Allow query to specific domain once per hour

I have a few IoT devices that spam hundreds of DNS requests to a specific domain until they're able to connect. In the meantime, this increases the CPU usage of the devices significantly. I recognize that this is a bug in the code of the devices, but I was wondering the following:

Is it possible to allow one DNS query for a specific domain, and then block any further requests for an hour? Once the hour has elapsed, the Pi-hole should allow one more query for the same domain.

If the device's CPU usage increases because it is constantly trying to reach its domain, would this approach really make any difference to the outcome?

• If the device keeps trying to reach its domain after it's made contact, then the usage will remain high all the time that it cannot reach the domain, so there is no benefit by allowing then blocking.
• If the device stops trying to reach its domain after its made contact, then there is no need to block it anyway.
• If the device makes initial contact with its domain and then makes periodic contact, then the device is essentially performing similar regulation to what you had in mind, so no need to block it.

You're probably right, but is there a way to test any of these theories?

You could get close using Groups and the commands to automate turning groups on and off. Something like this post for automating blacklist entries. In your case you can automate whitelist entries for the devices since whitelisted entries take priority, ensuring that your devices can reach their domains even if blocked by an adlist.

You could toggle the whitelist on for say, 5 minutes an hour and then back off again. If the devices are trying aggressively, this will be the same as letting them through at least once, since they will be trying during their 5 min window and get through then.

• In Groups create a new group called IoT
• In Domains create new whitelist rules for all the domains needed. You can add comments so you can remember what these are for.
• Edit the group for all of these rules so that they are in just the new IoT group (no longer in Default)
• In Clients find your IoT devices and click Add and change their group so they are in both the Default and the IoT groups

If the IoT group is turned off the devices will act as they do now and be subject to the Default group. If the IoT group is turned on the devices will have the selected domains whitelisted, while still having all the normal blocking from the Default group.

Test it manually to see if it's working as expected. If you toggle the IoT group on for 5 mins then turn off, are they happy?

To automate this you can use cron to turn the IoT group on once per hour for 5 mins. Open crontab for editing:

crontab -e

Paste in the entries below to enable the IoT group on the hour and disable it at 5 mins past the hour.

#Enable IoT on the hour:
0 * * * *  sudo sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=1 where name='IoT';"; /usr/local/bin/pihole restartdns reload-lists &>/dev/null
#Disable IoT at 5 mins past the hour:
5 * * * *  sudo sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=0 where name='IoT';"; /usr/local/bin/pihole restartdns reload-lists &>/dev/null

Save your edits and quit the editor. Now the IoT group will be turned on and off automatically. You will be able to see from your Query Log and the device's CPU usage how they are responding to the tests. It would be interesting to know how it works out.

Thanks! I'm trying this now and will report the results.

Is this causing problems?

It seems to. They get very slow to respond when spamming requests.

I don't think allowing query once per hour will improve your condition, unless the device only tries to connect once per hour (in other words: no retries for an hour, if successful).

Anyway, the simplest way to test your theory is to disable blocking manually and after a successful query, block again.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.