Strange pi-hole problem after some hours

Mike_Delta_MikeDelta · January 4, 2019, 12:03pm

Please follow the below template, it will help us to help you!

Hello!

First, sorry for my bad english, i´m from germany and i need your help please...

Expected Behaviour:

Normal function

Actual Behaviour:

After some hours of normal work the dns service works VERY VERY slow... a "nslookup" takes 5-7 minutes to react, all http or hhtps requests needs minutes to open a website! I test pi-hole on a rock64 with Debian and as an VirtualBox VM with Debian and Ubuntu and the result is allways the same!
I have a FRITZBox 7590 as Router and DHCP Server (IPv6 is disabled), the pi-hole acts as DNS with the configuration shown in the pictures! When the problem occurs the virtual machine has no cpu or ram load and on the shell i can´t see any problem, the pi-hole Admin Console has normal speed, i can´t see any problem in the query live log, restart of the dns resolver doesn´t help - the only solution at this time is to reboot the complete machine, than it works normal for some hours and then the problem occurs again... i have no idea what is wrong, i´m not a linux professional!

Debug Token:

3t250cwmfi

pi-hole00

DL6ER · January 4, 2019, 9:05pm

I see you configured your router as your upstream DNS server.

Please run

nslookup google.de

(or whatever domain you prefer) directly on your Pi-hole and have a look if you see the same timeout there, when you experience the huge delay on your other devices.

Mike_Delta_MikeDelta · January 5, 2019, 9:16am

Hi!
Meanwhile i´ve configured a automatic reboot every 6 hours as a workaround - have disabled this job now and do the test later when the problem occurs again, thanks for help! Repeat then with results!

Mike_Delta_MikeDelta · January 6, 2019, 9:36am

@DL6ER
It takes a while but now the problem occurs again... om the pi-hole server himself the delay is unclearl! i test several domains, some (i think cached) answers come fast, others takes seconds or minutes and i have some answers with "truncated, retrying in tcp mode" --> seee the screenshot, the second shows the machine status... i have to repeat the questioin several times to get an answer...
in the query log i can see many NODATA or N/A entries, the webgui needs also minutes to load... i cannot generate debug logs, it takes too long...so i have to reboot the server now...

DL6ER · January 6, 2019, 9:39am

Please also run

nslookup google.de 192.168.2.1

and

nslookup google.de 1.1.1.1

Mike_Delta_MikeDelta · January 6, 2019, 9:44am

@DL6ER
Both answers come fast, i do another test with cnn.com - the first with the fritzbox as dns --> answer come fast, the second with the pi-hole as dns --> timeout --> see the picture...

pi-hole06

DL6ER · January 6, 2019, 9:45am

Hmm, okay, what is in your /var/log/pihole.log when you do the requests to the Pi-hole?

Mike_Delta_MikeDelta · January 6, 2019, 9:48am

will upload this file...

Mike_Delta_MikeDelta · January 6, 2019, 9:49am

Moderator edit: Removed attachment with sensitive information

DL6ER · January 6, 2019, 9:51am

I see you're using DNSSEC. Does the problem persist when you disable this feature in Pi-hole?

Mike_Delta_MikeDelta · January 6, 2019, 9:51am

After 10 minutes i have also the debug logs..

46j1zagrjy

DL6ER · January 6, 2019, 9:53am

Also try disabling conditional forwarding as it is not needed when your router is configured as your only upstream destionation.

Mike_Delta_MikeDelta · January 6, 2019, 9:54am

Disabled both and restart the DNS resolver --> no luck...

DL6ER · January 6, 2019, 9:58am

I'm still looking through your pihole.log and found a few places like:

Jan  6 10:05:57 dnsmasq[950]: query[A] cnn.com from 192.168.2.120
Jan  6 10:05:57 dnsmasq[950]: forwarded cnn.com to 192.168.2.1
Jan  6 10:05:57 dnsmasq[950]: dnssec-query[DS] com to 192.168.2.1
Jan  6 10:05:57 dnsmasq[950]: dnssec-query[DNSKEY] . to 192.168.2.1
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.65.67
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.193.67
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.129.67
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.1.67

here, everything worked. and the reply for cnn.com came within the same second.

Later on,

Jan  6 10:06:44 dnsmasq[15981]: query[A] cnn.com from 192.168.2.120
Jan  6 10:06:44 dnsmasq[15981]: forwarded cnn.com to 192.168.2.1
[...]
Jan  6 10:07:44 dnsmasq[15981]: reply cnn.com is no DS
Jan  6 10:07:44 dnsmasq[15981]: validation result is INSECURE

There is no reply from your router within one minute.

Please try once to configure another DNS server (e.g. Quad9), just not your router, as forward destination just to ensure that it is really a Pi-hole issue and not a Pi-hole<->router issue.

Mike_Delta_MikeDelta · January 6, 2019, 10:04am

try it and restart the dns resolver... same result... see pictures... by the way... many many thanks for your support!

DL6ER · January 6, 2019, 10:05am

What is the output of

grep fox\.com /var/log/pihole.log

?

Mike_Delta_MikeDelta · January 6, 2019, 10:07am

pi-hole@pi-hole-dns:~$ grep fox.com /var/log/pihole.log
Jan 6 01:18:13 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 01:18:13 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 01:18:13 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 01:18:13 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 01:18:13 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 01:18:14 dnsmasq[950]: query[A] oauth.accounts.firefox.com from 192.168.2.46
Jan 6 01:18:14 dnsmasq[950]: forwarded oauth.accounts.firefox.com to 192.168.2.1
Jan 6 01:18:14 dnsmasq[950]: reply oauth.accounts.firefox.com is 54.201.182.130
Jan 6 01:18:14 dnsmasq[950]: reply oauth.accounts.firefox.com is 35.162.153.143
Jan 6 01:18:14 dnsmasq[950]: reply oauth.accounts.firefox.com is 34.214.167.67
Jan 6 01:18:15 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.46
Jan 6 01:18:15 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 01:18:15 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 01:18:15 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 01:18:15 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 01:27:24 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 01:27:24 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 01:27:24 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 01:27:24 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 01:27:24 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 01:27:25 dnsmasq[950]: query[A] oauth.accounts.firefox.com from 192.168.2.46
Jan 6 01:27:25 dnsmasq[950]: forwarded oauth.accounts.firefox.com to 192.168.2.1
Jan 6 01:27:25 dnsmasq[950]: reply oauth.accounts.firefox.com is 34.214.167.67
Jan 6 01:27:25 dnsmasq[950]: reply oauth.accounts.firefox.com is 54.201.182.130
Jan 6 01:27:25 dnsmasq[950]: reply oauth.accounts.firefox.com is 35.162.153.143
Jan 6 01:27:26 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.46
Jan 6 01:27:26 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 01:27:26 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 01:27:26 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 01:27:26 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 09:58:32 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 09:58:32 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 09:58:32 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 09:58:32 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 09:58:32 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 09:58:32 dnsmasq[15733]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 09:58:32 dnsmasq[15733]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 09:59:02 dnsmasq[15733]: dnssec-query[DS] firefox.com to 192.168.2.1
Jan 6 09:59:32 dnsmasq[15733]: reply firefox.com is no DS
Jan 6 09:59:32 dnsmasq[15733]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 09:59:32 dnsmasq[15733]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 09:59:32 dnsmasq[15733]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 10:12:21 dnsmasq[950]: query[A] detectportal.firefox.com from 192.168.2.42
Jan 6 10:12:21 dnsmasq[950]: forwarded detectportal.firefox.com to 192.168.2.1
Jan 6 10:12:21 dnsmasq[950]: reply detectportal.firefox.com is
Jan 6 10:12:21 dnsmasq[950]: reply detectportal.firefox.com-v2.edgesuite.net is
Jan 6 10:12:22 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:12:22 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:12:22 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 10:12:22 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 10:12:22 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 10:12:32 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:12:32 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 10:12:32 dnsmasq[950]: query[AAAA] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:12:32 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is NODATA-IPv6
Jan 6 10:22:31 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:31 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:31 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 10:22:31 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 10:22:31 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 10:22:41 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:41 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 10:22:41 dnsmasq[950]: query[AAAA] api.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:41 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is NODATA-IPv6
Jan 6 10:22:53 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:53 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:53 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 10:22:53 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 10:22:53 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 10:58:15 dnsmasq[950]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:15 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:15 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 10:58:17 dnsmasq[31241]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:17 dnsmasq[31241]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:25 dnsmasq[31245]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:25 dnsmasq[31245]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:39 dnsmasq[31251]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:39 dnsmasq[31251]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:47 dnsmasq[31241]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 10:58:55 dnsmasq[31245]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 10:59:09 dnsmasq[31251]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 10:59:17 dnsmasq[31241]: reply fox.com is no DS
Jan 6 10:59:17 dnsmasq[31241]: reply fox.com is 92.123.41.59
Jan 6 10:59:25 dnsmasq[31245]: reply fox.com is no DS
Jan 6 10:59:25 dnsmasq[31245]: reply fox.com is 92.123.41.59
Jan 6 10:59:39 dnsmasq[31251]: reply fox.com is no DS
Jan 6 10:59:39 dnsmasq[31251]: reply fox.com is 92.123.41.59
Jan 6 11:00:19 dnsmasq[950]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:19 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:19 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 11:00:22 dnsmasq[31435]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:22 dnsmasq[31435]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:34 dnsmasq[31441]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:34 dnsmasq[31441]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:39 dnsmasq[31444]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:39 dnsmasq[31444]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:52 dnsmasq[31435]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: query[A] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN
Jan 6 11:01:02 dnsmasq[950]: query[AAAA] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN
Jan 6 11:01:02 dnsmasq[950]: query[A] fox.com from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 11:01:04 dnsmasq[31441]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:09 dnsmasq[31444]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:22 dnsmasq[31435]: reply fox.com is no DS
Jan 6 11:01:22 dnsmasq[31435]: reply fox.com is 92.123.41.59
Jan 6 11:01:34 dnsmasq[31441]: reply fox.com is no DS
Jan 6 11:01:34 dnsmasq[31441]: reply fox.com is 92.123.41.59
Jan 6 11:01:35 dnsmasq[950]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:35 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:35 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is no DS
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is 92.123.41.59
Jan 6 11:01:39 dnsmasq[31604]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:39 dnsmasq[31604]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:51 dnsmasq[31615]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:51 dnsmasq[31615]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:56 dnsmasq[31618]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:56 dnsmasq[31618]: forwarded fox.com to 192.168.2.1
Jan 6 11:02:09 dnsmasq[31604]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:12 dnsmasq[31628]: query[A] fox.com from 192.168.2.42
Jan 6 11:02:12 dnsmasq[31628]: forwarded fox.com to 192.168.2.1
Jan 6 11:02:21 dnsmasq[31615]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:26 dnsmasq[31618]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:39 dnsmasq[31604]: reply fox.com is no DS
Jan 6 11:02:39 dnsmasq[31604]: reply fox.com is 92.123.41.59
Jan 6 11:02:42 dnsmasq[31628]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:51 dnsmasq[31615]: reply fox.com is no DS
Jan 6 11:02:51 dnsmasq[31615]: reply fox.com is 92.123.41.59
Jan 6 11:02:56 dnsmasq[31618]: reply fox.com is no DS
Jan 6 11:02:56 dnsmasq[31618]: reply fox.com is 92.123.41.59
Jan 6 11:03:12 dnsmasq[31628]: reply fox.com is no DS
Jan 6 11:03:12 dnsmasq[31628]: reply fox.com is 92.123.41.59
Jan 6 11:03:12 dnsmasq[950]: query[AAAA] fox.com from 192.168.2.42
Jan 6 11:03:12 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:03:12 dnsmasq[950]: reply fox.com is NODATA-IPv6
Jan 6 11:03:30 dnsmasq[31674]: query[AAAA] fox.com from 192.168.2.42
Jan 6 11:03:30 dnsmasq[31674]: forwarded fox.com to 192.168.2.1
Jan 6 11:04:00 dnsmasq[31674]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:04:30 dnsmasq[31674]: reply fox.com is no DS
Jan 6 11:04:30 dnsmasq[31674]: reply fox.com is NODATA-IPv6

Mike_Delta_MikeDelta · January 6, 2019, 10:13am

try to use antoher domain like netflix.com (at the moment we cannot stream from netflix on our tv because of the pi-hole problem)... from the pi-hole or any client in my network... when i ask pi-hole dns --> timeout, no servers could be reached on the pi-hole himself or 2-3 minutes for an answer on a client and when i try to ask my router the answer comes in ms!
And again i can see many NODATA or N/A entries in the query log...

Mike_Delta_MikeDelta · January 6, 2019, 10:28am

@DL6ER
After reboot all is working now again, dns queries to the pi-hole answered fast - i think it takes between 5-10 hours and the problem occours again... hope it will be a solution for this...

DL6ER · January 6, 2019, 10:38am

Your computer asks for additional domains that don't exist (pay attention to the fritx.box part):

Jan 6 11:01:02 dnsmasq[950]: query[A] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN
Jan 6 11:01:02 dnsmasq[950]: query[AAAA] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN

It is correct for these queries to come back as NXDOMAIN.

Jan 6 11:00:39 dnsmasq[31444]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:39 dnsmasq[31444]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:09 dnsmasq[31444]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is no DS
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is 92.123.41.59

Here, DNSSEC is still being used! Please ensure once again that you disabled it. The log snippet you posted contains only lines where DNSSEC was enabled.