Tens of thousands of queries to x.debian.pool.ntp.org

#1

Please follow the below template, it will help us to help you!

Expected Behavior:

Periodic query LocalHost to network time server (ntp).

Actual Behavior

222367 queries from local host to ntp server.

## Debug Token:
This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net.

The intent of this script is to allow users to self-diagnose their installations.  This is accomplished by running tests against our software and providing the user with links to FAQ articles when a problem is detected.  Since we are a small team and Pi-hole has been growing steadily, it is our hope that this will help us spend more time on development.

NOTE: All log files auto-delete after 48 hours and ONLY the Pi-hole developers can access your data via the given token. We have taken these extra steps to secure your data and will work to further reduce any personal information gathered.

*** [ INITIALIZING ]
[i] 2019-03-17:22:50:13 debug log has been initialized.

*** [ INITIALIZING ] Sourcing setup variables
[i] Sourcing /etc/pihole/setupVars.conf...

*** [ DIAGNOSING ]: Core version
[i] Core: v4.2.2 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Branch: master
[i] Commit: v4.2.2-0-gba1e94d

*** [ DIAGNOSING ]: Web version
[i] Web: v4.2 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Branch: master
[i] Commit: v4.2-0-g347994db

*** [ DIAGNOSING ]: FTL version
[✓] FTL: v4.2.3 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)

*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.45

*** [ DIAGNOSING ]: php version
[i] 7.0.33

*** [ DIAGNOSING ]: Operating system
[✓] Raspbian GNU/Linux 9 (stretch)

*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected

*** [ DIAGNOSING ]: Processor
[✓] armv6l

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
   192.168.1.20/24 matches the IP found in /etc/pihole/setupVars.conf

[✓] IPv6 address(es) bound to the eth0 interface:
   fe80::4021:537a:e050:5cf0 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

   ^ Please note that you may have more than one IP address listed.
   As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.

   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.

[i] Default IPv4 gateway: 192.168.1.1
   * Pinging 192.168.1.1...
[✓] Gateway responded.

*** [ DIAGNOSING ]: Ports in use
127.0.0.1:54 dnscrypt-p (IPv4)
[::1]:54 dnscrypt-p (IPv6)
*:22 sshd (IPv4)
*:22 sshd (IPv6)
[*:80] is in use by lighttpd
[*:80] is in use by lighttpd
[*:53] is in use by pihole-FTL
[*:53] is in use by pihole-FTL
[127.0.0.1:4711] is in use by pihole-FTL
[[::1]:4711] is in use by pihole-FTL

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] ad.freecity.de is 192.168.1.20 via localhost (127.0.0.1)
[✓] ad.freecity.de is 192.168.1.20 via Pi-hole (192.168.1.20)
[✓] doubleclick.com is 172.217.12.14 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Pi-hole processes
[✓] lighttpd daemon is active
[✓] pihole-FTL daemon is active

*** [ DIAGNOSING ]: Setup variables
    TEMPERATUREUNIT=F
    ADMIN_EMAIL={removed}@gmail.com
    WEBUIBOXEDLAYOUT=boxed
    DNSMASQ_LISTENING=single
    PIHOLE_DNS_3=2606:4700:4700::1111#53
    PIHOLE_DNS_4=2606:4700:4700::1001#53
    DNS_FQDN_REQUIRED=true
    DNS_BOGUS_PRIV=false
    DNSSEC=true
    CONDITIONAL_FORWARDING=false
    BLOCKING_ENABLED=true
    PIHOLE_INTERFACE=eth0
    IPV4_ADDRESS=192.168.1.20/24
    IPV6_ADDRESS=
    PIHOLE_DNS_1=1.1.1.1
    PIHOLE_DNS_2=1.0.0.1
    QUERY_LOGGING=true
    INSTALL_WEB_SERVER=true
    INSTALL_WEB_INTERFACE=true
    LIGHTTPD_ENABLED=true

*** [ DIAGNOSING ]: Dashboard and block page
[✓] Block page X-Header: X-Pi-hole: A black hole for Internet advertisements.
[✓] Web interface X-Header: X-Pi-hole: The Pi-hole Web interface is working!

*** [ DIAGNOSING ]: Gravity list
-rw-r--r-- 1 root root 5505532 Mar 17 03:25 /etc/pihole/gravity.list
   -----head of gravity.list------
   0-07.ru
   0-google.com
   0.0.0.0
   0.fls.doubleclick.net

   -----tail of gravity.list------
   zzz.clickbank.net
   zzzezeroe.fr
   zzzpooeaz-france.com
   zzzrtrcm2.com

*** [ DIAGNOSING ]: contents of /etc/pihole

-rw-r--r-- 1 root root 1124 Feb 13 05:23 /etc/pihole/adlists.list
   https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
   https://mirror1.malwaredomains.com/files/justdomains
   http://sysctl.org/cameleon/hosts
   https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
   https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
   https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
   https://hosts-file.net/ad_servers.txt
   http://www.squidblacklist.org/downloads/dg-ads.acl
   https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt
   https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt
   https://zerodot1.gitlab.io/CoinBlockerLists/list_browser.txt
   https://zerodot1.gitlab.io/CoinBlockerLists/list.txt
   https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
   https://www.squidblacklist.org/downloads/dg-malicious.acl
   https://raw.githubusercontent.com/anudeepND/blacklist/master/CoinMiner.txt
   https://phishing.army/download/phishing_army_blocklist_extended.txt

-rw-r--r-- 1 root root 286 Feb 16 03:58 /etc/pihole/blacklist.txt
   csm.va.us.criteo.net
   t.agentanalytics.com
   101.xg4ken.com
   www.summerhamster.com
   ads.everesttech.net
   onetag-metrics-collector-prod-1127638958.us-west-1.elb.amazonaws.com
   onetag-metrics-collector.onscroll.com
   m1f9s4.edvfwlacluo.com
   73.cpamatik.com
   cpamatik.com
   makerlow.com
   ag.innovid.com

-rw-r--r-- 1 root root 41 Mar 17 03:25 /etc/pihole/local.list
   192.168.1.20 DNSpiB
   192.168.1.20 pi.hole

-rw-r--r-- 1 root root 234 Mar  3 03:20 /etc/pihole/logrotate
   /var/log/pihole.log {
   	su root root
   	daily
   	copytruncate
   	rotate 5
   	compress
   	delaycompress
   	notifempty
   	nomail
   }
   /var/log/pihole-FTL.log {
   	su root root
   	weekly
   	copytruncate
   	rotate 3
   	compress
   	delaycompress
   	notifempty
   	nomail
   }

-rw-r--r-- 1 root root 10419 Mar 14 23:41 /etc/pihole/whitelist.txt
   0.client-channel.google.com
   1drv.com
   2.android.pool.ntp.org
   4d.condenastdigital.com
   5231.xg4ken.com
   7eer.net
   9news.com
   a3013110282.cdn.optimizely.com
   abcotv.hb.omtrdc.net
   account.shareasale.com
   ad.atdmt.com
   ad.doubleclick.net
   addthis.com
   affiliatefuture.com
   affiliates.clickinc.com
   affiliates.vitalproteins.com
   akamaihd.net
   akamaitechnologies.com
   akamaized.net
   a.klaviyo.com
   alluremedia.com.au
   amazinggrass.com
   amazonaws.com
   amzn.to
   analytics.ff.avast.com
   analytics.twitter.com
   android.clients.google.com
   anrdoezrs.net
   api-iam.intercom.io
   api.ipify.org
   apmebf.com
   app-api.ted.com
   apple.com
   appleid.apple.com
   app.plex.tv
   appsbackup-pa.clients6.google.com
   appsbackup-pa.googleapis.com
   apps.crashlytics.com
   apps-ios.crashlytics.com
   apps.skype.com
   apresolve.spotify.com
   apt.sonarr.tv
   aspnetcdn.com
   assets.adobedtm.com
   assets-jpcust.jwpsrv.com
   attestation.xboxlive.com
   autocontactor.com
   avantlink.com
   ax.phobos.apple.com.edgesuite.net
   bea4.v.fwmrm.net
   bfast.com
   bing.com
   bit.ly
   brightcove.net
   browser.pipe.aria.microsoft.com
   bufferapp.com
   capture.condenastdigital.com
   cc-dt.com
   cdn1.optimizely.com
   cdn2.optimizely.com
   cdn3.optimizely.com
   cdn.cloudflare.net
   cdn.cnn.com
   cdn.cpnscdn.com
   cdn.embedly.com
   cdnjs.cloudflare.com
   cdn.krxd.net
   cdn.livechatinc.com
   cdn.livefyre.com
   cdn.mediavoice.com
   cdn.oas-c18.adnxs.com
   cdn.onenote.net
   cdn.onesignal.com
   cdn.optimizely.com
   cdns.gigya.com
   cdn.syndication.twimg.com
   cdn.vidible.tv
   cdn.vidible.tvpihole
   cert.mgt.xboxlive.com
   chadbennetts.com
   chrome.google.com
   ci1.googleusercontent.com
   ci2.googleusercontent.com
   ci3.googleusercontent.com
   ci4.googleusercontent.com
   ci5.googleusercontent.com
   ci.googleusercontent.com
   cj.com
   cj.dotomi.com
   cl.exact.net
   cl.exct.net
   click.linksynergy.com
   clickserve.cc-dt.com
   clickserve.dartsearch.net
   click.wa-respond.kaiserpermanente.org
   clientconfig.passport.net
   clients1.google.com
   clients2.google.com
   clients3.google.com
   clients4.google.com
   clients5.google.com
   clients6.google.com
   client-s.gateway.messenger.live.com
   clk.tradedoubler.com
   cloudsrest.chadbennetts.com
   cloudsrest.quickconnect.to
   cloudsrest.synology.me
   c.msn.com
   commission-junction.com
   condenast.demdex.net
   connection.ghc.org
   connectivitycheck.android.com
   connectivitycheck.gstatic.com
   context.bestbuy.com
   contributor.google.com
   conversantmedia.com
   cpms35.spop10.ams.plex.bz
   cpms.spop10.ams.plex.bz
   crashlytics.kp.org
   crisp.chat
   cse.google.com
   csi.gstatic.com
   c.s-microsoft.com
   ctldl.windowsupdate.com
   cw.addthis.com
   d2c8v52ll5s99u.cloudfront.net
   d2gatte9o95jao.cloudfront.net
   dashboard.plex.tv
   data.cnn.com
   dataplicity.com
   def-vef.xboxlive.com
   delivery.vidible.tv
   developers.google.com
   device.auth.xboxlive.com
   dev.virtualearth.net
   di.rlcdn.com
   displaycatalog.mp.microsoft.com
   display.ugc.bazaarvoice.com
   dl.delivery.mp.microsoft.com
   dl.dropbox.com
   dl.dropboxusercontent.com
   dnn506yrbagrg.cloudfront.net
   dns.msftncsi.com
   docs.google.com
   dotomi.com
   doubleclick.net
   download.sonarr.tv
   dpbolvw.net
   dpm.demdex.net
   drift.com
   driftt.com
   drive.google.com
   dynaimage.cdn.turner.com
   dynupdate.no-ip.com
   eb2.3lift.com
   ebates.com
   ecn.dev.virtualearth.net
   ec-ns.sascdn.com
   e.crashlytics.com
   edge.api.brightcove.com
   e.dlx.addthis.com
   eds.xboxlive.com
   emjcd.com
   emory.qualtrics.com
   encrypted-tbn0.gstatic.com
   entitlement.auth.adobe.com
   et.nytimes.com
   evyy.net
   feeds.feedburner.com
   filament.io
   fitt.co
   fonts.gstatic.com
   forums.sonarr.tv
   fpdownload.adobe.com
   fp.msedge.net
   frog.wix.com
   fullscript.com
   g7.m.fwmrm.net
   gan.doubleclick.net
   gannett.demdex.net
   gannett-d.openx.net
   gc.synxis.com
   geo2.adobe.com
   geo3.ggpht.com
   geo-prod.do.dsp.mp.microsoft.com
   gfwsl.geforce.com
   giphy.com
   github.com
   github.io
   gitlab.com
   g.live.com
   go2jump.org
   go.fitt.co
   goo.gl
   google
   googleapis.com
   gopjn.com
   go.redirectingat.com
   go.skimresources.com
   gps.vzwfemto.com
   graph.instagram.com
   gravatar.com
   gstatic.com
   gwallet.com
   healthy.kp.org
   healthyskoop.com
   hello.myfonts.net
   help.dreamhost.com
   help.ui.xboxlive.com
   hls.ted.com
   hub-api.wink.com
   hulu.com
   i1.ytimg.com
   iadsdk.apple.com
   ib.adnxs.com
   icloud.com
   imagesak.secureserver.net
   imgix.net
   imgs.xkcd.com
   img.vidible.tv
   incoming.telemetry.mozilla.org
   infinityid.condenastdigital.com
   instantmessaging-pa.googleapis.com
   intercom.io
   ionos.com
   i.shareasale.com
   i.s-microsoft.com
   itunes.apple.com
   i.ytimg.com
   jdoqocy.com
   jilzglutenfree.refr.cc
   j.mp
   jquery.com
   jsdelivr.net
   junction.cj.com
   jwpltx.com
   kaiser.demdex.net
   kaiserpermanentecoei.co1.qualtrics.com
   keystone.mwbsys.com
   kpclaimservices.com
   kponline.webex.com
   kp.org
   kqzyfj.com
   lastfm-img2.akamaized.net
   lh6.googleusercontent.com
   licensing.xboxlive.com
   linkedin.com
   linksynergy.com
   linktr.ee
   linuxtracker.org
   live.com
   livepassdl.conviva.com
   login.aliexpress.com
   login.live.com
   login.microsoftonline.com
   logx.optimizely.com
   lptag.liveperson.net
   m.addthis.com
   m.addthisedge.com
   magnetic.t.domdex.com
   mailchi.mp
   mailchimp.com
   mail.ionos.com
   mandrillapp.com
   manifest.googlevideo.com
   marriottinternationa.demdex.net
   marriottinternationa.tt.omtrdc.net
   marvinminster.synology.me
   mcssl.com
   members.cj.com
   meta-db-worker02.pop.ric.plex.bz
   meta.plex.bz
   meta.plex.tv
   metrics.npr.org
   m.hotmail.com
   microsoft.com
   microsoftonline.com
   mobile.pipe.aria.microsoft.com
   mscom.demdex.net
   msftncsi.com
   m.weeklyad.target.com
   myit.kp.org
   my.plexapp.com
   native.sharethrough.com
   naturalpartners.com
   nbcume.sc.omtrdc.net
   nest.com
   netflix.com
   nexus.officeapps.live.com
   nexusrules.officeapps.live.com
   nicks-sticks.com
   nine.plugins.plexapp.com
   node.plexapp.com
   no-ip.com
   notify.xboxlive.com
   npr-news.streaming.adswizz.com
   ns1.dropbox.com
   ns2.dropbox.com
   nutiva.com
   o1.email.plex.tv
   o2.sg0.plex.tv
   oascentral.datasphere.com
   ocsp.apple.com
   office365.com
   officeclient.microsoft.com
   office.com
   office.net
   ojrq.net
   om.cbsi.com
   onedrive.live.com
   onenetworkdirect.net
   onesignal.com
   orangetheory.com
   outlook.live.com
   outlook.office365.com
   ow.ly
   participant.wageworks.com
   pbs.twimg.com
   p.d.emn0.com
   pinterest.com
   pipe.skype.com
   pixel.condenastdigital.com
   pjatr.com
   pjtra.com
   placehold.it
   placeholdit.imgix.net
   players.brightcove.net
   play.google.com
   plex.tv
   p.liad.com
   plus.google.com
   pntrac.com
   pntrack.com
   pntra.com
   precisionnutrition.com
   prf.hn
   pricelist.skype.com
   products.office.com
   profile.target.com
   proxy02.pop.ord.plex.bz
   proxy.plex.bz
   proxy.plex.tv
   p.typekit.net
   pubsub.plex.bz
   pubsub.plex.tv
   purposefulplatenutrition.com
   p.w.emn0.com
   qksrv.net
   q.stripe.com
   qualtrics.com
   quickconnect.to
   raw.githubusercontent.com
   rc.rlcdn.com
   r.dlx.addthis.com
   reddit.com
   redirect.at
   redirectingat.com
   redirector.googlevideo.com
   redirect.viglink.com
   referralcandy.com
   referrer.disqus.com
   refr.cc
   reports.crashlytics.com
   res.cloudinary.com
   ring.com
   rover.ebay.com
   rtbcdn.doubleverify.com
   s1.symcb.com
   s1.wp.com
   s2.symcb.com
   s2.youtube.com
   s3.amazonaws.com
   s3.amazon.com
   s3.symcb.com
   s3-us-west-2.amazonaws.com
   s4.symcb.com
   s5.symcb.com
   s7.addthis.com
   sales.liveperson.net
   s.amazon-adsystem.com
   sa.symcb.com
   sc5.omniture.com
   secure.avangate.com
   secure.brightcove.com
   secure.surveymonkey.com
   services.sonarr.tv
   settings.crashlytics.com
   settings-win.data.microsoft.com
   s.gateway.messenger.live.com
   sg-con4g.vzwfemto.com
   sg.vzwfemto.com
   shareasale-analytics.com
   shareasale.com
   sharepoint.com
   sheets.google.com
   shopify.privy.com
   skyhook.sonarr.tv
   skype.com
   s.marketwatch.com
   smetrics.kaiserpermanente.org
   smetrics.southwest.com
   snippets.cdn.mozilla.net
   spclient.wg.spotify.com
   sp-cloud.kp.org
   squareup.com
   s.shopify.com
   s.skimresources.com
   ssl.p.jwpcdn.com
   sslstatic.wix.com
   sstats.arstechnica.com
   staging.plex.tv
   static.parastorage.com
   static.shareasale.com
   static.wixstatic.com
   statse.webtrendslive.com
   status.plex.tv
   su.addthis.com
   support.microsoft.com
   surveymonkey.com
   swa.demdex.net
   s.webtrends.com
   syndication.twitter.com
   synology.com
   s.youtube.com
   s.ytimg.com
   t0.ssl.ak.dynamic.tiles.virtualearth.net
   t0.ssl.ak.tiles.virtualearth.net
   tawk.to
   t.co
   tc.tradetracker.com
   tedcdn.com
   themoviedb.com
   thetvdb.com
   tile-service.weather.microsoft.com
   tinyurl.com
   title.auth.xboxlive.com
   title.mgt.xboxlive.com
   tkqlhce.com
   tps30.doubleverify.com
   tps.doubleverify.com
   track.adform.net
   tracking.groupon.com
   track.webgains.com
   tradetracker.net
   tsfe.trafficshaping.dsp.mp.microsoft.com
   tvdb2.plex.tv
   tvthemes.plexapp.com
   twimg.com
   twitter.com
   ucwebapp.wisestamp.com
   ui.skype.com
   unsplash.com
   usadmm.dotomi.com
   us.fullscript.com
   v10.events.data.microsoft.com
   v10.vortex-win.data.microsoft.com
   v20.vortex-win.data.microsoft.com
   vfc.demdex.net
   video-stats.l.google.com
   videos.vidible.tv
   vimeo.com
   vitacost.tt.omtrdc.net
   vitalproteins.com
   vortex.data.microsoft.com
   v.shopify.com
   wa.kaiserpermanente.org
   wa-qa.kaiserpermanente.org
   wdcpalt.microsoft.com
   wdcp.microsoft.com
   weeklyad.target.com
   weeklyad.target.com.edgesuite.net
   wellnessismyjam.com
   widget-cdn.rpxnow.com
   wikipedia.org
   wildzora.com
   win10.ipv6.microsoft.com
   wink.com
   wordpress.com
   wo.vzwwo.com
   wp.com
   ws.audioscrobbler.com
   w.sharethis.com
   w.usabilla.com
   www.7eer.net
   www.9news.com
   www.addthis.com
   www.affiliatefuture.com
   www.amazinggrass.com
   www.anrdoezrs.net
   www.apmebf.com
   www.apple.com
   www.avantlink.com
   www.bfast.com
   www.bit.ly
   www.cc-dt.com
   www.cj.com
   www.commission-junction.com
   www.conversantmedia.com
   www.dataplicity.com
   www.dotomi.com
   www.doubleclick.net
   www.dpbolvw.net
   www.ebates.com
   www.emjcd.com
   www.evyy.net
   www.gitlab.com
   www.gofundme.com
   www.googleapis.com
   www.gopjn.com
   www.gstatic.com
   www.gwallet.com
   www.healthyskoop.com
   www.hulu.com
   www.icloud.com
   www.jdoqocy.com
   www.kqzyfj.com
   www.linksynergy.com
   www.linuxtracker.org
   www.mandrillapp.com
   www.mcssl.com
   www.msftncsi.com
   www.naturalpartners.com
   www.nicks-sticks.com
   www.no-ip.com
   www.nutiva.com
   www.ojrq.net
   www.onenetworkdirect.net
   www.pjatr.com
   www.pjtra.com
   www.plex.tv
   www.pntrac.com
   www.pntrack.com
   www.pntra.com
   www.powr.io
   www.purposefulplatenutrition.com
   www.qksrv.net
   www.referralcandy.com
   www.shareasale-analytics.com
   www.shareasale.com
   www.solaredge.com
   www.squareup.com
   www.synology.com
   www.tkqlhce.com
   www.tradetracker.net
   www.twitter.com
   www.vitalproteins.com
   www.wellnessismyjam.com
   www.wildzora.com
   www.xboxlive.com
   www.youtube-nocookie.com
   xboxexperiencesprod.experimentation.xboxlive.com
   xbox.ipv6.microsoft.com
   x.dlx.addthis.com
   xflight.xboxlive.com
   xkms.xboxlive.com
   xsts.auth.xboxlive.com
   yahoo.com
   youtu.be
   youtube.com
   youtube-nocookie.com
   yt3.ggpht.com
   seal.verisign.com
   l.sharethis.com
   lnkd.in
   dnspib.localhost
   ads.google.com
   static.adziff.com
   analytics.google.com
   ssl.google-analytics.com
   fls-na.amazon.com
   dickssportinggoods.com

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d

-rw-r--r-- 1 root root 1850 Mar  3 03:20 /etc/dnsmasq.d/01-pihole.conf
   addn-hosts=/etc/pihole/gravity.list
   addn-hosts=/etc/pihole/black.list
   addn-hosts=/etc/pihole/local.list
   localise-queries
   no-resolv
   cache-size=10000
   log-queries
   log-facility=/var/log/pihole.log
   local-ttl=2
   log-async
   dhcp-name-match=set:wpad-ignore,wpad
   dhcp-ignore-names=tag:wpad-ignore
   server=1.1.1.1
   server=1.0.0.1
   server=2606:4700:4700::1111
   server=2606:4700:4700::1001
   domain-needed
   dnssec
   trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
   trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
   interface=eth0

*** [ DIAGNOSING ]: contents of /etc/lighttpd

-rw-r--r-- 1 root root 3102 Mar  3 03:20 /etc/lighttpd/lighttpd.conf
   server.modules = (
   	"mod_access",
   	"mod_accesslog",
   	"mod_auth",
   	"mod_expire",
   	"mod_compress",
   	"mod_redirect",
   	"mod_setenv",
   	"mod_rewrite"
   )
   server.document-root        = "/var/www/html"
   server.error-handler-404    = "pihole/index.php"
   server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
   server.errorlog             = "/var/log/lighttpd/error.log"
   server.pid-file             = "/var/run/lighttpd.pid"
   server.username             = "www-data"
   server.groupname            = "www-data"
   server.port                 = 80
   accesslog.filename          = "/var/log/lighttpd/access.log"
   accesslog.format            = "%{%s}t|%V|%r|%s|%b"
   index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
   url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
   static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
   compress.cache-dir          = "/var/cache/lighttpd/compress/"
   compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "/usr/share/lighttpd/create-mime.assign.pl"
   include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"
' 2>/dev/null"
   $HTTP["url"] =~ "^/admin/" {
       
       setenv.add-response-header = (
           "X-Pi-hole" => "The Pi-hole Web interface is working!",
           "X-Frame-Options" => "DENY"
       )
       $HTTP["url"] =~ ".ttf$" {
           
           setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
       }
   }
   $HTTP["url"] =~ "^/admin/\.(.*)" {
        url.access-deny = ("")
   }
   include_shell "cat external.conf 2>/dev/null"

*** [ DIAGNOSING ]: contents of /etc/cron.d

-rw-r--r-- 1 root root 1704 Mar  3 03:20 /etc/cron.d/pihole
   25 3   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
   00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush once quiet
   @reboot root /usr/sbin/logrotate /etc/pihole/logrotate
   */10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local
   33 15  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
   @reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot

*** [ DIAGNOSING ]: contents of /var/log/lighttpd

-rw-r--r-- 1 www-data www-data 73 Mar 17 06:25 /var/log/lighttpd/error.log
   2019-03-17 06:25:09: (server.c.1534) logfiles cycled UID = 0 PID = 5523 

*** [ DIAGNOSING ]: contents of /var/log

-rw-r--r-- 1 pihole pihole 971 Mar 17 21:39 /var/log/pihole-FTL.log
   -----head of pihole-FTL.log------
   [2019-03-17 00:16:30.643 486] Resizing "/FTL-strings" from 106496 to 110592
   [2019-03-17 03:25:27.826 486] Compiled 0 Regex filters and 572 whitelisted domains in 7.3 msec (0 errors)
   [2019-03-17 03:25:29.589 486] /etc/pihole/black.list: parsed 12 domains (took 0.5 ms)
   [2019-03-17 03:25:35.144 486] /etc/pihole/gravity.list: parsed 252021 domains (took 5553.9 ms)
   [2019-03-17 08:53:21.444 486] Resizing "/FTL-strings" from 110592 to 114688
   [2019-03-17 10:19:01.236 486] Resizing "/FTL-strings" from 114688 to 118784
   [2019-03-17 11:46:59.187 486] Resizing "/FTL-strings" from 118784 to 122880
   [2019-03-17 13:16:59.856 486] Resizing "/FTL-strings" from 122880 to 126976
   [2019-03-17 16:40:38.817 486] Resizing "/FTL-strings" from 126976 to 131072
   [2019-03-17 19:18:10.568 486] Resizing "/FTL-strings" from 131072 to 135168
   [2019-03-17 21:39:48.511 486] Resizing "/FTL-strings" from 135168 to 139264
   [2019-03-17 21:39:59.934 486] Resizing "/FTL-strings" from 139264 to 143360

   -----tail of pihole-FTL.log------
   [2019-03-17 00:16:30.643 486] Resizing "/FTL-strings" from 106496 to 110592
   [2019-03-17 03:25:27.826 486] Compiled 0 Regex filters and 572 whitelisted domains in 7.3 msec (0 errors)
   [2019-03-17 03:25:29.589 486] /etc/pihole/black.list: parsed 12 domains (took 0.5 ms)
   [2019-03-17 03:25:35.144 486] /etc/pihole/gravity.list: parsed 252021 domains (took 5553.9 ms)
   [2019-03-17 08:53:21.444 486] Resizing "/FTL-strings" from 110592 to 114688
   [2019-03-17 10:19:01.236 486] Resizing "/FTL-strings" from 114688 to 118784
   [2019-03-17 11:46:59.187 486] Resizing "/FTL-strings" from 118784 to 122880
   [2019-03-17 13:16:59.856 486] Resizing "/FTL-strings" from 122880 to 126976
   [2019-03-17 16:40:38.817 486] Resizing "/FTL-strings" from 126976 to 131072
   [2019-03-17 19:18:10.568 486] Resizing "/FTL-strings" from 131072 to 135168
   [2019-03-17 21:39:48.511 486] Resizing "/FTL-strings" from 135168 to 139264
   [2019-03-17 21:39:59.934 486] Resizing "/FTL-strings" from 139264 to 143360

*** [ DIAGNOSING ]: contents of /dev/shm
-rw------- 1 pihole pihole 2621440 Mar 16 15:20 /dev/shm/FTL-clients
-rw------- 1 pihole pihole 108 Mar 16 15:20 /dev/shm/FTL-counters
-rw------- 1 pihole pihole 262144 Mar 17 22:04 /dev/shm/FTL-domains
-rw------- 1 pihole pihole 163840 Mar 16 15:20 /dev/shm/FTL-forwarded
-rw------- 1 pihole pihole 28 Mar 17 06:11 /dev/shm/FTL-lock
-rw------- 1 pihole pihole 8192 Mar 16 15:20 /dev/shm/FTL-overTime
-rw------- 1 pihole pihole 14450688 Mar 17 06:11 /dev/shm/FTL-queries
-rw------- 1 pihole pihole 12 Mar 16 15:20 /dev/shm/FTL-settings
-rw------- 1 pihole pihole 143360 Mar 17 21:39 /dev/shm/FTL-strings

*** [ DIAGNOSING ]: Locale
    LANG=

*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 pihole pihole 131941991 Mar 17 22:51 /var/log/pihole.log
   -----head of pihole.log------
   Mar 17 00:01:14 dnsmasq[486]: query[A] 0.debian.pool.ntp.org from 127.0.0.1
   Mar 17 00:01:14 dnsmasq[486]: forwarded 0.debian.pool.ntp.org to 1.1.1.1
   Mar 17 00:01:14 dnsmasq[486]: query[AAAA] 0.debian.pool.ntp.org from 127.0.0.1
   Mar 17 00:01:14 dnsmasq[486]: forwarded 0.debian.pool.ntp.org to 1.1.1.1
   Mar 17 00:01:15 dnsmasq[486]: dnssec-query[DS] ntp.org to 1.1.1.1
   Mar 17 00:01:15 dnsmasq[486]: dnssec-query[DS] ntp.org to 1.1.1.1
   Mar 17 00:01:15 dnsmasq[486]: reply ntp.org is BOGUS DS
   Mar 17 00:01:15 dnsmasq[486]: validation 0.debian.pool.ntp.org is BOGUS
   Mar 17 00:01:15 dnsmasq[486]: reply 0.debian.pool.ntp.org is 184.105.182.7
   Mar 17 00:01:15 dnsmasq[486]: reply 0.debian.pool.ntp.org is 206.55.191.142
   Mar 17 00:01:15 dnsmasq[486]: reply 0.debian.pool.ntp.org is 69.89.207.199
   Mar 17 00:01:15 dnsmasq[486]: reply 0.debian.pool.ntp.org is 104.168.88.15
   Mar 17 00:01:15 dnsmasq[486]: reply ntp.org is BOGUS DS
   Mar 17 00:01:15 dnsmasq[486]: validation 0.debian.pool.ntp.org is BOGUS
   Mar 17 00:01:15 dnsmasq[486]: reply 0.debian.pool.ntp.org is NODATA-IPv6
   Mar 17 00:01:15 dnsmasq[486]: query[A] 0.debian.pool.ntp.org from 127.0.0.1
   Mar 17 00:01:15 dnsmasq[486]: forwarded 0.debian.pool.ntp.org to 1.1.1.1
   Mar 17 00:01:15 dnsmasq[486]: query[AAAA] 0.debian.pool.ntp.org from 127.0.0.1
   Mar 17 00:01:15 dnsmasq[486]: forwarded 0.debian.pool.ntp.org to 1.1.1.1
   Mar 17 00:01:15 dnsmasq[486]: dnssec-query[DS] ntp.org to 1.1.1.1


********************************************
********************************************
[✓] ** FINISHED DEBUGGING! **

    * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
    * For more information, see: https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/
    * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat.
[i] Debug script running in automated mode
    * Using openssl for transmission.
[✗]  There was an error uploading your debug log.
   * Please try again or contact the Pi-hole team for assistance.
   * A local copy of the debug log can be found at: /var/log/pihole_debug-sanitized.log
0 Likes

#2

I had a pi do this recently a reboot on the device fixed it when i looked up the issue it was a kernel panic issue or something vague like that

0 Likes

#3

This seems to be the issue:

Mar 17 00:01:14 dnsmasq[486]: query[AAAA] 0.debian.pool.ntp.org from 127.0.0.1
Mar 17 00:01:14 dnsmasq[486]: forwarded 0.debian.pool.ntp.org to 1.1.1.1
Mar 17 00:01:15 dnsmasq[486]: dnssec-query[DS] ntp.org to 1.1.1.1
Mar 17 00:01:15 dnsmasq[486]: dnssec-query[DS] ntp.org to 1.1.1.1
Mar 17 00:01:15 dnsmasq[486]: reply ntp.org is BOGUS DS
Mar 17 00:01:15 dnsmasq[486]: validation 0.debian.pool.ntp.org is BOGUS
Mar 17 00:01:15 dnsmasq[486]: reply 0.debian.pool.ntp.org is 184.105.182.7

Something with your dns security looks like it is returning BOGUS you should be seeing something more like this, don’t use dns security though so can’t tell you what is going wring.

Mar 17 23:53:39 dnsmasq[928]: query[A] 0.debian.pool.ntp.org from 127.0.0.1
Mar 17 23:53:39 dnsmasq[928]: forwarded 0.debian.pool.ntp.org to 2600:???:6b63
Mar 17 23:53:40 dnsmasq[928]: reply 0.debian.pool.ntp.org is 129.250.35.250
Mar 17 23:53:40 dnsmasq[928]: reply 0.debian.pool.ntp.org is 45.76.244.193
Mar 17 23:53:40 dnsmasq[928]: reply 0.debian.pool.ntp.org is 138.197.16.235
Mar 17 23:53:40 dnsmasq[928]: reply 0.debian.pool.ntp.org is 198.55.111.50

0 Likes

#4
0 Likes

#5

As @Stan-qaz has already noted, you are receiving a BOGUS reply for a valid domain. This may indicate that the time on your Pi is incorrect.

The reason for the many queries to this domain appears to be that the device making the queries is not receiving a reply.

What are the outputs of these commands from the Pi terminal:

dig 0.debian.pool.ntp.org

dig 0.debian.pool.ntp.org @1.1.1.1

0 Likes

#6

Thank you all for helping. Just trying to make the “fix” as simple as possible. The output from:

First command:

pi@DNSpiB:~ $ sudo dig 0.debian.pool.ntp.org

; <<>> DiG 9.10.3-P4-Raspbian <<>> 0.debian.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64483
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;0.debian.pool.ntp.org.         IN      A

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar 18 22:23:10 GMT 2019
;; MSG SIZE  rcvd: 50

Second command:

pi@DNSpiB:~ $ sudo dig 0.debian.pool.ntp.org @1.1.1.1

; <<>> DiG 9.10.3-P4-Raspbian <<>> 0.debian.pool.ntp.org @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62873
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;0.debian.pool.ntp.org.         IN      A

;; ANSWER SECTION:
0.debian.pool.ntp.org.  29      IN      A       80.92.126.65
0.debian.pool.ntp.org.  29      IN      A       85.93.216.115
0.debian.pool.ntp.org.  29      IN      A       103.47.76.177
0.debian.pool.ntp.org.  29      IN      A       5.34.248.225

;; Query time: 4 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Mar 18 22:26:42 GMT 2019
;; MSG SIZE  rcvd: 114

At the risk of confusing things, I will add this observation / fact. there have been no changes to my Pi-Hole or Raspbian since I updated to the latest version of FTL. So this seemst ohave just started to occur. I just checked, for example, if there were material Raspian updates and I get this error when I do an `sudo apt update:

pi@DNSpiB:~ $ sudo apt update
Get:1 http://archive.raspberrypi.org/debian stretch InRelease [25.4 kB]
Err:2 http://raspbian.raspberrypi.org/raspbian stretch InRelease
  Temporary failure resolving 'raspbian.raspberrypi.org'
Get:3 http://archive.raspberrypi.org/debian stretch/main armhf Packages [214 kB]
Get:4 http://archive.raspberrypi.org/debian stretch/ui armhf Packages [44.4 kB]
Fetched 284 kB in 3s (85.7 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
15 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://raspbian.raspberrypi.org/raspbian/dists/stretch/InRelease  Temporary failure resolving 'raspbian.raspberrypi.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

Not sure if this is related in anyway. Thanks for the help for any thoughts on next steps.

0 Likes

#7

Did you check the time that the Pi is set to, I think it has to be close to the correct time with the security enabled or the lookups will fail as you are seeing:

Temporary failure resolving ‘raspbian.raspberrypi.org

The date command may get you close enough to see if that is the issue, using ntp to keep the time right is a good long-term fix.

2 Likes

#8

Thank you all for your help! After following the ave advice I confirmed @Stan-qaz suspicion and checked the time, it was off quite about 25 hours… Trying to set via NTP was failing so manually set the time using sudo date -s "Fri Mar 22 20:22:30 UTC 2019" Once I got the correct date from timeanddate.com.

After a reboot i was able to successfully run “sudo apt update” which I wasn’t able to before. The problem appears to be resolved according to my logs. Will report back if anything changes after using it for a while. I will blame it on the blizzard we had in Denver and corresponding brownouts… Guess my UPS wasn’t quick enough for one of them…

0 Likes

#9

I’m going to add this info in case it’s helpful to others. You can run the following command to see the current time set and if the Pi is being sync’d with an NTP Server. I’ll request this as a feature request to display this information in the settings, i think it would be useful to prevent this from happening to others. Perhaps a next step would be to allow the Pi-hole to config the /etc/systemd/timesyncd.conf to allow one to choose their own NTP servers IP address (to prevent this from happening to others using DNSSEC) from this link https://tf.nist.gov/tf-cgi/servers.cgi.

pi    @DNSpiB:~ $ timedatectl status
          Local time: Thu 2019-03-21 21:08:36 MDT
      Universal time: Fri 2019-03-22 03:08:36 UTC
            RTC time: n/a
           Time zone: US/Mountain (MDT, -0600)
    Network time on: yes
    NTP synchronized: yes
     RTC in local TZ: no
1 Like

closed #10

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

0 Likes