"_81._https.pi.hole" in query log

Is this anything to be concerned about? I rebuilt Dietpi on a new Proxmox machine last week and set up pi-hole again, this time with unbound. My Desktop PC shows this in the query log whenever I login to http://pi.hole:81/admin/ (I moved admin port to 81). I don't ever remember seeing this before and might be thinking I've configured something wrong somewhere, I'm not attempting to login with https either.

I posted this on Reddit but didn't get much followup answers, It seems all my windows PCs and android phone causes that entry to appear in the query log when I log in to administration. I'm using Chrome & Firefox.

Expected Behaviour:

Expecting query log to not show that line, as I'm not familiar with seeing it appear.

DietPi 8.14 on a Proxmox VM, 4GB
Pi-hole version is v5.15.5 (Latest: v5.15.5)
AdminLTE version is v5.18.4 (Latest: v5.18.4)
FTL version is v5.21 (Latest: v5.21)

Actual Behaviour:

See screenshot:

Debug Token:


Received queries are outside of the control of Pi-hole, and I would not classify this as expected behavior. The client is requesting that domain, and Pi-hole is receiving and processing the request.

The domain does not exist, and Pi-hole correctly returns that result.

Note that these are Type HTTPS queries, not A queries. There is some discussion about this query type in this thread and the referenced link:


Chrome is my primary browser. It looks like when Chrome or Edge opens http://pi.hole:81/admin it triggers that strange https query to appear in the logs. Change to any port number in the URL and those will show up too. It doesn't happen when using Firefox (ensuring chrome is closed). Also the heavy chatter from times I've never been to the admin panel seems to be coming from the Pihole Browser Extension in Chrome - which also uses the same URL.

I can solve this by using IP address instead of pi.hole at my startpage link and extension settings. But I still have no idea why attempting to resolve the hostname in Chrome or Edge queries the https.

I think Chrome and Edge are issuing these requests to discover any associated records for the domain, to help inform their behaviour when connecting to the domain's services. Whereas using the IP does not require name resolution and so you don't see these queries.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.