Pi-hole Problems & DNS Shenanigans on My DietPi Network

pina.aj

Pi-hole Problems & DNS Shenanigans on My DietPi Network 

I’ve been running Pi-hole on my Raspberry Pi 4 Model B (4GB RAM) with DietPi for a while now. It’s usually rock solid — but a few weeks ago I started noticing strange behavior: slow page loads, flaky DNS, and weird SSL errors.

At first I thought it was a Pi-hole or Unbound bug.

Nope.

It was a time drift issue. The system clock was off — and DNS went weird as a result. 

The Symptoms 

- Websites loading slowly or not at all
- Devices falling back to secondary DNS
- `watch -n 1 date` showed DietPi’s clock was behind by several seconds
- Services like Home Assistant and Plex refusing to sync or update
- Certificate or TLS errors popping up seemingly at random 

watch -n 1 date

The Root Cause: Bad NTP Setup

 I was using my OpenWRT router as the NTP server — it broadcasted itself to the Pi-hole system via DHCP.

But OpenWRT’s own time wasn’t always accurate, especially after reboots or connection drops. This meant the Pi (and everything depending on it) slowly drifted behind. That broke DNS caching and SSL verification.

And since I use Unbound, there's no upstream fallback to rely on — everything depends on tight time sync. 

How I Fixed It

First, I disabled the router’s NTP announcement:

**On OpenWRT:**
- Network → Interfaces → LAN
- Uncheck “Provide NTP Server”

Then, I reconfigured NTP on DietPi to sync with external time sources like `pool.ntp.org`. 

dietpi-config
# Then: Networking Options → NTP Mirror → Select external

timedatectl status 

journalctl -u systemd-timesyncd

What I Didn’t Have to Touch

 Since I use Unbound, I didn’t have to change any upstream DNS settings. Everything is resolved recursively — so once time was fixed, resolution was solid again.

The Result

 Once DietPi synced with proper NTP servers:

- SSL validation errors disappeared
- DNS responses were fast again
- No more weird connection delays
- Plex and Home Assistant resumed normal update behavior

 "Sometimes it’s not DNS. It’s not even the firewall. It’s the clock."