The original post: /r/pihole by /u/Wasted-Friendship on 2024-11-04 17:37:25.
TLDR:
Something on my network overburdens my PiHole with requests and brings my internet down every hour at xx:20:00 until xx:21:41. I changed out my PiHole for an external DNS and it resolved it. Looking at the logs, I have a DNSMASQ error at this time with over 150 concurrent requests. I can't tell if it is because of the downtime or something else. How can I best troubleshoot?
Full story:
I have a FIrewalla Purple in transparent bridge mode between my UDMPro v1 and POE Switch with everything on the switch. This is to help monitor what is happening in my network (e.g., quarantine new devices, watch for malware), effectively a second eye in the sky for the UDMP IDS/IPS. For the past three months, every hour at the 20-minute mark, I lost my internet for about a minute and thirty to forty seconds and the Firewalla downtime tracking confirms this downtime as a hard-wired device.
- Troubleshoot Step 1:
- I have been working outside on this, starting with Xfinity. They did identify that I had a previously installed overly complex system, including MoCa filters and a high noise-to-signal ratio. They fixed it, and my network pings dropped from 27 to 13 ms. Speeds increased as well. Unfortunately, the network kept dropping. I next started to go internal to the network.
- Troubleshoot Step 2:
- I pulled my Firewalla out of line and connected the switch and UDMP with an SPF+ cable, and the same thing continued.
- Troubleshoot Step 3:
- I pulled my PiHole down and used a 100% external DNS provider. Everything has been stable for 48 hours now and everyone is happy...except me seeing all these ads again.
I would then venture to guess that a PiHole setting is the problem here. I did some investigating around and I did find that I am getting DNSMASQ errors around this time:
PiHole Instance 1:
PiHole Instance 2:
It doesn't log every downtime, but it just so happens to be coincidental that both systems die within a millisecond of each other at the exact same time. Instance one is running on a Synology 918+ and the second is running in a NUC. Both do not have any log problems during this time. I have discovered that Firewalla does do a ton of DNS queries at one time. I caught this because a device was doing a ton of DNS requests to check IPs for blocking. Something Firewalla confirmed was normal behavior. I thought this may be the culprit here, but in troubleshoot step 2, it was gone and I was still having disconnect problems.
Having had PiHole for years and loving the internet without trackers and ads, I feel disgusted doing web work without this protection, and I want to put it back in line. My wife and kids will kill me because they value stability over privacy.
How can I troubleshoot this?