Some network IPs are no longer showing up in system logs, query logs, BUT still resolves?

DanSchaper · December 2, 2025, 5:15pm

10.0.0.0/8 is RFC so anything 10.x.x.x is non-routeable.

Looks like your upstream DNS server(s) are down:

*** [ DIAGNOSING ]: Pi-hole diagnosis messages
   count   last timestamp       type                  message                                                       blob1                 blob2                 blob3                 blob4                 blob5               
   ------  -------------------  --------------------  ------------------------------------------------------------  --------------------  --------------------  --------------------  --------------------  --------------------
   1       2025-12-02 09:19:41  CONNECTION_ERROR      10.100.0.36#53                                                TCP connection faile  Resource temporarily                                                                  
                                                                                                                    d while receiving pa   unavailable                                                                          
                                                                                                                    yload length from up                                                                                        
                                                                                                                    stream                                                                                                      
   
   1       2025-12-02 09:19:08  DNSMASQ_WARN          Maximum number of concurrent DNS queries reached (max: 150)                                                                                                               
   
   1       2025-12-02 09:01:07  NTP                   Cannot resolve NTP server address: Try again                  Error                 client

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve flurry.com on lo (127.0.0.1)
[✗] Failed to resolve flurry.com on ens18 (10.100.1.0)
[✓] doubleclick.com is 142.251.116.139 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✗] Failed to resolve flurry.com on lo (::1)
[✗] Failed to resolve flurry.com on ens18 (fe80::be24:11ff:febe:319e%ens18)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

Something sent a TERM signal to FTL so FTL restarted:

   Dec  2 09:27:19 dnsmasq[463]: exiting on receipt of SIGTERM

And the log ends with the database being reloaded:

   2025-12-02 09:30:46.182 CST [2392878M] INFO:   580000 queries parsed...
   2025-12-02 09:30:53.921 CST [2392878M] INFO:   590000 queries parsed...
   2025-12-02 09:31:03.311 CST [2392878M] INFO:   600000 queries parsed...
   2025-12-02 09:31:11.510 CST [2392878M] INFO:   610000 queries parsed...
   2025-12-02 09:31:20.131 CST [2392878M] INFO:   620000 queries parsed...
   2025-12-02 09:31:28.124 CST [2392878M] INFO:   630000 queries parsed...
   2025-12-02 09:31:35.235 CST [2392878M] INFO:   640000 queries parsed...
   2025-12-02 09:31:41.244 CST [2392878M] INFO:   650000 queries parsed...
   2025-12-02 09:31:46.896 CST [2392878M] INFO:   660000 queries parsed...
   2025-12-02 09:31:54.399 CST [2392878M] INFO:   670000 queries parsed...
   2025-12-02 09:32:00.804 CST [2392878M] INFO:   680000 queries parsed...
   2025-12-02 09:32:08.283 CST [2392878M] INFO:   690000 queries parsed...
   2025-12-02 09:32:16.403 CST [2392878M] INFO:   700000 queries parsed...

Seems like the loss of connection to the upstream DNS is not a one time issue:

   2025-12-02 06:01:05.781 CST [463/T44869] INFO: Received 8/8 valid NTP replies from us.pool.ntp.org
   2025-12-02 06:01:05.781 CST [463/T44869] INFO: Time offset: -2.766043e+00 ms (excluded 0 outliers)
   2025-12-02 06:01:05.781 CST [463/T44869] INFO: Round-trip delay: 3.127557e+01 ms (excluded 0 outliers)
   2025-12-02 06:05:40.395 CST [2357791/F463] WARNING: Connection error (10.100.0.36#53): TCP connection failed while receiving payload length from upstream (Resource temporarily unavailable)
   2025-12-02 06:08:12.715 CST [2358187/F463] WARNING: Connection error (10.100.0.36#53): TCP connection failed while receiving payload length from upstream (Resource temporarily unavailable)
   2025-12-02 06:31:59.147 CST [2361703/F463] WARNING: Connection error (10.100.0.36#53): TCP connection failed while receiving payload length from upstream (Resource temporarily unavailable)
   2025-12-02 07:01:07.114 CST [463/T44869] ERROR: Failed to receive data from NTP server us.pool.ntp.org (170.187.147.56): Timeout
   2025-12-02 07:01:12.234 CST [463/T44869] ERROR: Failed to receive data from NTP server us.pool.ntp.org (170.187.147.56): Timeout
   2025-12-02 07:01:17.866 CST [463/T44869] ERROR: Failed to receive data from NTP server us.pool.ntp.org (170.187.147.56): Timeout
   2025-12-02 07:01:22.986 CST [463/T44869] ERROR: Failed to receive data from NTP server us.pool.ntp.org (170.187.147.56): Timeout
   2025-12-02 07:01:28.106 CST [463/T44869] ERROR: Failed to receive data from NTP server us.pool.ntp.org (170.187.147.56): Timeout
   2025-12-02 07:01:33.226 CST [463/T44869] ERROR: Failed to receive data from NTP server us.pool.ntp.org (170.187.147.56): Timeout
   2025-12-02 07:01:35.340 CST [463M] WARNING: dnsmasq: Maximum number of concurrent DNS queries reached (max: 150)
   2025-12-02 07:01:38.346 CST [463/T44869] ERROR: Failed to receive data from NTP server us.pool.ntp.org (170.187.147.56): Timeout
   2025-12-02 07:01:38.347 CST [463/T44869] INFO: Received 1/8 valid NTP replies from us.pool.ntp.org
   2025-12-02 07:01:38.347 CST [463/T44869] INFO: Time offset: -8.166885e+01 ms (excluded 7 outliers)
   2025-12-02 07:01:38.347 CST [463/T44869] INFO: Round-trip delay: 1.870918e+01 ms (excluded 7 outliers)
   2025-12-02 07:01:59.888 CST [463M] WARNING: dnsmasq: Maximum number of concurrent DNS queries reached (max: 150)
   2025-12-02 07:02:05.325 CST [463M] WARNING: dnsmasq: Maximum number of concurrent DNS queries reached (max: 150)

Those Maximum number of concurrent messages happen when there are a large number of queries unresolved by the upstream DNS.

Project23D · December 5, 2025, 7:58pm

So, that was another issue. Our Network firewall was limiting UDP connections. That was resolved.

Now pi-hole is now randomly returning incorrect results, the direct set in the WebUI upsteam is google and cloudflare.

I still cannot see my DNS queries in the pi-hole logs…. or many others for that matter.
Wireshark confirms that my computer on the office network is indeed talking to the pihole.

For grins, I set the office network DHCP to use only pihole IP address for DNS. None of those IPs are showing up in pi-hole logs. I’m watching the firewall connection states to see if the office computers are resolving by another means. Nope.

Short of fresh installing everything, or abandoning all together; the OS was updated, pihole was removed, purged, and fresh installed. It was moved to another proxmox cluster. No change. I’ve got 50 servers talking to the pihole with only DNS server to make sure I am not crazy, presently, maybe 25% of their IPs queries show up.

one more again before I have to give up and find another office DNS solution, $3k of my time was spent looking for the cause of this mess.
https://tricorder.pi-hole.net/v0Q8M1FT/

Project23D · December 11, 2025, 2:41pm

RESOLVED:

Our UDM-SE (network router) decided to enable content filtering during an update.
Turned off content filter and voila!
Stupid damn “you need this feature” enabling bullshit.
meh.
Thanks for the insight, fellas!

system · January 1, 2026, 2:41pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.