Suddenly high queries. need help with debug

passuff · March 27, 2022, 10:19am

At 5 o clock my smart home restarted after a backup. Since then, I have a lot of queries:

What is really strange is the top domain ".":

doesn't "." stand for local domain?

Why did I care about this? It seems like pihole was not resolving anything after this high amount of queries anymore. After a reboot it worked again. I think there is one client in the network that is putting a high demand of queries in the network and I would like to identify it. Could you please assist me? I'm totally new with pihole...

jfb · March 27, 2022, 1:07pm

No. It is the root domain, essentially the top of the internet.

In your query log, what client is making these requests?

passuff · March 27, 2022, 1:58pm

Thank you for clarification. The client is pi.hole

EDIT:

I found this in the FTL log:

[2022-03-27 14:02:57.333 383M] WARNING in dnsmasq core: Maximum number of concurrent DNS queries reached (max: 150)
[2022-03-27 14:03:14.358 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.358 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.669 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.669 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.675 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.675 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.780 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.780 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.807 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.808 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:15.086 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:15.086 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:15.394 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48

jfb · March 27, 2022, 3:04pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

passuff · March 27, 2022, 3:28pm

https://tricorder.pi-hole.net/avxkjOdg/

jfb · March 27, 2022, 4:12pm

For the port mismatch issue, here is a related thread.

For the high amount of queries, it is not unusual after an outage (internet upset) for a device to generate a large number of queries.

I note that you have conditional forwarding enabled, which can lead to circular DNS traffic.

    REV_SERVER=true
    REV_SERVER_CIDR=192.168.1.0/24
    REV_SERVER_TARGET=192.168.1.1
    REV_SERVER_DOMAIN=

Please find some example query, forward and reply entries for this domain in your dnsmasq log at /var/log/pihole.log and post them here.

passuff · March 27, 2022, 5:19pm

I read that thread but it seems like a bug. So there is nothing I can do, right?

High amount of queries were more than six hours until I restarted the pihole and several devices.

Is the conditional forwarding configured in pihole? Tbh I do not remember to put anything like this in the pi hole settings. Can't find it currently too.

Typically, Pi-hole will not make any queries to the root domain, unless a client has requested it. Please find some example query, forward and reply entries for this domain in your dnsmasq log at /var/log/pihole.log and post them here.

I don't get the content of these phrases. What do you need exactly for further analysis?
The content of "/var/log/pihole.log" is not very interesting , at least for me:

Mar 27 03:10:07 dnsmasq[514]: read /etc/hosts - 6 addresses
Mar 27 03:10:07 dnsmasq[514]: read /etc/pihole/custom.list - 0 addresses
Mar 27 03:10:07 dnsmasq[514]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:44:35 dnsmasq[514]: exiting on receipt of SIGTERM
Mar 27 05:44:40 dnsmasq[29474]: started, version pi-hole-2.87test8 cachesize 10000
Mar 27 05:44:40 dnsmasq[29474]: DNS service limited to local subnets
Mar 27 05:44:40 dnsmasq[29474]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Mar 27 05:44:40 dnsmasq[29474]: DNSSEC validation enabled
Mar 27 05:44:40 dnsmasq[29474]: configured with trust anchor for <root> keytag 20326
Mar 27 05:44:40 dnsmasq[29474]: using nameserver 8.8.8.8#53
Mar 27 05:44:40 dnsmasq[29474]: using nameserver 8.8.4.4#53
Mar 27 05:44:40 dnsmasq[29474]: using nameserver 192.168.1.1#53 for domain 1.168.192.in-addr.arpa (no DNSSEC)
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for onion
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for bind
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for invalid
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for localhost
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for test
Mar 27 05:44:40 dnsmasq[29474]: read /etc/hosts - 6 addresses
Mar 27 05:44:40 dnsmasq[29474]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:44:40 dnsmasq[29474]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:44:46 dnsmasq[29474]: read /etc/hosts - 6 addresses
Mar 27 05:44:46 dnsmasq[29474]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:44:46 dnsmasq[29474]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:49:00 dnsmasq[29474]: read /etc/hosts - 6 addresses
Mar 27 05:49:00 dnsmasq[29474]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:49:00 dnsmasq[29474]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:57:42 dnsmasq[29474]: exiting on receipt of SIGTERM
Mar 27 05:57:56 dnsmasq[354]: started, version pi-hole-2.87test8 cachesize 10000
Mar 27 05:57:56 dnsmasq[354]: DNS service limited to local subnets
Mar 27 05:57:56 dnsmasq[354]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Mar 27 05:57:56 dnsmasq[354]: DNSSEC validation enabled
Mar 27 05:57:56 dnsmasq[354]: configured with trust anchor for <root> keytag 20326
Mar 27 05:57:56 dnsmasq[354]: using nameserver 8.8.8.8#53
Mar 27 05:57:56 dnsmasq[354]: using nameserver 8.8.4.4#53
Mar 27 05:57:56 dnsmasq[354]: using nameserver 192.168.1.1#53 for domain 1.168.192.in-addr.arpa (no DNSSEC)
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for onion
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for bind
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for invalid
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for localhost
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for test
Mar 27 05:57:56 dnsmasq[354]: read /etc/hosts - 6 addresses
Mar 27 05:57:56 dnsmasq[354]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:57:56 dnsmasq[354]: read /etc/pihole/local.list - 0 addresses
Mar 27 11:59:15 dnsmasq[383]: started, version pi-hole-2.87test8 cachesize 10000
Mar 27 11:59:15 dnsmasq[383]: DNS service limited to local subnets
Mar 27 11:59:15 dnsmasq[383]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Mar 27 11:59:15 dnsmasq[383]: DNSSEC validation enabled
Mar 27 11:59:15 dnsmasq[383]: configured with trust anchor for <root> keytag 20326
Mar 27 11:59:15 dnsmasq[383]: using nameserver 8.8.8.8#53
Mar 27 11:59:15 dnsmasq[383]: using nameserver 8.8.4.4#53
Mar 27 11:59:15 dnsmasq[383]: using nameserver 192.168.1.1#53 for domain 1.168.192.in-addr.arpa (no DNSSEC)
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for onion
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for bind
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for invalid
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for localhost
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for test
Mar 27 11:59:15 dnsmasq[383]: read /etc/hosts - 6 addresses
Mar 27 11:59:15 dnsmasq[383]: read /etc/pihole/custom.list - 0 addresses
Mar 27 11:59:15 dnsmasq[383]: read /etc/pihole/local.list - 0 addresses
Mar 27 13:16:09 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 13:16:15 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 13:16:24 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 13:16:30 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
.....
Mar 27 19:12:42 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 19:13:59 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 19:14:10 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 19:14:16 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)

Additionally I don't get the connection to pi.hole client queries because they won't be logged to the pihole.log, right?
Sorry, I need additional support with this...

DanSchaper · March 27, 2022, 5:39pm

You have DNSSEC enabled. Pi-hole needs to start from the root zone in order to validate DNSSEC chain of trust.

jfb · March 28, 2022, 3:01am

Yes. The output I posted is from your debug log.

system · April 18, 2022, 3:01am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.