Dnsmasq[pppp]: ignoring query from non-local network xx.xx.xx.xx

I have seen the previous posts on this topic. They were from January and February.

I am hoping there is a more permanent fix now. I would rather not go to an alternative git branch if there is a permanent fix.

I am getting lots of the above error message (44 today). I don't get any response to DNS queries to my server from my home machines.

My versions are:

Pi-hole version is v5.13 (Latest: v5.13)
FTL version is v5.18.2 (Latest: v5.18.2)

#pihole status
[✓] FTL is listening on port 53
[✓] UDP (IPv4)
[✓] TCP (IPv4)
[✓] UDP (IPv6)
[✓] TCP (IPv6)

[✓] Pi-hole blocking is enabled

I have found a solution. This may help somebody else.

I have modified /etc/dnsmasq.d/01-pihole.conf by commenting out the following two lines, like this, then doing a 'pihole restartdns':

#localise-queries
#local-service

Commonly, that warning can be ignored, e.g. if it would be caused by some few stray requests originating from your router's public IP.

But you didn't supply a debug token as requested by our template.
Without a token, we cannot assess your observation.

Please: Do not modify that file!

In addition, I doubt that to be a solution.
At the very least, I can guarantee it won't be permanent at all.
This is prominently disclaimed at the top of 01-pihole.conf.

#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #

Thank you for the reply.

Pihole was not responding to any remote DNS requests. After making these changes, it now is responding to the requests.

Yes, I know the file will be overwritten. I’ll have a small script put it back, until a fix is made to pi-hole to stop this configuration error.

If your Pi-hole is receiving traffic from remote public IP addresses, you would have turned it into an open resolver, which poses a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.

The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.

If it was not behind a firewall that only allowed my IP addresses in, yes, absolutely, that would be a danger.

As it is, I have a script that uses the API of the firewall to update it when myIP address changes, so it is safe.

IP-based access control cannot be considered safe.

The recommended way to operate a Pi-hole accessible from a remote location would be via a VPN, closing port 53 to the public - your may refer to Pi-hole's Docs at Guides | VPN for further suggestions.

I also think your original issue can be addressed via Interface Settings in Pi-hole's UI, instead of tampering with Pi-hole's configuration files.

Thank you - that's very interesting. I've never used Pi-hole's UI - does it have an option to enable remote IP addresses?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.