursive resolvers, etc.) for upstream DNS.

PIHOLE_DNS_1=192.168.100.18
PIHOLE_DNS_2=192.168.100.19

Your Pi-hole appears to be working normally during this time, since it continues to receive DNS queries, filter them and forward to the upstream resolver(s).

FredsReich · November 13, 2023, 2:58pm

I did manage to find an error this morning before I restarted the resolver:
Maximum number of concurrent DNS queries reached (max: 150)
and
Client 127.0.0.1 has been rate-limited (current config allows up to 1000 queries in 60 seconds)

deHakkelaar · November 13, 2023, 10:44pm

What do the Pi-hole logs say around that time?
And what do below two show?

nc localhost 4711 <<< '>stats >quit'

nc localhost 4711 <<< '>top-domains >quit'

system · December 4, 2023, 10:44pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.