Log available here
Version Pi-hole Version v5.0 Web Interface Version v5.0 FTL Version v5.0, unbound installed
Step to reproduce:
enter any URL in any web browser -- Pi Hole / Unbound has the only DNS server.
Expected Behaviour:
DNS query is resolved
Website is loading normally or partially
Actual Behaviour:
every queries end up to time out
Pi Hole Query log show the query resolved as normal
Around every second a warning is added to /var/log/pihole-FTL.log [2020-06-01 10:24:09.148 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
Additional information
Used to work just fine, no change was made on PiHole or Gateway (Ubiquiti Unifi)
DNS query are working normally when DNS server is changed in the gateway for CloudFlare
Unable to send any debug token , likely to be a firewall issue
[✗] There was an error uploading your debug log.
Please try again or contact the Pi-hole team for assistance.
A local copy of the debug log can be found at: /var/log/pihole_debug.log
ubuntu@ubuntu:~$ echo "hello developers" | pihole tricorder
[✗] Unable to connect to Pi-hole's Tricorder server
[✗] Unable to connect to Pi-hole's Tricorder server
ubuntu@ubuntu:~$
ubuntu@ubuntu:~$ echo "hello developers" | pihole tricorder
[✗] Unable to connect to Pi-hole's Tricorder server
ubuntu@ubuntu:~$ echo "some text" | nc tricorder.pi-hole.net 9999
nc: getaddrinfo for host "tricorder.pi-hole.net" port 9999: Temporary failure in name resolution
ubuntu@ubuntu:~$ echo "Information to send over SSL" | openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null
ubuntu@ubuntu:~$ echo "help me" | nc tricorder.pi-hole.net 9999
nc: getaddrinfo for host "tricorder.pi-hole.net" port 9999: Temporary failure in name resolution
ubuntu@ubuntu:~$
Firewall
002 .Allow DNS Servers out : Accept TCP and UDP > SOURCE Groups:DNS Server DESTINATION Groups:Local VLAN, DNS Port
2003 Allow DNS Servers : Accept TCP and UDP > SOURCE Groups:Local VLAN DESTINATION Groups:DNS ServerDNS Port
2018 Block DNS Servers SOURCEDrop TCP and UDP Groups:DNS
[2020-06-01 10:24:07.462 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:07.464 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:09.148 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:11.063 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:12.068 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:14.070 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:14.075 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:14.076 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:14.958 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:14.959 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:15.104 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:15.105 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:15.942 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:15.943 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
[2020-06-01 10:24:18.074 1816] WARN: getOverTimeID(1591007100): 596 is too large: 1590649500
I'm trying to upload the log but I have an issue,
There was an error uploading your debug log.
Please try again or contact the Pi-hole team for assistance.
A local copy of the debug log can be found at: /var/log/pihole_debug.log
ubuntu@ubuntu:~$ echo "hello developers" | pihole tricorder
[✗] Unable to connect to Pi-hole's Tricorder server
WARN: getOverTimeID(1591009500): 600 is too large: 1590649500
it's seems that the Pi-Hole time is wrong , I'm located in Ireland, current time is 12:27 and not 11:27
timedatectl status
Local time: Mon 2020-06-01 11:27:40 UTC
Universal time: Mon 2020-06-01 11:27:40 UTC
RTC time: n/a
Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
I cannot install NTP (Temporary failure resolving 'ports.ubuntu.com) which was expected due to DNS failure
UPDATE regarding time zone :
Time zone is now correct on the Pi-Hole but the same warning message remain on /var/log/pihole-FTL.log and same DNS issues.
Current default time zone: 'Europe/Dublin'
Local time is now: Mon Jun 1 12:33:37 IST 2020.
Universal Time is now: Mon Jun 1 11:33:37 UTC 2020.
ubuntu@ubuntu:~$ timedatectl status
Local time: Mon 2020-06-01 12:34:15 IST
Universal time: Mon 2020-06-01 11:34:15 UTC
RTC time: n/a
Time zone: Europe/Dublin (IST, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Who is in your Group Local VLAN? I guess the rule is for the DNS server (Pihole) to go out to the internet to contact an upstream DNS Server. The destination should be any (or paricular Upstream DNS-Server IP) but not something local?
Sorry for the delay, I'm using the Raspberry PI 3 since work just fine but I have the 100Mbs limitation (I have a gigabit WAN, but surely DNS request don't require that much anyway)
DNS server group : 1.1.1.1 1.0.0.1 , PIHOLE1, PiHOLETemporary.
Local VLAN (all the local VLANs and LAN IP)
I changed to all but same result, still don't get it why PiHole seems to resolve the request on the UI
2002 Allow Local DNS Servers out : Accept TCP and UDP > SOURCE Groups:Local DNS Server DESTINATION Groups: DNS Port
2003 Allow DNS Servers : Accept TCP and UDP > SOURCE Groups: Local VLAN DESTINATION Groups:DNS Server DNS Port
2018 Block DNS Servers SOURCEDrop TCP and UDP Groups:DNS
Groups:
Local DNS Server: PIHOLE1, PiHOLETemporary
DNS Server: 1.1.1.1, 1.0.0.1 , PIHOLE1, PiHOLETemporary
Local VLAN: all the local VLANs and LAN IP
DNS Port: 53
In 2003 you could substitute "DNS Server" with "Local DNS Server" if you want to allow DNS traffic from your clients only to the piholes but not 1.1.1.1 and 1.0.0.1. The (outside) upstream servers for your pihole (1.1.1.1, 1.0.0.1?) should be covered with rule 2002 already
I'm quite confident in my rules as I use exactly those without issues. I suspect a general network issue at this point.
Do you have both at the same time in your network active? Same IP will result in strange behavior and failures.
I would remove one, and see if the issues persist. Also switching upstream DNS servers for testing purpose to something like Cloudflare or Google might be an additional try to eliminate potential points of failure (Unbound, DoT).
Actually it’s seems to resolve every dns request but it’s not blocking anything.
I updated gravity, had a few errors but still not blocking anything.
I’m probably better off formatting and starting over!
Thank for your help anyway