Hi everyone,
I am using PiHole that forward DNS queries to DoH proxy. I am seeing regular DNS resolution failures and DNS query take time to resolve. I tried both cloudflared dns proxy and DNScrypt. I am guessing these providers throttle DNS queries for users. PiHole and cloudflared are running on same instance (Rasberry Pi 4 4G model). I am also observing too many PTR queries coming from ntopng. I will try disabling IP resolution query in ntopng.
I also tried using unbound but seeing issue with it while resolving deep CNAME records.
I am using PiHole that forward DNS queries to DoH proxy. I am seeing regular DNS resolution failures and DNS query take time to resolve. I tried both cloudflared dns proxy and DNScrypt. I am guessing these providers throttle DNS queries for users. PiHole and cloudflared are running on same instance (Rasberry Pi 4 4G model). I am also observing too many PTR queries coming from ntopng. I will try disabling IP resolution query in ntopng.
Code:
cat /etc/default/cloudflared
CLOUDFLARED_OPTS=--metrics 0.0.0.0:8888 --address 0.0.0.0 --port 5555 --upstream https://dns.google/dns-query --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query --bootstrap https://162.159.36.1/dns-query --bootstrap https://162.159.46.1/dns-query
tail cloudflared.log
[2020-09-21T13:04:41.452147937Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:04:46.453392112Z]: failed to connect to an HTTPS backend "https://1.1.1.1/dns-query": failed to perform an HTTPS request: Post "https://1.1.1.1/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:04:51.453996111Z]: failed to connect to an HTTPS backend "https://1.0.0.1/dns-query": failed to perform an HTTPS request: Post "https://1.0.0.1/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:06:03.605122099Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:06:03.686881543Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:06:16.224977328Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:06:16.404906181Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:06:25.707826222Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:06:26.450271402Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
[2020-09-21T13:06:26.511473732Z]: failed to connect to an HTTPS backend "https://dns.google/dns-query": failed to perform an HTTPS request: Post "https://dns.google/dns-query": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
root@rspi-4:/var/log# grep SERVFAIL pihole.log | tail
Sep 21 18:54:07 dnsmasq[15057]: reply error is SERVFAIL
Sep 21 19:38:36 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:48:24 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:50:45 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:51:38 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:51:42 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:53:15 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:53:16 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:53:21 dnsmasq[1187]: reply error is SERVFAIL
Sep 21 19:54:08 dnsmasq[1187]: reply error is SERVFAIL
root@rspi-4:/var/log# grep -c SERVFAIL pihole.log
3672
root@rspi-4:/var/log# grep -c 'query\[PTR\]' pihole.log
55773
I also tried using unbound but seeing issue with it while resolving deep CNAME records.