I tried rebooting my Raspberry when I noticed it and it seemed to fix it, but I really wish I knew what happened and if there's something I could/should do to properly fix it.
Details about my system:
I'm on a Raspberry Pi 4, 4Gb RAM, with Raspberry Pi OS (Buster).
I'm running a cloudflared client, configured following the docs at pi-hole.net
What I have changed since installing Pi-hole:
Installed cloudflared, steamlink and RetroPie on it. All of them days before this problem surfaced.
Seems like your clients stopped using Pi-hole for some time.
If that's the case, it would be your clients behaving weird, not your dashboard.
Let's see what amount of queries Pi-hole has processed during that time.
Run the following command from your Pi-hole machine:
sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, count(domain) FROM queries \
WHERE (timestamp BETWEEN strftime('%s','2020-09-13 04:00 +02:00') AND strftime('%s','2020-09-13 22:00 +02:00')) \
GROUP BY domain ORDER BY 2 DESC LIMIT 12;"
I tried to guess your time frame form your screenshot, but please change exact date and times as required. Be particularly careful to adjust both of the time zone modifiers to your correct value (the current +02:00 value reflects central European summer time).
You can find out which time zone your Pi-hole machine is using by running timedatectl.
Hi there! Thanks for the response and sorry for tooking my time. Busy day.
Here's it is:
pi@raspberrypi:~ $ sqlite3 /etc/pihole/pihole-FTL.db "SELECT domain, count(domain) FROM queries WHERE (timestamp BETWEEN strftime('%s', '2020-09-13 04:00 -03:00') AND strftime('%s', '2020-09-13 22:00 -03:00')) GROUP BY domain ORDER BY 2 DESC;"
10.15.168.192.in-addr.arpa|19
11.15.168.192.in-addr.arpa|19
12.15.168.192.in-addr.arpa|19
20.15.168.192.in-addr.arpa|19
22.15.168.192.in-addr.arpa|19
4.15.168.192.in-addr.arpa|19
5.15.168.192.in-addr.arpa|19
6.15.168.192.in-addr.arpa|19
The strange thing is it just started behaving like that I by chance I checked the Dashboard in the very beginning of the 'incident':
Edit: I was browsing the internet with my device the whole 01:00 - 02:00 time span, but the only client registered in the graph in this span is localhost
Your database confirms that there have been only reverse lookups for your local private addresses, which is what Pi-hole does routinely every sharp hour.
This would mean that Pi-hole didn't receive any client DNS request during that time.
Pi-hole itself cannot prevent clients from issuing DNS requests in any way.
The reason for this must be external to Pi-hole
Your SQL result shows your Pi-hole is aware of 8 client IPs.
It would be an unlikely coincidence if they all stopped using Pi-hole at the same time, for the exactly same duration (unlikely, but not entirely impossible).
This would hint at a cause external to your clients as well, leaving your Pi-hole host machine or some network equipment like your router, a wifi AP or a switch to suspect.
How did you integrate Pi-hole into your network? And is there another DNS resolver on your network?
My pi-hole is running on a Raspberry Pi 4 connected to my router over cable.
The raspberry (aswell as all my devices) has static IPs and my router has the following DNS server setup:
raspberry IP
router IP (as I understand it, my ISP will resolve DNS queries as a fallback)
Maybe it's possible something strange is happening to the IP of my raspberry and it is being reassigned for some reason. I'll take a closer look at it if it ever happens again.
Pi-hole should be your network's only DNS server.
When offering an alternate DNS server to your clients, that DNS server will be used at a client's discretion. It would depend on a client what triggers that use and how often that happens.
This is more likely to happen in your network since your Pi-hole's IPv6 address seems to be incorrect:
*** [ DIAGNOSING ]: Networking
[✓] IPv6 address(es) bound to the eth0 interface:
2804:<redacted>:b3e6 does not match the IP found in /etc/pihole/setupVars.conf
fe80::<redacted>:4215 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] ads.centraliprom.com is :: via localhost (::1)
[✗] Failed to resolve ads.centraliprom.com via Pi-hole (2804:<redacted>:bbb3)
I'd recommend removing that second DNS server.
Also, see if you can Use IPv6 ULA addresses for Pi-hole, or use your Pi-hole's link-local address (fe80).
Removed the secondary DNS IP address, as suggested, but after searching all over my router config, I don't believe there's an IPv6 ULA configuration anywhere.
Anyway, it seems to have stopped now. Thank you!