On the web interface there is a list of top clients. As expected, my laptop is in there (it is actually at #1). For some reason my router is on there too but I don't expect it to do queries itself and definitely not rank as #2. So I wanted to look at the calls it does. Clicked on the link to go to: http://mypihole/admin/queries.php?client=192.168.1.1
and I get "An unknown error occured while loading the data."
Not what I expected especially since it is ranked as I said as #2. The odd thing is that the laptop I am using also gives the same error.
Maybe it's related to the volume, I don't know. #1 has 37k request, #2 has 15k requests. Both don't show up. #3 has 10k requests and that does load, I tried loading on an iPad and the same problem. #3 loads but the #1 and #2 don't.
-rw-r--r-- 1 pihole pihole 59M Jan 8 19:43 /etc/pihole/pihole-FTL.db
journalctl -u lighttpd | tail -n40
Jan 08 19:36:03 pihole sudo[709]: pam_unix(sudo:session): session closed for user root
Jan 08 19:36:32 pihole sudo[727]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:36:32 pihole sudo[727]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:36:32 pihole sudo[727]: pam_unix(sudo:session): session closed for user root
Jan 08 19:36:38 pihole sudo[746]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:36:38 pihole sudo[746]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:36:38 pihole sudo[746]: pam_unix(sudo:session): session closed for user root
Jan 08 19:37:02 pihole sudo[791]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:37:02 pihole sudo[791]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:37:02 pihole sudo[791]: pam_unix(sudo:session): session closed for user root
Jan 08 19:38:01 pihole sudo[874]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:38:01 pihole sudo[874]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:38:01 pihole sudo[874]: pam_unix(sudo:session): session closed for user root
Jan 08 19:38:01 pihole sudo[892]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:38:01 pihole sudo[892]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:38:01 pihole sudo[892]: pam_unix(sudo:session): session closed for user root
Jan 08 19:39:01 pihole sudo[919]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:39:01 pihole sudo[919]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:39:01 pihole sudo[919]: pam_unix(sudo:session): session closed for user root
Jan 08 19:40:02 pihole sudo[999]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:40:02 pihole sudo[999]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:40:02 pihole sudo[999]: pam_unix(sudo:session): session closed for user root
Jan 08 19:41:03 pihole sudo[1019]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:41:03 pihole sudo[1019]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:41:03 pihole sudo[1019]: pam_unix(sudo:session): session closed for user root
Jan 08 19:41:29 pihole sudo[1037]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:41:29 pihole sudo[1037]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:41:29 pihole sudo[1037]: pam_unix(sudo:session): session closed for user root
Jan 08 19:41:39 pihole sudo[1069]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:41:39 pihole sudo[1069]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:41:39 pihole sudo[1069]: pam_unix(sudo:session): session closed for user root
Jan 08 19:42:01 pihole sudo[1083]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:42:01 pihole sudo[1083]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:42:01 pihole sudo[1083]: pam_unix(sudo:session): session closed for user root
Jan 08 19:43:01 pihole sudo[1139]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:43:01 pihole sudo[1139]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:43:01 pihole sudo[1139]: pam_unix(sudo:session): session closed for user root
Jan 08 19:44:02 pihole sudo[1157]: www-data : TTY=unknown ; PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Jan 08 19:44:02 pihole sudo[1157]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 08 19:44:02 pihole sudo[1157]: pam_unix(sudo:session): session closed for user root
That's quite an impressive number (read as in: an awful lot) and the error you're seeing is to be expected in case your Pi-hole is set up on a low-power device. We made all efforts to provide the best service on such devices but when it comes to serving the frontend, things are certainly limited as we have to pipe everything though PHP at this time. A new API (which greatly improved performance) is in the works, but it will still take some time until it will get integrated into the regular releases of Pi-hole.
What kind of device do you run your Pi-hole on? Note that the link from the navigation bar will only open the most recent 100 queries and, hence, can be displayed without having the API run into a timeout as you're seeing with the >15k clients.
It's running on a Pi 3B. I also thought that the number was way too high which is what I was trying to figure out.
I have not solved it yet but have managed to find out more. The high number of requests come from my laptop which is trying to find it's office domain, which is not available at home. It sends out SRV requests quite often and periodically. These account for the high number of requests. Since they are SRV requests, they are not covered in the Windows hosts file but rather in the lmhosts file which I have not toyed with before.
Interestingly enough, the pi-hole does not put the requests on the blocked domains even though I have a wildcard set up for any request to that domain. "A" requests are blocked but "SRV" requests aren't.
Bottomline, it does not seem like a pi-hole problem but more a load problem. Nevertheless, when I solve this, I will post what I did hear anyway.