Please follow the below template, it will help us to help you!
Expected Behaviour:
For my PC to not be querying the Brother printer 3 times per minute.
Actual Behaviour:
PC querying Brother printer 3 times per minute and skewing metrics in the Pi-hole.
Debug Token:
097qbhm6l5
I've seen this thread:
and this one:
But can't find anything in either that solves or helps the issue. No other device on the network does this. There are no settings on the printer that would indicate they're causing this. Any ideas?
Heh, I wish they could be of any help with this. I know it's not a Pi-hole issue, but generally the users here are smarter and more willing to help over the customer support over at a printer manufacturer. The best help I'd get from them is to uninstall/reinstall the printer, which would have zero affect on how often their printer's OS is set to ping or request a connection check.
In any event, thank you! I wasn't sure if anyone here might have experienced this too with a printer + Pi-hole.
is it a good solution to you if you deinstall the brother driver and install the driver manually from windows driver platform ?
I'm pretty sure that it's not the driver itself but a utility which comes with the whole software package.
Unfortunately, my wife needs some of the features of the software suite. And I’ve tried uninstalling it/reinstalling it but it’s obviously the same issue.
@deHakkelaar:
I did this long ago already so my Pi-hole could resolve the hostname of the printer, but I’m not sure what you’re implying this will solve. Is there more context to what you’re thinking this will do? The printer name and IP are already set in the host file on the Pi-hole and it’s done nothing for the issue.
Actually, strangely enough, even with the printer name set in the host file, the Domain that shows up being queried is brw0c96e612e040.localdomain but in the host file I have the name set to BrotherPrinter.local . I’ve changed the brw0c96e612e040 name in the printer as well as in my USG but it still shows up as brw0c96e612e040.localdomain in the Pi-hole query log.
I did think to try and block all of the software suite executables in my Windows Firewall to prevent them from reaching out, but…after blocking nearly 10 .exes, it’s still doing it.
This is a snippet from my log of what happens when I fire up the software suite:
Dec 24 10:42:41 dnsmasq[12060]: query[A] BrotherPrinter.localdomain from 192.168.1.110
Dec 24 10:42:41 dnsmasq[12060]: forwarded BrotherPrinter.localdomain to 192.168.1.1
Dec 24 10:42:41 dnsmasq[12060]: query[A] firmverup.brother.co.jp from 192.168.1.110
Dec 24 10:42:41 dnsmasq[12060]: forwarded firmverup.brother.co.jp to 127.0.0.1
Dec 24 10:42:41 dnsmasq[12060]: dnssec-query[DS] jp to 127.0.0.1
Dec 24 10:42:41 dnsmasq[12060]: dnssec-query[DNSKEY] . to 127.0.0.1
Dec 24 10:42:41 dnsmasq[12060]: reply . is DNSKEY keytag 22545, algo 8
Dec 24 10:42:41 dnsmasq[12060]: reply . is DNSKEY keytag 33853, algo 8
Dec 24 10:42:41 dnsmasq[12060]: reply . is DNSKEY keytag 20326, algo 8
Dec 24 10:42:41 dnsmasq[12060]: reply jp is DS keytag 39595, algo 8, digest 2
Dec 24 10:42:41 dnsmasq[12060]: reply jp is DS keytag 39595, algo 8, digest 1
Dec 24 10:42:41 dnsmasq[12060]: dnssec-query[DS] co.jp to 127.0.0.1
Dec 24 10:42:42 dnsmasq[12060]: dnssec-query[DNSKEY] jp to 127.0.0.1
Dec 24 10:42:42 dnsmasq[12060]: reply jp is DNSKEY keytag 39595, algo 8
Dec 24 10:42:42 dnsmasq[12060]: reply jp is DNSKEY keytag 40236, algo 8
Dec 24 10:42:42 dnsmasq[12060]: reply jp is DNSKEY keytag 58203, algo 8
Dec 24 10:42:42 dnsmasq[12060]: reply co.jp is no DS
Dec 24 10:42:42 dnsmasq[12060]: dnssec-query[DS] brother.co.jp to 127.0.0.1
Dec 24 10:42:42 dnsmasq[12060]: reply brother.co.jp is no DS
Dec 24 10:42:42 dnsmasq[12060]: dnssec-query[DS] com to 127.0.0.1
In one of the links I pasted in the initial post, one of the Reddit Pi-hole mods (@PromoFaux) mentioned a feedback loop. Is that what’s happening here in the first 2 lines?
Haha. So I added the hostname and IP in the Windows hosts file. It's still showing up in the Pihole. I also downloaded the BrotherAdmin tool to manually change the network settings and services to see if I could affect it showing up - I changed every single field called brw0c96e612e040 to BrotherPrinter but it's STILL showing up in Pihole as brw0c96e612e040! It's crazy.
I actually followed your guide @deHakkelaar on flushing the ARP table and network tables in Pihole because I was thinking maybe there was something cached in there that was holding on to the old hostname. Even after doing that, the old hostname brw0c96e612e040 STILL shows up in Pi-hole and is STILL being queried 3 times per minute!
Its the Brother software/driver thats doing the querying for the brw0c96e612e040 name.
I dont know how to change this name in your software.
So add a line to hosts file with that name brw0c96e612e040 pointing to the correct IP.
Correct IP can be found by running below on the win pc:
nslookup brw0c96e612e040
To prove its working, put in a bogus non existent IP on that line in the hosts file, save and run a ping on the win pc eg:
ping brw0c96e612e040
EDIT: ow at same time you could live tail the logs on Pi-hole if queried for brw0c96e612e040 :
I have changed that name EVERYWHERE - I honestly can't find a single place where that name is still set. I've changed it physically on the printer in the Network settings, I've changed it in the Brother Network tool, I've set it in Pihole in the hosts file, also did that in Windows, too.
