One of your network clients is repeatedly requesting this domain, along with the response. You can quickly search the dnsmasq log and see which client is doing this. From the Pi terminal
Thanks all.... Good news and bad news. (Though not for you. More for me.)
Yes, the log file was HUGE.
Digging and filtering I found it started at 19:32 17 July.
Jun 17 19:32:27 dnsmasq[9674]: query[A] heartbeat from 192.168.0.99
Jun 17 19:32:27 dnsmasq[9674]: config heartbeat is NXDOMAIN
And it has been going strong since then.
I tried wireshark but it is out of my depth.
I did host 192.168.0.99 and got what was coming out, but I didn't see anything like that with a DNS request for heartbeat.
Yes, I stuffed up.
And worse than that, the backup/s I thought I made didn't work.
So I am left with what I have now and no older version to check. (Of my program)
Yes, wireshark is off topic here, but I'm just wanting to ask if anyone can tell/help me better track down how this is happening.
I have a heartbeat message in my program. (That bit is a no-brainer)
I disabled that part and it seems the messages are still being created.
(I'll go back and triple check that after posting.)
(Only because if I do it BEFORE posting, it won't be the same result.)
(You've heard of that "Mr Murphy" guy?)
You should address this at the source:
What client is sending those DNS requests for heartbeat?
What software on that client is issuing those requests?
Chances are that some kind of monitoring software would be involved.
Once you've found out, you'd have a couple of options to limit the seemingly excessive amout of DNS queries hammering your Pi-hole.
a) adjust the heartbeat sending software's time interval to something bigger, i.e. once per minute (or 1,440 requests per 24 hours).
b) make sure the client is caching DNS requests, either again by adjusting the software, or by enabling a caching stub resolver on that client
c) if the client is already caching, try to adjust the heartbeat domain's TTL to a higher value, see e.g. Overriding `local-ttl` in user config files - #2 by Bucking_Horn
d) stop using the software that issues those requests (depending on your personal assessment of its usefulness)
With no older versions (other than 3 to 4 months ago) I can't look for what changed.
The idea of the heartbeat is to detect if anything dies. I could maybe make it every 60 seconds.
But .... that isn't really fixing the problem. Note: I am not blaming PiHole. I am blaming myself for a lot of reasons.
But to try and learn from it, I need to work out where in my program it is coming.
Yeah, probably asking a lot of Wireshark.
I've 99.99999999% proven if I fully stop my program the entries stop. So it isn't anything else doing it.
Sorry, I'll stop complaining here and try to invest the effort into finding out from where in my program it is coming.