Man of Honour
How slow @Feek ? I'm not sure how 'quick' mine is but it feels snappy enough.
Setting up Pi-hole
- Thread starter NoNameNoNumber
- Start date
Commissario
Seconds, at least three seconds after hitting enter.
I have two Pi-holes, I've been meaning to rebuild one that's still on Stretch for a while so I'll get that sorted and then blitz the other one as well. This gives me a good excuse to do it.
Man of Honour
Ah, how strange.
If you open terminal and do: dig overclockers.co.uk what's the response time? I've just as it happens repaired mine as I'd changed router and stupidly missed one tiny little entry in dhcpd - static router was set as .1 when my new address is .254. I changed *everything* before realising it was just that one thing.
Doing dig overclockers.co.uk the first time was 8ms and thereafter 1ms (I'm using unbound as asked):
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45866
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;overclockers.co.uk. IN A
;; ANSWER SECTION:
overclockers.co.uk. 295 IN A 185.103.4.10
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 08 14:22:51 BST 2020
;; MSG SIZE rcvd: 63
It would be interesting to see the difference from mac and rpi, these results are ssh into my pi, if I do from my mac then there's additional response time as I'm on wifi.
If you open terminal and do: dig overclockers.co.uk what's the response time? I've just as it happens repaired mine as I'd changed router and stupidly missed one tiny little entry in dhcpd - static router was set as .1 when my new address is .254. I changed *everything* before realising it was just that one thing.
Doing dig overclockers.co.uk the first time was 8ms and thereafter 1ms (I'm using unbound as asked):
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45866
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;overclockers.co.uk. IN A
;; ANSWER SECTION:
overclockers.co.uk. 295 IN A 185.103.4.10
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 08 14:22:51 BST 2020
;; MSG SIZE rcvd: 63
It would be interesting to see the difference from mac and rpi, these results are ssh into my pi, if I do from my mac then there's additional response time as I'm on wifi.
I haven't played with PiHole for a while (certainly not since the 'big update' recently). However unbound is a local DNS server/resolver/forwarder, whereas Open DNS is obviously an actual public DNS service running on a similar resolver of its own (like unbound, dnsmasq etc). The difference being that their cache will be massive and their traffic means results are always fresh and current (i.e. usually fast).
You can configure unbound as a forwarder (eg to Open DNS) or as its own resolver, querying the Internet root servers directly. The latter obviously takes more time, especially if your cache and TTL settings aren't optimal. That would explain the delay. I was under the impression PiHole used a forked version of dnsmasq though, not unbound? Checking /etc/unbound.conf may give some clues.
Don
I think the point is to run PiHole pointed at a "local" instance of Unbound, therefore avoiding having a 3rd party DNS service and any censoring/filtering done without knowing.
Yeah but that was my point. The PiHole service itself points to its (now bundled) copy of dnsmasq. It doesn't use unbound (afaik). Hence asking for clarification.
Edit: To save another couple of posts, if PiHole (or Feek's config) does indeed use unbound then as I said check it's not acting authoritatively (querying root servers) and try setting it as a forwarder instead.
Last edited:
Commissario
Now that's interesting. My Pihole was set like this and it's been working perfectly with no noticeable delays for nearly two years. I appreciate what you're saying about how it will take a little longer but I really couldn't tell any difference. I don't think it would have been down to the cache being stale and having to be refreshed because it was happening on every site I visited, including sites I'd been to just a few minutes before.
You mentioned a 'big update' which reminds me that I did do a pihole -up a couple of weeks ago which was well overdue as it had been saying there was an update for ages before this. It's entirely possible that the symptoms manifested after doing that but I honestly don't remember 100%.
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,921
It's easy enough to get it to use unbind instead of dnsmasq if preferred though the suggested install method does point to root servers rather than a forwarder.
Commissario
I did update the root hints file before disabling unbound, just to see if that was the problem. It didn't help.
That clears that up, then. @Feek change unbound to forwarder mode and point it to OpenDNS and see if the problem goes away. At least then you know where the issue lay, even if you decide to go back to querying the root servers directly and accept the delay. I'd rather know what it is than just 'forget' it, personally.
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,921
Even if it is going directly to the root servers I wouldn't expect DNS to be slow enough that someone would notice.
Having run unbound that way before, I definitely had similar issues with some domains.
Commissario
I actually have two Pi-holes and as one of them is running under Stretch, I've been meaning to rebuild it for a while.
They're both configured very similarly, they both run as DHCP servers (the ranges aren't overlapping) and they both give out themselves as primary DNS and the other Pi-hole as secondary DNS. They both have the same configuration regarding reserved IP addresses. This is done for redundancy as I used to spend a lot of time away and if one failed, it meant the house still had a working, ad protected internet connection. I don't go away very often now but I still like the redundancy.
I've disabled DHCP on the Stretch one and the Buster one is now only giving out itself so over the next 24 hours, as all the leases expire, they'll switch to the Buster based Pi-hole. This is the one with DNS that's working as I've described above.
I'll then write a new SD card with Buster and replace the Stretch Pi-hole. Assuming it works OK, I'll reverse the above and let everything use it and then I'll properly try and diagnose the fault.
They're both configured very similarly, they both run as DHCP servers (the ranges aren't overlapping) and they both give out themselves as primary DNS and the other Pi-hole as secondary DNS. They both have the same configuration regarding reserved IP addresses. This is done for redundancy as I used to spend a lot of time away and if one failed, it meant the house still had a working, ad protected internet connection. I don't go away very often now but I still like the redundancy.
I've disabled DHCP on the Stretch one and the Buster one is now only giving out itself so over the next 24 hours, as all the leases expire, they'll switch to the Buster based Pi-hole. This is the one with DNS that's working as I've described above.
I'll then write a new SD card with Buster and replace the Stretch Pi-hole. Assuming it works OK, I'll reverse the above and let everything use it and then I'll properly try and diagnose the fault.
Exactly, there really was no noticeable difference that I could detect.
Commissario
Ignore everything above, I've found the problem.
I installed some software on my iMac to automount my NAS volumes. It created a mount point in ~/library and Backblaze was absolutely thrashing my bandwidth by pushing 14Tb of data up to the cloud.
I don't want that to happen so I've stopped it and everything is back to full speed.
I installed some software on my iMac to automount my NAS volumes. It created a mount point in ~/library and Backblaze was absolutely thrashing my bandwidth by pushing 14Tb of data up to the cloud.
I don't want that to happen so I've stopped it and everything is back to full speed.
Soldato
- Joined
- 24 Sep 2015
- Posts
- 3,921
Oof. Yeah, that'd do it.
Commissario
On a plus side, I have two spanky rebuilt pi-holes, both on buster and both configured identically.
DHCP range split between the two, each one gives out itself as primary and the other as secondary.
DHCP range split between the two, each one gives out itself as primary and the other as secondary.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,708
That's nice Feek, I had a public pi-hole configured in Google VPS externally before, might spin up some new ones to have a play around with it again.
Commissario
I know, right. I've spent all day with the two dashboards open on a screen, it's just fascinating to keep an eye on what's happening.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,708
Have you had anything coming up that appears to be odd? Out of character ?