Solution: PiHole and high Mac CPU Usage, failed sleep on mDNSResponder

When I run my Mac through PiHole I see high cpu usage on MDNSResponder.

I'm not an iCloud+ member, so I don't have iCloud private relay. Also, all privacy settings in the mail app are unchecked. My pihole-ftl.conf is default.

Even in this suppressed configuration, Apple is trying to resolve mask.icloud.com, and mDNSResponder is going haywire, saturating 4 cores on my m4 while I click around my messages in mail.app. Allowing the resolution of mask.icloud.com via BLOCK_ICLOUD_PR immediately causes the cpu usage to go down.

Pihole follows apple's official guidance to opt in to returning NXDOMAIN:

However, this causes mDNSResponder to go haywire. The only workaround I know of at the moment is to use the BLOCK_ICLOUD_PR, which allows these domains to resolve on the local network.

I have also observed this behaviour during sleep, since macs use "insomnia" to wake up and check mail. It appears to cause battery burnout during sleep on my M2 mac.

This does not appear to be discussed anywhere in whole on the Internet, just fragmented conversations about those domains resolving or high mDNSResponder cpu usage, but never at the same place at the same time. I am absolutely convinced they are related, as allowing the domains has an immediate change.

This is as of Sequoia 15.2. A bug will be filed with Apple, but PiHole developers should also be aware that massive cpu overusage and energy burn is happening on all Apple devices that use PiHole DNS servers in the default configuration.

You may wish to review this thread as other Apple Users have been discussing issues along this vein, though I don't recall any concerns around CPU usage.

Interesting, and might make some sense based on the length of time needed for mail to download.

There is no way, at least that I am aware of, for viewing CPU usage on iOS/iPadOS devices, so just conjecture on my part.

As @CallMeCurious suggests, check the other thread. The iOS/iPadOS 18.2.1 update has certainly helped.

If you're so inclined, you can use the Timer Profiler in Instruments to do a whole-system profile on iOS. I'm settled in with the workaround, and will file a MacOS bug with Apple once I've discussed it with enough people, and have proven that its implications go beyond just me.

I'm on macOS 15.2 with BLOCK_ICLOUD_PR=true and I don't see any high CPU usage with mDNSResponder.

IMHO, macOS 15 and iOS 18 are simply the worst releases Apple has put out in a long time, and the issue many people experience when using Pi-hole has nothing to do with Pi-hole at all, but rather Apple just releasing subpar software.

Do you use mail.app? iCloud Private Relay on or off? Private tabs?

If you have mail.app open, click around emails with image links in them, and watch Activity Monitor to see if mDNSResponder comes up.

@mlabbe, I’m under the impression one needs Xcode to do what you suggest, so unless you have a device supporting MacOS, you are out of luck. Is that correct?

Correct.

Thank you for the confirmation.

After 2 more days of testing stable sleep on my Mac Mini, I submitted a bug report to Apple. This is definitely a bug on their side.

Pihole users who run Macs and possibly iOS would be well advised to work around the issue.