DNS Issue Causing Docker Update/Access Issues

[snowborder714]

I've been running into this issue for some time now and cannot figure out what might be causing it.  Hopefully my information below and the two attached diagnostics files can aid someone in helping me troubleshoot.

 

When I first spin the array up, I'm able to ping URLs/IPs, I am able to update docker containers/plugins, DuckDNS works to access Emby, and I don't get any errors in Fix Common Problems.

 

After a while, all of the above breaks.  I tried researching and found a lot of threads with similiar issues but nothing that contained a resolution that has worked for me.  One thing you may see in the diagnostics files is that one of my DNS Servers is my router.  This was a recent change I made per this thread.  It did not help.

 

I have Ubiquiti gear for networking (USG is my router).  My server is on the same network (192.168.1.x) as the rest of my personal devices in the house.  I do have that network set up in Unifi Controller docker with a with a manual DNS of my Pihole docker so that all traffic routes through it.  But the Unraid server is set for Quad9 and Google's public DNS servers (and the router, per the above comments for testing purposes).  I do not see any traffic in Pihole from the Unraid server's IP.

 

Any suggestions on how to further troubleshoot this issue?  I don't have any issues on other devices and the fact that it resolves itself after I spin down the array and stays resolved after I spin it back up for awhile points to something on the Unraid server to me.  I just don't know what would cause an issue like this.

 

Diagnostics files

-0913.zip was from when the issue was happening

-0929.zip was from after I restarted the array and the issue was resolved

tower-diagnostics-20220627-0929.zip tower-diagnostics-20220627-0913.zip

[snowborder714]

It has since reverted back to having a DNS issue.  Does anyone have any suggestions on what to look at?

[snowborder714]

I tried restarting my Unifi USG on its own (and not stop/start the array) and that also fixed the issue.  Anyone have an idea why just this server is getting hung up on the router?

[Vr2Io]

In diag 0913 ( and diag 0929 ) almost same figure, there are many dropped. My two 7x24 Unraid less then ten.

In first, I ask what is the purpose of br0.30, if according TX packets only 5, it seems no usage of that VLAN, otherwise it should be dropped in RX side.

 

What purpose of VLAN 30 ?

What network mode setting in your Pihole docker ? Bridge ?

 

I also apply Pihole for DNS resolve for whole network, but I like use Custom mode with fixed IP assign to it. I also apply VALN in my network, I found the best way to serve all VLAN DNS service is setting standalone subnet with stanalone VLAN, then enable internal routing for it for DNS resolve.

 

 

I will suggest you

- Connect eth_1 to your switch and assign a stanalone VLAN to it. ( Untag VLAN )

- Set it in different subnet in Unraid

- Enable routing for different VLAN to access it.

- Setting Pihole docker use eth_1

 

Last, I can't reproduce below problem in your other post, no matter array start or stop.

 

On 11/30/2020 at 9:42 AM, xxbigfootxx said:

ARP testing below. 

First is with Array Stopped

arp -a took too long to load. 

arp -an was instant. 

curl was slow by successfull

 

Second Image is Array Started

arp -a slow but successfull

arp -an instant

curl failed as you can see. 

 

 

 

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.14  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 0c:c4:7a:a5:1c:88  txqueuelen 1000  (Ethernet)
        RX packets 18214924  bytes 28761832768 (26.7 GiB)
        RX errors 0  dropped 546  overruns 0  frame 0
        TX packets 14030236  bytes 19836832054 (18.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

br0.30: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 0c:c4:7a:a5:1c:88  txqueuelen 1000  (Ethernet)
        RX packets 434838  bytes 26594699 (25.3 MiB)
        RX errors 0  dropped 392368  overruns 0  frame 0
        TX packets 5  bytes 414 (414.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 0c:c4:7a:a5:1c:88  txqueuelen 1000  (Ethernet)
        RX packets 1686790108  bytes 2044847203423 (1.8 TiB)
        RX errors 0  dropped 12948  overruns 0  frame 0
        TX packets 859426555  bytes 65710196914 (61.1 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

 

 

Edited July 4, 2022 by Vr2Io

[snowborder714]

VLAN 30 is for my security cameras/software.  I have Blue Iris running in a VM (via Unraid) with a 192.168.30.x IP.  Maybe the VLAN definition isn't necessary in Unraid then?

 

Pihole is on a custom br0 network.  This is the same IP range as my default untaged VLAN that houses all of my main devices.  I have separate VLANs for IOT items and security cameras.

 

 

 

I'll have to see if I have another open port on my switch.  I didn't think I'd use an eight port switch up quickly but it's full or all but.  If I do, I'll try the suggestion above by putting Pihole on it's own VLAN.

 

This is how I currently have my untaged VLAN set to resolve for the Pihole in the Networks section of Unifi Control.

 

[Vr2Io]

1 hour ago, snowborder714 said:

VLAN 30 is for my security cameras/software.  I have Blue Iris running in a VM (via Unraid) with a 192.168.30.x IP.  Maybe the VLAN definition isn't necessary in Unraid then?

 

The VM traffic ( Blue Iris ) was count in eth0.30 & vnet0 ( virtual mac fe:54:00:db:b2:d7 ), VLAN30 definition is necessary. I would expect count in br0.30 too .... anyway I don't apply VLAN in Unraid, just in network level so it may different.

 

eth0.30: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 0c:c4:7a:a5:1c:88  txqueuelen 1000  (Ethernet)
        RX packets 1649616554  bytes 1991579825288 (1.8 TiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 835043485  bytes 45255337736 (42.1 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fedb:b2d7  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:db:b2:d7  txqueuelen 1000  (Ethernet)
        RX packets 835043485  bytes 45255337736 (42.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1658566620  bytes 2014678201412 (1.8 TiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Edited July 5, 2022 by Vr2Io

[snowborder714]

I have it defined in the network level as well so maybe it's not necessary.  I'll have to test with it and see what happens.

[Vr2Io]

Sound good if you can remove all VLAN in Unraid ( also temporary stop Blue Iris VM ) to check does problem gone. 

[snowborder714]

I removed VLAN30 from Unraid and tried setting the server in the Unifi Controller to have a 192.168.30.x IP but it will not take.  I can VNC into the VM and see the desktop but it is unusable.  Is there something else I have to do to get it a correct IP or is adding the VLAN back in to Unraid the only way?  The network source options I have in the VM are just virbr0 and br0.

 

Here's what I changed in Unifi for the client machine.  The settings will not save the Surveillance network and reverts back to the Default one, but the IP stays.
 

Edited July 6, 2022 by snowborder714

[Vr2Io]

1 hour ago, snowborder714 said:

adding the VLAN back in to Unraid the only way?

You need add back VLAN 30 for the VM, because VM use that network bridge.

 

Your issue really strange, I never got problem when install Pihole on different Unraid build, just the Unraid which host Pihole  should use router / public DNS, otherwise you need some special network setting.

The reason for standalone subnet and VLAN for Pihole just because this way Pihole will easy serve different VLAN's DNS service with enable VLAN inter routing in router.

Edited July 6, 2022 by Vr2Io

[snowborder714]

I cannot figure out how to get the Pihole docker on eth1.  I connected it to my router and set it up in Unraid.  I tried it with and without bridging, with and without a default gateway, and with and without a VLAN (which matches a VLAN I created in the Unifi controller).

 

 

I see stuff in the Routing Table pertaining to the eth1 interface.

 

 

Do I need to also create a custom docker network titled br1 that is an ipvlan type with the 192.168.2.1 info in it?  Or should I create a new VLAN on eth0 for it instead of a separate network interface?  I'm not sure what the difference would be.

 

 

Edited July 10, 2022 by snowborder714

[Vr2Io]

13 hours ago, snowborder714 said:

I cannot figure out how to get the Pihole docker on eth1.  I connected it to my router and set it up in Unraid.  I tried it with and without bridging, with and without a default gateway, and with and without a VLAN (which matches a VLAN I created in the Unifi controller).

With a static IP set in default gateway, then you will got eth1 / br1 in pull down menu.

 

 

 

   

[snowborder714]

Not sure how I missed that when I tried it the first time!  Thanks for the help on that.  Hopefully I can get this wrapped up soon to see if it helps.

[snowborder714]

So far, this has fixed the problem!  I'll keep an eye on it for a bit more and update again.

I really appreciate the suggestion/help @Vr2Io!

[snowborder714]

Well, I don't know what happened but it's reverted back and also got worse.  We had the power flicker a few days ago because of a storm and ever since then the server has just been fighting me.  I can't ping any internet site, URL or IP.  Something went wrong with the SSL cert/HTTPS access so I had to turn that off and delete the cert to access the server.  When I check for updates on Plugins or Dockers I get Not Available/Connection failed responses.  It was super stable up until Monday.  Hopefully the attached diagnostics show something.  I wish I knew what I was looking for but I feel like since nothing changed, I have no idea where to start looking.  I appreciate the help from anyone willing!

tower-diagnostics-20220806-2359.zip

[Vr2Io]

Not much have found in diagnostic, you haven't use Pihole 192.168.10.2 for DNS resolve, just use router 192.168.1.1 and quard 9/8 .... likely internet / network issue.

[snowborder714]

13 hours ago, Vr2Io said:

Not much have found in diagnostic, you haven't use Pihole 192.168.10.2 for DNS resolve, just use router 192.168.1.1 and quard 9/8 .... likely internet / network issue.

 

Thanks for taking a look.  I tend to agree but am just baffled at how all other devices with a 192.168.1.x IP can access the internet just fine but the server can't.

 

Is there a possibility that with the Pihole DNS assigned at the network level for all 192.168.1.x IPs but Unraid set differently at the server level might cause an issue?  Or should I just create a new network (e.g. 192.168.10.x) and move either the Unraid server or all other home devices to that to separate them out?  Or shouldn't it really matter?

[Vr2Io]

24 minutes ago, snowborder714 said:

Thanks for taking a look.  I tend to agree but am just baffled at how all other devices with a 192.168.1.x IP can access the internet just fine but the server can't.

I don't understand if all ( router / Unraid / other deices ) in 192.168.1.x, why Unraid will got problem. Does Unraid in same VLAN at switch side ?

 

24 minutes ago, snowborder714 said:

Is there a possibility that with the Pihole DNS assigned at the network level for all 192.168.1.x IPs but Unraid set differently at the server level might cause an issue?  Or should I just create a new network (e.g. 192.168.10.x) and move either the Unraid server or all other home devices to that to separate them out?  Or shouldn't it really matter?

This doesn't matter.

Device can put in any subnet to communicate to other subnet ( i.e. local <-> internet ) if routing enable between them.

VLAN are separate network in layer 2, different as subnet are layer 3 stuff, so VLAN haven't relationship with IP/Subnet.

You may ref. below reply and got more idea about both stuff

 

13 hours ago, Vr2Io said:

you haven't use Pihole 192.168.10.2 for DNS resolve

I amend this, if Unraid host Pihole, then Unraid shouldn't use Pihole as DNS resolve, so your setting is correct.

Edited August 8, 2022 by Vr2Io

[snowborder714]

Quote

I don't understand if all ( router / Unraid / other deices ) in 192.168.1.x, why Unraid will got problem. Does Unraid in same VLAN at switch side ?

 

My personal devices (laptops, desktops, phones) and both of my servers (Unraid and Synology NAS) area all in the first item in the below screenshot (192.168.1.0/24 subnet).

 

Yup, I had read for Unraid not to use Pihole so that's why I set it up that way.  Just didn't know if the network setting for everything to route through Pihole DNS and then telling Unraid to not use it would cause any issues.  I didn't think so but wanted to make sure.

 

[Vr2Io]

What router you use ? Any setting can provide for checking or understanding more.

[snowborder714]

10 minutes ago, Vr2Io said:

What router you use ? Any setting can provide for checking or understanding more.

 

I have a Unifi network in place.

 

Unifi Controller - running via docker in Unraid

USG - Unifi Security Gateway

8 port switch

Couple APs

 

Let me know what info you'd like to know and I'll do my best to provide it.

[Vr2Io]

I suppose Unraid were connect to 8 port switch, does other device can reach Unraid which connect to different switch port ?

Current problem seems Unraid 192.168.1.14 can't reach USG 192.168.1.1, pls provide ping result from Unraid to USG, i.e. at Unraid terminal/console ping 192.168.1.1. Pls also check if disconnect eth1, does Unraid resume normal to access internet.

Edited August 8, 2022 by Vr2Io

[snowborder714]

21 minutes ago, Vr2Io said:

I suppose Unraid were connect to 8 port switch, does other device can reach Unraid which connect to different switch port ?

Current problem seems Unraid 192.168.1.14 can't reach USG 192.168.1.1, pls provide ping result from Unraid to USG, i.e. at Unraid terminal/console ping 192.168.1.1

 

Correct, it has two ethernet cables going to the switch.  One for the main network (192.168.1.x) and one for the Pihole network that you suggested above (192.168.10.x).

 

I changed it to off a static IP to see if that was causing any issues but it doesn't look like anything changed.

 

Below are pings to 192.168.1.1 (USG), 9.9.9.9, 8.8.8.8, and 192.168.1.7 (Synology NAS, plugged into another port on switch).

 

[Vr2Io]

The problem is it route internet traffic use eth1 but can't got response from gateway 192.168.10.1

You may try edit the metric ( Unraid network setting ) of the default route ( eth1 ) be lower priority then eth0 or delete eth1 default route. 

Edited August 8, 2022 by Vr2Io

[Vr2Io]

 

Not too family USG, but all subnet haven't show the gateway, pls also review that.

Expect each subnet have their gateway i.e. 192.168.1.1, 192.168.25.1, 192.168.10.1 etc ....... you may click EDIT to check. You may need entry the subnet in 192.168.1.1/24 instead 192.168.1.0/24