Strange pi-hole problem after some hours

Help
9

Hmm, okay, what is in your /var/log/pihole.log when you do the requests to the Pi-hole?

11

will upload this file...

12

Moderator edit: Removed attachment with sensitive information

13

I see you're using DNSSEC. Does the problem persist when you disable this feature in Pi-hole?

14

After 10 minutes i have also the debug logs..

46j1zagrjy

15

Also try disabling conditional forwarding as it is not needed when your router is configured as your only upstream destionation.

16

Disabled both and restart the DNS resolver --> no luck...

17

I'm still looking through your pihole.log and found a few places like:

Jan  6 10:05:57 dnsmasq[950]: query[A] cnn.com from 192.168.2.120
Jan  6 10:05:57 dnsmasq[950]: forwarded cnn.com to 192.168.2.1
Jan  6 10:05:57 dnsmasq[950]: dnssec-query[DS] com to 192.168.2.1
Jan  6 10:05:57 dnsmasq[950]: dnssec-query[DNSKEY] . to 192.168.2.1
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.65.67
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.193.67
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.129.67
Jan  6 10:05:57 dnsmasq[950]: reply cnn.com is 151.101.1.67

here, everything worked. and the reply for cnn.com came within the same second.

Later on,

Jan  6 10:06:44 dnsmasq[15981]: query[A] cnn.com from 192.168.2.120
Jan  6 10:06:44 dnsmasq[15981]: forwarded cnn.com to 192.168.2.1
[...]
Jan  6 10:07:44 dnsmasq[15981]: reply cnn.com is no DS
Jan  6 10:07:44 dnsmasq[15981]: validation result is INSECURE

There is no reply from your router within one minute.

Please try once to configure another DNS server (e.g. Quad9), just not your router, as forward destination just to ensure that it is really a Pi-hole issue and not a Pi-hole<->router issue.

18

try it and restart the dns resolver... same result... see pictures... by the way... many many thanks for your support!

pi-hole08
pi-hole08711×550 14.6 KB
pi-hole09

19

What is the output of

grep fox\.com /var/log/pihole.log

?

20

pi-hole@pi-hole-dns:~$ grep fox.com /var/log/pihole.log
Jan 6 01:18:13 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 01:18:13 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 01:18:13 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 01:18:13 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 01:18:13 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 01:18:14 dnsmasq[950]: query[A] oauth.accounts.firefox.com from 192.168.2.46
Jan 6 01:18:14 dnsmasq[950]: forwarded oauth.accounts.firefox.com to 192.168.2.1
Jan 6 01:18:14 dnsmasq[950]: reply oauth.accounts.firefox.com is 54.201.182.130
Jan 6 01:18:14 dnsmasq[950]: reply oauth.accounts.firefox.com is 35.162.153.143
Jan 6 01:18:14 dnsmasq[950]: reply oauth.accounts.firefox.com is 34.214.167.67
Jan 6 01:18:15 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.46
Jan 6 01:18:15 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 01:18:15 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 01:18:15 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 01:18:15 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 01:27:24 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 01:27:24 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 01:27:24 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 01:27:24 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 01:27:24 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 01:27:25 dnsmasq[950]: query[A] oauth.accounts.firefox.com from 192.168.2.46
Jan 6 01:27:25 dnsmasq[950]: forwarded oauth.accounts.firefox.com to 192.168.2.1
Jan 6 01:27:25 dnsmasq[950]: reply oauth.accounts.firefox.com is 34.214.167.67
Jan 6 01:27:25 dnsmasq[950]: reply oauth.accounts.firefox.com is 54.201.182.130
Jan 6 01:27:25 dnsmasq[950]: reply oauth.accounts.firefox.com is 35.162.153.143
Jan 6 01:27:26 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.46
Jan 6 01:27:26 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 01:27:26 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 01:27:26 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 01:27:26 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 09:58:32 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 09:58:32 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 09:58:32 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 09:58:32 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 09:58:32 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 09:58:32 dnsmasq[15733]: query[A] api.accounts.firefox.com from 192.168.2.46
Jan 6 09:58:32 dnsmasq[15733]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 09:59:02 dnsmasq[15733]: dnssec-query[DS] firefox.com to 192.168.2.1
Jan 6 09:59:32 dnsmasq[15733]: reply firefox.com is no DS
Jan 6 09:59:32 dnsmasq[15733]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 09:59:32 dnsmasq[15733]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 09:59:32 dnsmasq[15733]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 10:12:21 dnsmasq[950]: query[A] detectportal.firefox.com from 192.168.2.42
Jan 6 10:12:21 dnsmasq[950]: forwarded detectportal.firefox.com to 192.168.2.1
Jan 6 10:12:21 dnsmasq[950]: reply detectportal.firefox.com is
Jan 6 10:12:21 dnsmasq[950]: reply detectportal.firefox.com-v2.edgesuite.net is
Jan 6 10:12:22 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:12:22 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:12:22 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 10:12:22 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 10:12:22 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 10:12:32 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:12:32 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 10:12:32 dnsmasq[950]: query[AAAA] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:12:32 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:12:32 dnsmasq[950]: reply profile.accounts.firefox.com is NODATA-IPv6
Jan 6 10:22:31 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:31 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:31 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 10:22:31 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 10:22:31 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 10:22:41 dnsmasq[950]: query[A] api.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:41 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is 35.160.151.55
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is 52.26.82.186
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is 35.161.80.181
Jan 6 10:22:41 dnsmasq[950]: query[AAAA] api.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:41 dnsmasq[950]: forwarded api.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:41 dnsmasq[950]: reply api.accounts.firefox.com is NODATA-IPv6
Jan 6 10:22:53 dnsmasq[950]: query[A] profile.accounts.firefox.com from 192.168.2.42
Jan 6 10:22:53 dnsmasq[950]: forwarded profile.accounts.firefox.com to 192.168.2.1
Jan 6 10:22:53 dnsmasq[950]: reply profile.accounts.firefox.com is 35.165.2.110
Jan 6 10:22:53 dnsmasq[950]: reply profile.accounts.firefox.com is 52.26.196.116
Jan 6 10:22:53 dnsmasq[950]: reply profile.accounts.firefox.com is 34.218.152.83
Jan 6 10:58:15 dnsmasq[950]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:15 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:15 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 10:58:17 dnsmasq[31241]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:17 dnsmasq[31241]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:25 dnsmasq[31245]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:25 dnsmasq[31245]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:39 dnsmasq[31251]: query[A] fox.com from 127.0.0.1
Jan 6 10:58:39 dnsmasq[31251]: forwarded fox.com to 192.168.2.1
Jan 6 10:58:47 dnsmasq[31241]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 10:58:55 dnsmasq[31245]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 10:59:09 dnsmasq[31251]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 10:59:17 dnsmasq[31241]: reply fox.com is no DS
Jan 6 10:59:17 dnsmasq[31241]: reply fox.com is 92.123.41.59
Jan 6 10:59:25 dnsmasq[31245]: reply fox.com is no DS
Jan 6 10:59:25 dnsmasq[31245]: reply fox.com is 92.123.41.59
Jan 6 10:59:39 dnsmasq[31251]: reply fox.com is no DS
Jan 6 10:59:39 dnsmasq[31251]: reply fox.com is 92.123.41.59
Jan 6 11:00:19 dnsmasq[950]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:19 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:19 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 11:00:22 dnsmasq[31435]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:22 dnsmasq[31435]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:34 dnsmasq[31441]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:34 dnsmasq[31441]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:39 dnsmasq[31444]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:39 dnsmasq[31444]: forwarded fox.com to 192.168.2.1
Jan 6 11:00:52 dnsmasq[31435]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: query[A] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN
Jan 6 11:01:02 dnsmasq[950]: query[AAAA] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN
Jan 6 11:01:02 dnsmasq[950]: query[A] fox.com from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 11:01:04 dnsmasq[31441]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:09 dnsmasq[31444]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:22 dnsmasq[31435]: reply fox.com is no DS
Jan 6 11:01:22 dnsmasq[31435]: reply fox.com is 92.123.41.59
Jan 6 11:01:34 dnsmasq[31441]: reply fox.com is no DS
Jan 6 11:01:34 dnsmasq[31441]: reply fox.com is 92.123.41.59
Jan 6 11:01:35 dnsmasq[950]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:35 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:35 dnsmasq[950]: reply fox.com is 92.123.41.59
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is no DS
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is 92.123.41.59
Jan 6 11:01:39 dnsmasq[31604]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:39 dnsmasq[31604]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:51 dnsmasq[31615]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:51 dnsmasq[31615]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:56 dnsmasq[31618]: query[A] fox.com from 127.0.0.1
Jan 6 11:01:56 dnsmasq[31618]: forwarded fox.com to 192.168.2.1
Jan 6 11:02:09 dnsmasq[31604]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:12 dnsmasq[31628]: query[A] fox.com from 192.168.2.42
Jan 6 11:02:12 dnsmasq[31628]: forwarded fox.com to 192.168.2.1
Jan 6 11:02:21 dnsmasq[31615]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:26 dnsmasq[31618]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:39 dnsmasq[31604]: reply fox.com is no DS
Jan 6 11:02:39 dnsmasq[31604]: reply fox.com is 92.123.41.59
Jan 6 11:02:42 dnsmasq[31628]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:02:51 dnsmasq[31615]: reply fox.com is no DS
Jan 6 11:02:51 dnsmasq[31615]: reply fox.com is 92.123.41.59
Jan 6 11:02:56 dnsmasq[31618]: reply fox.com is no DS
Jan 6 11:02:56 dnsmasq[31618]: reply fox.com is 92.123.41.59
Jan 6 11:03:12 dnsmasq[31628]: reply fox.com is no DS
Jan 6 11:03:12 dnsmasq[31628]: reply fox.com is 92.123.41.59
Jan 6 11:03:12 dnsmasq[950]: query[AAAA] fox.com from 192.168.2.42
Jan 6 11:03:12 dnsmasq[950]: forwarded fox.com to 192.168.2.1
Jan 6 11:03:12 dnsmasq[950]: reply fox.com is NODATA-IPv6
Jan 6 11:03:30 dnsmasq[31674]: query[AAAA] fox.com from 192.168.2.42
Jan 6 11:03:30 dnsmasq[31674]: forwarded fox.com to 192.168.2.1
Jan 6 11:04:00 dnsmasq[31674]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:04:30 dnsmasq[31674]: reply fox.com is no DS
Jan 6 11:04:30 dnsmasq[31674]: reply fox.com is NODATA-IPv6

21

try to use antoher domain like netflix.com (at the moment we cannot stream from netflix on our tv because of the pi-hole problem)... from the pi-hole or any client in my network... when i ask pi-hole dns --> timeout, no servers could be reached on the pi-hole himself or 2-3 minutes for an answer on a client and when i try to ask my router the answer comes in ms!
And again i can see many NODATA or N/A entries in the query log...

23

@DL6ER
After reboot all is working now again, dns queries to the pi-hole answered fast - i think it takes between 5-10 hours and the problem occours again... hope it will be a solution for this...

24

Your computer asks for additional domains that don't exist (pay attention to the fritx.box part):

Jan 6 11:01:02 dnsmasq[950]: query[A] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN
Jan 6 11:01:02 dnsmasq[950]: query[AAAA] fox.com.fritz.box from 192.168.2.42
Jan 6 11:01:02 dnsmasq[950]: forwarded fox.com.fritz.box to 192.168.2.1
Jan 6 11:01:02 dnsmasq[950]: reply fox.com.fritz.box is NXDOMAIN

It is correct for these queries to come back as NXDOMAIN.

Jan 6 11:00:39 dnsmasq[31444]: query[A] fox.com from 127.0.0.1
Jan 6 11:00:39 dnsmasq[31444]: forwarded fox.com to 192.168.2.1
Jan 6 11:01:09 dnsmasq[31444]: dnssec-query[DS] fox.com to 192.168.2.1
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is no DS
Jan 6 11:01:39 dnsmasq[31444]: reply fox.com is 92.123.41.59

Here, DNSSEC is still being used! Please ensure once again that you disabled it. The log snippet you posted contains only lines where DNSSEC was enabled.

26

ok, DNSSEC is disabled and i will not enable it again since the problem is solved...

27

I can confirm the described problem. Same setup:
-> Fritzbox 7590 as router and only uptream resolver
-> conditional forwarding on
-> DNSSEC on

I have disabled DNSSEC and conditional forwarding now. At the moment, system is stable.

28

@s.beimer
Thanks for this info, important for me that´s the source of the problem is not my personal network setup!

@DL6ER
Will test this in the next time... is there any chance to fix it? think other users with the same setup will have the same problem...

29

Of course! We aim to fix anything. However, one of the two has to be true:

  1. I can reproduce the issue: Fixing it is much easier.
  2. I cannot reproduce it: Oh well ... then the way down to finding what is really happening can be long.
30

Two days and the system is stable with DNSSEC disabled (need conditional forwarding for the Top List naming), think DNSSEC is the source of the problem in a setting with FRITZ!Box as Router and Upstream DNS! For me the problem is solved, thanks!

1 Like
31

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.