Hi,
during nightly weekly pihole list update I am facing the mentioned issue.
I really dont understand WHAT kind of false or incorrect queries are send and why that many, attached the screenshots, any explanation what and why that happened and how to resolve or better configure would be appreciated.
Pihole is running with local unbound as dns resolver, fritz.box is pointing ipv4 and ipv6 wise to pihole.
Also Fritz.box seems to be from the guest-network, otherwise device would be shown?!
Am I assuming correctly that your FB uses Pi-hole not only as its upstream DNS resolver, but it is also distributing Pi-hole as local DNS resolver via DHCP/RA?
That is very likely the case, and your screenshot suggests that you've also enabled Pi-hole's Conditional Forwarding.
Such a configuratioin would close a partial DNS loop:
A client in the guest network sends a query for the domain 'local` to your guest network's Fritzbox, and as that is unknown by FritzBox's intrenal DNS resolver, your FB forwards it upstream to your Pi-hole. Pi-hole doesn't know that domain neither and forwards it back to your router, and so forth, causing the time-out.
You should try to address that at the client first: Try to stop it from issuing that query in the first place.
That said, I ocassionally observe some smartphones clients to issue DNS queries for unknown non-dot hostnames myself.
In such a case where you cannot control that behaviour on the client side, you could use Pi-hole's client-specific filtering to your advantage.
NOTE: This will only work if my above assumption was correct, and your FB router is also distributing PI-hole as local DNS resolver via DHCP/RA.
a) create a Group 'guest net fltering' and attach adlists as desired, or none if your guest net should not be filtered.
b) add your FritzBox as a Client and attach it to your 'guest net fltering' group
c) block those non-dot domains(and respective reverse lookups) for your 'guest net filtering' group by adding the following by adding the following regex, and attach them to your 'guest net fltering' group:
^[^\.]+(\.fritz\.box)?$
0.8.e.f.ip6.arpa;querytype=PTR
x.x.d.f.ip6.arpa;querytype=PTR
EDIT: You'd haved to substitute the latter with the respective digits specific for your network, e.g. 8.0.d.f.ip6.arpa if your ULA prefix would start with fd08.
Hi,
many thanks for the quick reply,
with regards to "distributing Pi-hole as local DNS resolver via DHCP/RA" you mean that setting or am I getting you wrong???:
and yes, I do have cond.fwd enabled:
For the suggested setting (2nd setting):
8.0.d.f.ip6.arpa;querytype=PTR
shouldnt it be
**0.0.d.f**.ip6.arpa;querytype=PTR
to cover fe80 and fd00 (which I have set)?
At that time normally no one is attached to my guest net, so cant it be different reason for the entries? As during that time the many pihole lists are getting updated?
Also I if do enable the first 2 option in advanced dns settings the error would be gone but I guess if I do so I would loose the ip to hostname resolution?
also some add. infos (quite confusing):
Jan 8 14:07:13 dnsmasq[1035]: Maximum number of concurrent DNS queries reached (max: 150)
Jan 8 14:07:13 dnsmasq[1035]: config error is REFUSED
Jan 8 14:07:13 dnsmasq[1035]: query[A] jabb from 192.168.178.1
Jan 8 14:07:13 dnsmasq[1035]: config error is REFUSED
seems to come from router itself
Your screensot is showing the RA part specific to IPv6.
Your FB should also distribute your Pi-hole's IPv4 as local DNS server via DHCP.
Indeed - I've adjusted my post accordingly.
Yes.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
