Hi everyone,
I'm seeing some strange things, hopefully someone can help me out if I'm doing something wrong.
My setup is as follow
ubuntu server and others ---> secondary router with wifi ( no dhcp, address 192.168.1.2) --- > powerline a ---> powerline b --- > main router ( dhcp,main wifi ap, 192.168.1.1) ---- > internet
connected via ethernet to my main router is my pihole & pivpn box, acting as dns to the whole network.
Pihole is running as native on ubuntu server, no docker, and works fine.
My issue is that on my second router, acting as a wifi AP and nothing else, I keep getting these warnings from dnsmasq, below an example.
possible DNS-rebind attack detected: mazu.3g.qq.com
And at the sime time pihole keeps recording impossible ammounts of traffic coming from my second router.
At first i tought it was from some wifi devices connected to it, but now I see request for facebook and other blocked domains even when no one is using that wifi network.
So what gives? What is generating those requests? Maybe some sort of loop I have accidentaly created?
I see no reason for traffic to come from that router, as my pihole dns server is connected directly via ethernet to my router.
also, my secondary router has a wifi network set at low power and 5 ghz used only by my devices, and cannot be detected outside that specific room, so no other devices can be using it.
what am I doing wrong?
my pihole debug token is at
https://tricorder.pi-hole.net/Qw2Wmmo1/
Thank you in advance