Why did I care about this? It seems like pihole was not resolving anything after this high amount of queries anymore. After a reboot it worked again. I think there is one client in the network that is putting a high demand of queries in the network and I would like to identify it. Could you please assist me? I'm totally new with pihole...
Thank you for clarification. The client is pi.hole
EDIT:
I found this in the FTL log:
[2022-03-27 14:02:57.333 383M] WARNING in dnsmasq core: Maximum number of concurrent DNS queries reached (max: 150)
[2022-03-27 14:03:14.358 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.358 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.669 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.669 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.675 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.675 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.780 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.780 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.807 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:14.808 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:15.086 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:15.086 383M] ERR: Port mismatch for 8.8.4.4: we derived 53, dnsmasq told us 48
[2022-03-27 14:03:15.394 383M] ERR: Port mismatch for 8.8.8.8: we derived 53, dnsmasq told us 48
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
I read that thread but it seems like a bug. So there is nothing I can do, right?
High amount of queries were more than six hours until I restarted the pihole and several devices.
Is the conditional forwarding configured in pihole? Tbh I do not remember to put anything like this in the pi hole settings. Can't find it currently too.
Typically, Pi-hole will not make any queries to the root domain, unless a client has requested it. Please find some example query, forward and reply entries for this domain in your dnsmasq log at /var/log/pihole.log and post them here.
I don't get the content of these phrases. What do you need exactly for further analysis?
The content of "/var/log/pihole.log" is not very interesting , at least for me:
Mar 27 03:10:07 dnsmasq[514]: read /etc/hosts - 6 addresses
Mar 27 03:10:07 dnsmasq[514]: read /etc/pihole/custom.list - 0 addresses
Mar 27 03:10:07 dnsmasq[514]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:44:35 dnsmasq[514]: exiting on receipt of SIGTERM
Mar 27 05:44:40 dnsmasq[29474]: started, version pi-hole-2.87test8 cachesize 10000
Mar 27 05:44:40 dnsmasq[29474]: DNS service limited to local subnets
Mar 27 05:44:40 dnsmasq[29474]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Mar 27 05:44:40 dnsmasq[29474]: DNSSEC validation enabled
Mar 27 05:44:40 dnsmasq[29474]: configured with trust anchor for <root> keytag 20326
Mar 27 05:44:40 dnsmasq[29474]: using nameserver 8.8.8.8#53
Mar 27 05:44:40 dnsmasq[29474]: using nameserver 8.8.4.4#53
Mar 27 05:44:40 dnsmasq[29474]: using nameserver 192.168.1.1#53 for domain 1.168.192.in-addr.arpa (no DNSSEC)
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for onion
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for bind
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for invalid
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for localhost
Mar 27 05:44:40 dnsmasq[29474]: using only locally-known addresses for test
Mar 27 05:44:40 dnsmasq[29474]: read /etc/hosts - 6 addresses
Mar 27 05:44:40 dnsmasq[29474]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:44:40 dnsmasq[29474]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:44:46 dnsmasq[29474]: read /etc/hosts - 6 addresses
Mar 27 05:44:46 dnsmasq[29474]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:44:46 dnsmasq[29474]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:49:00 dnsmasq[29474]: read /etc/hosts - 6 addresses
Mar 27 05:49:00 dnsmasq[29474]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:49:00 dnsmasq[29474]: read /etc/pihole/local.list - 0 addresses
Mar 27 05:57:42 dnsmasq[29474]: exiting on receipt of SIGTERM
Mar 27 05:57:56 dnsmasq[354]: started, version pi-hole-2.87test8 cachesize 10000
Mar 27 05:57:56 dnsmasq[354]: DNS service limited to local subnets
Mar 27 05:57:56 dnsmasq[354]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Mar 27 05:57:56 dnsmasq[354]: DNSSEC validation enabled
Mar 27 05:57:56 dnsmasq[354]: configured with trust anchor for <root> keytag 20326
Mar 27 05:57:56 dnsmasq[354]: using nameserver 8.8.8.8#53
Mar 27 05:57:56 dnsmasq[354]: using nameserver 8.8.4.4#53
Mar 27 05:57:56 dnsmasq[354]: using nameserver 192.168.1.1#53 for domain 1.168.192.in-addr.arpa (no DNSSEC)
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for onion
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for bind
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for invalid
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for localhost
Mar 27 05:57:56 dnsmasq[354]: using only locally-known addresses for test
Mar 27 05:57:56 dnsmasq[354]: read /etc/hosts - 6 addresses
Mar 27 05:57:56 dnsmasq[354]: read /etc/pihole/custom.list - 0 addresses
Mar 27 05:57:56 dnsmasq[354]: read /etc/pihole/local.list - 0 addresses
Mar 27 11:59:15 dnsmasq[383]: started, version pi-hole-2.87test8 cachesize 10000
Mar 27 11:59:15 dnsmasq[383]: DNS service limited to local subnets
Mar 27 11:59:15 dnsmasq[383]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
Mar 27 11:59:15 dnsmasq[383]: DNSSEC validation enabled
Mar 27 11:59:15 dnsmasq[383]: configured with trust anchor for <root> keytag 20326
Mar 27 11:59:15 dnsmasq[383]: using nameserver 8.8.8.8#53
Mar 27 11:59:15 dnsmasq[383]: using nameserver 8.8.4.4#53
Mar 27 11:59:15 dnsmasq[383]: using nameserver 192.168.1.1#53 for domain 1.168.192.in-addr.arpa (no DNSSEC)
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for onion
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for bind
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for invalid
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for localhost
Mar 27 11:59:15 dnsmasq[383]: using only locally-known addresses for test
Mar 27 11:59:15 dnsmasq[383]: read /etc/hosts - 6 addresses
Mar 27 11:59:15 dnsmasq[383]: read /etc/pihole/custom.list - 0 addresses
Mar 27 11:59:15 dnsmasq[383]: read /etc/pihole/local.list - 0 addresses
Mar 27 13:16:09 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 13:16:15 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 13:16:24 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 13:16:30 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
.....
Mar 27 19:12:42 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 19:13:59 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 19:14:10 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Mar 27 19:14:16 dnsmasq[383]: Maximum number of concurrent DNS queries reached (max: 150)
Additionally I don't get the connection to pi.hole client queries because they won't be logged to the pihole.log, right?
Sorry, I need additional support with this...