It's not clear to me why, but it seems pi-hole is trying to resolve this PTR record about once per second. The PTR doesn't appear to exist in public DNS records.
Is there a way to stop pi-hole from querying this particular record?
My apologies in advance if this has been covered and I have missed it in the other forums.
Thanks,
Jeff
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
pihole -d
or if you run your Pi-hole as a Docker container:
docker exec -it <pihole-container-name-or-id> pihole -d
where you substitute <pihole-container-name-or-id> as required.
Hi - Thanks very much for any help you can provide. The token is:
https://tricorder.pi-hole.net/EbGVyHC0/
Best regards,
Jeff
Hi - Do you need me to run another debug? I think the tokens expore after 48 hours.
Thanks,
Jeff
We have the debug log you posted. Just a busy time and we haven't been able to answer quickly.
Your debug log shows nothing out of the ordinary with your Pi-hole installation.
Pi-hole may not be originating these queries. They are coming from the IP of the Pi-hole, but is there other software running on the host OS or platform? I see that you are running Pi-hole on a 11th Gen Intel(R) Core(TM) i5-1145G7 @ 2.60GHz
Mar 5 00:00:03 dnsmasq[805850]: query[PTR] 5.55.232.199.in-addr.arpa from 192.168.1.252
Mar 5 00:00:03 dnsmasq[805850]: cached 199.232.55.5 is fastly.local
This answer is cached, but let's see why it exists in the first place. What is the output of the following from the Pi terminal:
nslookup fastly.local 127.0.0.1
Oh - that's great. Thanks for letting me know. Very much appreciate any help 
See my edits to the earlier reply.
Hi jfb --
I have unbound running as the forwarder for Pi-hole and in trying to to resolve the excessive lookup activity, I added a config line for unbound hoping this might help:
# Fastly has no PTR record for this IP address
local-data: "5.55.232.199.in-addr.arpa. 86400 IN PTR fastly.local."
Running your command produced:
** server can't find fastly.local: NXDOMAIN
Perhaps we might be able to stop this if I was to create a fastly.local domain? Sorry - not an expert with DNS!
You aren't stopping the queries at the source, you are just providing a reply in attempts to keep the requester happy.
Take a look at everything else running on the device at IP 192.168.1.252. Something at that IP may be generating the queries.
That makes sense. This is a proxmox lxc running Debian with unbound and pi-hole using unbound as its forwarder.
Meant to also say that these two processes are the only purpose of this container.
Hi jfb - Just to be clear, the host .252 is the pi-hole host (also running unbound as the forward for pi-hole). The pi-hole interface shows me that it is pi-hole itself that is making all these queries to for .arpa. I can't find any other process making the calls. Do you have any idea how I can track this further? I don't see any other process making these calls. It feels like it is something going a bit pear shaped with the pi-hole instance.
Thanks,
Jeff
In troubleshooting, I've changed the /etc/resolve.conf of the lxc to point to a quad9 DNS server instead of its own IP and that has removed the excessive logging from pi-hole. I can still see the .arpa calls using dnstop and by looking at the firewall logs. Could the combination of running unbound together with pihole on the same host be causing this behavior? I'm pulling my hair out!