@deemon ok, understood. And yes, pihole-FTL.conf should deserve more love and for next release I can integrate new options that I surely missing over time.
Search Criteria
Package Details: pi-hole-server 5.17.3-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/pi-hole-server.git (read-only, click to copy) |
---|---|
Package Base: | pi-hole-server |
Description: | The Pi-hole is an advertising-aware DNS/Web server. Arch adaptation for lan wide DNS server. |
Upstream URL: | https://github.com/pi-hole/pi-hole |
Keywords: | ad block pi-hole |
Licenses: | EUPL-1.2 |
Conflicts: | pi-hole-standalone |
Submitter: | max.bra |
Maintainer: | max.bra (graysky) |
Last Packager: | max.bra |
Votes: | 110 |
Popularity: | 1.32 |
First Submitted: | 2016-01-13 12:50 (UTC) |
Last Updated: | 2024-01-08 10:37 (UTC) |
Dependencies (18)
- bc (bc-ghAUR)
- bind-tools (bind-developmentAUR, bind-gitAUR, bind)
- inetutils (inetutils-gitAUR, busybox-coreutilsAUR)
- iproute2 (iproute2-gitAUR, busybox-coreutilsAUR, iproute2-selinuxAUR)
- jq (jq-gitAUR)
- logrotate (logrotate-selinuxAUR, logrotate-gitAUR)
- lsof (lsof-gitAUR)
- netcat (nmap-netcatAUR, openbsd-netcat-gitAUR, gnu-netcat-svnAUR, gnu-netcat, openbsd-netcat)
- perl (perl-gitAUR)
- pi-hole-ftlAUR
- procps-ng (procps-ng-gitAUR, busybox-coreutilsAUR)
- sudo (nosudoAUR, fake-sudoAUR, polkit-fakesudoAUR, sudo-gitAUR, doas-sudo-shimAUR, doas-sudo-shim-minimalAUR, sudo-hgAUR, sudo-selinuxAUR, fudo-gitAUR)
- git (git-gitAUR, git-fcAUR) (make)
- lighttpd (optional) – a secure, fast, compliant and very flexible web-server
- nginx-mainline (nginx-quic-openssl-hgAUR, nginx-quicAUR, nginx-quic-libresslAUR) (optional) – lightweight http server
- php-cgi (optional) – CGI and FCGI SAPI for PHP needed only for lighttpd
- php-fpm (optional) – FastCGI process manager for php needed for nginx
- php-sqlite (optional) – sqlite db access for nginx
Required by (2)
- padd-git
- pi-hole-whitelist-git (optional)
Sources (15)
- dnsmasq.include
- https://raw.githubusercontent.com/max72bra/pi-hole-server-archlinux-customization/master/arch-server-admin-5.21-1.patch
- https://raw.githubusercontent.com/max72bra/pi-hole-server-archlinux-customization/master/arch-server-core-5.17.3-1.patch
- lighttpd.pi-hole.conf
- mimic_basic-install.sh
- mimic_setupVars.conf.sh
- nginx.pi-hole.conf
- pi-hole-gravity.service
- pi-hole-gravity.timer
- pi-hole-logtruncate.service
- pi-hole-logtruncate.timer
- pi-hole-server-admin-5.21.tar.gz
- pi-hole-server-core-5.17.3.tar.gz
- pi-hole.tmpfile
- piholeDebug.sh
max.bra commented on 2024-01-05 09:16 (UTC)
deemon commented on 2024-01-04 20:43 (UTC)
@max.bra naaa it's alright. it's "working as intended" and "didn't crash" apparently. Which is pi-hole-ftl by default allows 1000/60 (1000 queries per minute) from one single host and if this host exceeds the limit, he will be blocked (for how long I don't know, but blocked), while at the same time working for everyone else still normally. https://docs.pi-hole.net/ftldns/configfile/
Now "my problem" was that I have pi-hole-server (and jellyfin server, and some other stuff) running in my desktop computer for all my home LAN (TV's and phones (wifi connected devices etc)), and when I tried to download steam games the desktop computer itself (while being also pi-hole server at the same time) got blocked from DNS requests. So as a cascade effect, anyone else who was using any of the services (also including DNS requests via pi-hole-server) in the LAN got kind of blocked out of it at the same time somehow (although they themselves were not really blocked by pihole?).
Also "my problem #2" was also that there was nothing about this RATE_LIMIT in the /etc/pihole/pihole-FTL.conf
file itself (I assumed all the possible options were there, just commented out, which is not the case at all, if you check the link above - there are TONS of other options apparently), which I discovered couple of days later.
Also checked the logs and apparently Steam, while trying to download stuff, does about 1490 DNS queries per minute, which is way over the default pihole limit.
So adding the line RATE_LIMIT=1000/10
to the config file, effectively increasing the limit 6x (just in case), fixed the issue currently.
max.bra commented on 2024-01-04 09:45 (UTC)
@deemon or better, are you sure that ftl crash? I manage to understand that... Or simply it cut you out on DNS resolution for a while?
max.bra commented on 2024-01-04 09:42 (UTC)
@deemon ok for the rate limit "unlimiting" but it is a workaround. It is there for security reasons and anyway ftl should not crash on that. Maybe is dnsmasq that explode? Do you have something relevant system log?
deemon commented on 2024-01-04 09:35 (UTC) (edited on 2024-01-04 09:37 (UTC) by deemon)
@max-bra found solution -- edited the previous post. same workstation. apparently Steam expects your own computer to do some DNS caching(?), but when you run your pi-hole in the same computer, pi-hole is the thing that will catch all the queries in the first place? Just in case made a bugreport to steam-for-linux github also for excessive DNS queries.
max.bra commented on 2024-01-04 09:06 (UTC)
@deemon seems to be related to some rate limit problem... No clue on why your steam is able to generate this... It seems like a DOS attack!! :-)
Anything particular in your setup? Is pi-hole on a different box or is in your workstation?
deemon commented on 2024-01-04 08:48 (UTC) (edited on 2024-01-04 09:32 (UTC) by deemon)
Found the reason for the pihole going wrong. When I start downloading new game with Steam, it manages to overwhelm pi-hole and stops functioning for everything. If the game is big enough, it crashes pihole several times after being reset. For downloading now 47GB of elden ring has caused it to crash 5 times at least and it's still 51% done still.
Apparently there's workaround to increase or remove (set 0/0) the RATE_LIMIT from default 1000/60, which you can do in /etc/pihole/pihole-FTL.conf
deemon commented on 2024-01-02 11:45 (UTC) (edited on 2024-01-02 12:26 (UTC) by deemon)
Last week pihole has started stop functioning (like 3rd time now) -- no DNS service working at all.
Restarting the service has fix it. While it has been "stuck", pihole status
still reports everything fine:
[✓] FTL is listening on port 53
[✓] UDP (IPv4)
[✓] TCP (IPv4)
[✓] UDP (IPv6)
[✓] TCP (IPv6)
[✓] Pi-hole blocking is enabled
However when you look into pihole -t
you see MASSIVE spam of this nonsense:
Jan 2 13:38:30: query[A] google2.cdn.steampipe.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting google2.cdn.steampipe.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[A] cache8-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache8-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[A] cache8-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache8-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[A] cache8-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache8-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[AAAA] cache1-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache1-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[AAAA] cache1-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache1-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[AAAA] cache1-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache1-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[AAAA] cache1-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache1-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[A] cache1-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache1-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[A] cache1-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache1-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[A] cache1-sto2.steamcontent.com from 127.0.0.1
Jan 2 13:38:30: config error is REFUSED (EDE: blocked)
Jan 2 13:38:30: Rate-limiting cache1-sto2.steamcontent.com is REFUSED (EDE: blocked)
Jan 2 13:38:30: query[A] cache1-sto2.steamcontent.com from 127.0.0.1
max.bra commented on 2023-11-06 09:09 (UTC)
@smaxer maybe FTL is killed by some out of memory cleaner?
smaxer commented on 2023-11-02 23:52 (UTC)
No, basically just the same messages as coming from pihole-FTL.service
Pinned Comments
max.bra commented on 2018-02-09 16:45 (UTC) (edited on 2019-10-18 23:14 (UTC) by max.bra)
ArchLinux Pi-hole is not officially supported by Pi-hole project. In case of bugs and malfunctions please DO NOT file a report upstream.
First of all check if the wiki (https://wiki.archlinux.org/index.php/Pi-hole) can help then ask here for assistance and tips.
When it will be excluded that the problem does not depend on ArchLinux we will file a bug upstream.