Weird DNS issues?

GlynH · September 19, 2022, 5:30pm

Hi there,

I'm having some issues with Pi-hole and DNS queries I believe that is causing some weird issues on my network.

Pi-hole has been running for a couple of years now on a Pi4/4GB running Buster dedicated to the task.

The problems I am having are intermittent & varied;

Sometimes pages in the browser (Edge on PC & Safari on Mac/iOS) are very slow on opening and sometimes don't open at all. I have seen an error message on Edge mentioning a DNS issue and thought I took a screenshot but I can't find it.

I have another Pi4/4GB dedicated to feeding FR24, FA, RB24 and ADSBExchange and a couple of times over the weekend it stopped sending data to all of the VR sites and I couldn't even display the data locally.

Another example is if I use the 9to5 Mac app on my iPhone I can read any of the articles but when I click on Comments I do not see any comments on the article at all. If I switch off wi-fi on my phone and use 4G and then click back on the same Comments button I can read all of the comments on that same article.

Again over the weekend I had these and other Pi's drop off the network along with some hardware devices most but not all of which have a static IP address.

A reboot of my PoE switch that also powers all 6 Pi's, 3 WAP's and other devices seemed to temporarily resolve the problem but then it comes back again.

In my DrayTek router I did have both Primary & Secondary DNS Servers set to the same 192.168.0.xxx internal IP address of Pi-hole but over the weekend I removed the secondary to leave it blank and I notice now on some devices the Secondary instead of showing internal Pi-hole IP address is displaying an external IP address from my ISP. Not sure what do set for the best here?

Pi-hole is set to use Cloudflare (DNSSEC) and is set to never forward non-FQDN A and AAAA queries and is not acting as a DHCP Server.

It is showing 1 notification against Pi-hole diagnosis but when clicking into it there are no errors shown?

I don't know where else to look or what to do apart from generating & sending a debug log so I have already taken the liberty of doing this and my debug token is https://tricorder.pi-hole.net/td2Izrkj/

Strangely I done a pihole- up followed by sudo reboot only a day or so ago and yet I see all three elements; Pihole, FTL & web Interface are showing as can be updated?

Any help or advice would be greatly appreciated to steer me towards resolving(!) this intermittent issue.

Thanks & kind regards,
-=Glyn=-

jfb · September 19, 2022, 6:15pm

The diagnosis message is that one of your subscribed adjusts is no longer available. Remove the adlist and rebuild gravity.

*** [ DIAGNOSING ]: Pi-hole diagnosis messages
   count   last timestamp       type                  message                                                       blob1                 blob2                 blob3                 blob4                 blob5               
   ------  -------------------  --------------------  ------------------------------------------------------------  --------------------  --------------------  --------------------  --------------------  --------------------
   1       2022-09-18 10:17:11  ADLIST                https://mirror1.malwaredomains.com/files/justdomains          2

Your FTL log shows some errors regarding your query (or long term) database:

 -----tail of FTL.log------
   [2022-09-19 18:11:01.042 755/T771] ERROR: SQL query "END TRANSACTION" failed: database is locked
   [2022-09-19 18:11:01.043 755/T771] END TRANSACTION failed when trying to store queries to long-term database
   [2022-09-19 18:11:01.043 755/T771] Keeping queries in memory for later new attempt
   [2022-09-19 18:11:02.171 755/T771] ERROR: SQL query "END TRANSACTION" failed: database is locked
   [2022-09-19 18:11:02.171 755/T771] WARNING: Storing devices in network table failed: database is locked

Run these commands to move the existing database to a new file name and create a fresh database.

sudo service pihole-FTL stop

sudo mv /etc/pihole/pihole-FTL.db /etc/pihole/pihole-FTL-old.db

sudo service pihole-FTL start

GlynH · September 19, 2022, 7:51pm

Thanks for the quick reply jfb but you'll have to forgive my ignorance here.

Is the remove adlist/rebuild gravity and the FTL database two separate issues or do the last three lines do both tasks?

Guessing they are two separate tasks so if they are should I remove both of my adlists or just the second one shown that has a red cross against it and when deleted should I run pihole -g as stated at the top of that same page? Probably only the second one malwaredomains.com by the looks of it.

Sorry for the basic questions but I just want to be sure.

Pi-hole has been fantastic over the last couple of years and spoils you for when you read the news for example away from the house and you wonder where all those damn adverts come from!

A friend of mine plays Solitaire and was dog-sitting away from home these last two weeks and was asking me if there was a way to get rid of the ads when she plays!

Guess she could just VPN into my system from where she is staying I suppose.

Pi-hole was the sole reason I purchased a Raspberry Pi in the first place and now I have 6 of the things and would have a seventh if only I could find one at a reasonable price these days...

Thanks & kind regards,
-=Glyn=-

GlynH · September 19, 2022, 8:05pm

OK jfb ignore all of the above...I've plucked up some courage and deleted the malwaredomains adlist, ran pihole -g and then each of your three lines in turn and the notification seems to have gone now and I am left with just the first StevenBlack adlist.

Now I'm going to run pihole -up to update and take it from there.

I'm always a little paranoid playing around with Pi-hole or my VR server as if anything went wrong I would panic and be out of my depth in trying to troubleshoot so I really appreciate your help, support & patience!

Is it worth me posting another debug log for you to cast your expert eye over to make sure the issue has gone away?

Thanks & kind regards,
-=Glyn=-

jfb · September 19, 2022, 8:55pm

Yes. After you are all updated, post a fresh token and I'll review it.

GlynH · September 20, 2022, 5:04am

Thanks very much for that jfb,

I notice I have a different DNSMASQ_WARN now which indicates interface eth0 does not currently exist which is weird because that is the only interface that is enabled!

The Pi is powered by PoE and wi-fi and Bluetooth are both disabled.

Weirdly although the error notification shows on the PC Edge browser when I login locally there is no warning displayed.

However when I logon locally on the iPhone I can see the notification and the error warning itself?

I still can't see those article comments in the 9to5 Mac app when using wi-fi but can when switching wi-fi off although I concede that might not be a Pi-hole issue.

The new debug log token is https://tricorder.pi-hole.net/pESlU0pb/

Thanks again for your help & support.

Kind regards,
-=Glyn=-

GlynH · September 21, 2022, 2:23pm

Apologies for sending another debug log but I now have 49 errors showing!

In addition to the original;

Warning in dnsmasq core:
interface eth0 does not currently exist

I now have an additional 48 errors all the same stating;

Warning in dnsmasq core:
Maximum number of concurrent DNS queries reached (max: 150)

Seems like two identical devices on my network went haywire about half past midnight for 30 minutes or so?

I’ve contacted them to see if they are/were aware of a problem.

The latest Pi-hole debug log is here;

https://tricorder.pi-hole.net/HV6kIp0q/

Thanks & kind regards,
-=Glyn=-

system · October 12, 2022, 2:23pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.