I have abnormal traffic metering and breaking my pihole stats.
It disappeared for a few days, but although it seems to be an isolated problem with Xiaomi AX3000 routers, the question is whether the domain that is being blocked can be excluded from the statistics so that the traffic that is measured from the pihole is real, it is not falsified with that high amount of constant pings to that domain.
In Settings > API you can exclude domains from being shown in the Top lists.
Definitely and once again, you are my salvation! 
It isn't "breaking" your stats. The displayed information is an accurate representation of the DNS traffic received by Pi-hole.
The short answer is no. As chrislph noted, you can remove domains or clients from the top lists, but the domains will still be in your query log, in the total queries, blocked queries, graph of activity, etc.
Again, Pi-hole is accurately reporting the statistics. They aren't falsified.
97,5% of your MiWiFi-RA82's total (and 99,9% of its blocked) DNS requests are for eu.api.miwifi.com.
There's a chance that blocking that domain is prompting that client to excessively repeat those requests.
Would you observe the same high counts when not blocking it?
I am unaware of a major blocklist containing eu.api.miwifi.com.
You could use Tools|Search Adlists to find out which list is blocking that domain.
I will try what you say.
What I have observed is that if I now remove Adaway from Chrome, it comes out full of ads (weather.com), something that did not happen before and blocked everything, is it possible that Pihole is not blocking anything?
Sorry for the offtopic to the creation of the thread, but not to open another unnecessarily.
Thank you.
This is an indication that either the Chrome browser or the client on which it is running is not using Pi-hole for DNS.
From the client on which Chrome is running, from the command prompt or terminal on that client (and not via ssh or Putty to the Pi), what is the output of
nslookup pi.hole
nslookup flurry.com
I would say that this is correct, what I am generally seeing now is 0% blocked traffic, I don't understand what must be happening, one problem after another is created. I have released the domain "eu.api.miwifi.com" and I have been browsing for a while and I am still at 0% blocking.
Pihole obviously has a static IP and is configured on the router as a DNS server.
Can you create a debug log please. On your Pi-hole, the command to create and upload the log is
pihole -d -a
It will give you a debug token URL, please post just that URL in here.
On your Chrome computer please run the command below and copy and paste the output in here (copy and paste is better than a screenshot)
nslookup -class=chaos -type=txt version.bind
> PS C:\Users\kasta> nslookup -class=chaos -type=txt version.bind
Servidor: pi.hole
Address: 192.168.1.152
version.bind text = "dnsmasq-pi-hole-v2.89-9461807"
Your debug log shows you created 3 groups with IDs: 0, 1 and 5.
It also shows all your lists are attached to group 5, but no devices are using this group.
Your devices are not using any adlists and nothing is blocked.
It is not. One would expect flurry.com to be blocked by Pi-hole, as it appears on almost every public blocklist.
As rdwebdesign noted, you have all your adlists assigned to a group (5) that contains no clients, which means you have effectively disabled Pi-hole blocking for all network clients.
@Bundy to fix the problem with your groups I would suggest you put everything back into a single Default group and start again. You are only using one group now (the "wrong" one as advised by rdwebdesign and jfb) so you won't lose anything by doing this.
Blacklisted... back to Default with the description The default groupNow everything – clients and adlists – are all back in a single default group and you will have blocking.
Try running the flurry test again, now it will say 0.0.0.0
nslookup flurry.com
Assuming it is working again, take another Teleporter backup now as another safety net.
From here, if you really do need groups, please work carefully through the Groups examples in the documentation. Go through it a couple of times to understand how groups work. If you get stuck and need a hand finding the right combination, please start a new topic and advise what you are trying to achieve.
Sorry guys, I didn't know that groups made such severe configuration changes, I thought they were just assigning groups to lists, domains, etc to try to classify them. I see that pihole is more configurable and complex than it initially seemed.
PS C:\Users\kasta> nslookup flurry.com
Servidor: pi.hole
Address: 192.168.1.152
Nombre: flurry.com
Addresses: ::
0.0.0.0
Thank you very much for your invaluable help.
Now that I have allowed the eu.api.miwifi.com domain, I would like to know if said ping or request to that domain is preferable to allow or block, so I created this post. Xiaomi routers work great but they send information to china, so it is preferable to block domains or know if this request is sending any type of information.
To trace any particular request from the allowed or blocked ones from the pihole logs, is this possible?
The Description can be useful for that purpose (eg you called your lists "Firebog" which is a nice idea since it reminds you that is where you got it from), and the list names often give a clue too, such as "malware", "phishing" and so on.
Only you can decide this really. You have to become a bit of a detective with some of these domains. Google the domains, see what they do, is anyone else talking about them, that kind of thing. Sometimes the domain name can give a clue. If it was tracker.something then it seems probably useful to block.
In this case the domain is eu.api.miwifi.com. The api implies it might be needed for the router to work. Maybe it only keeps trying because it is blocked, as Bucking_Horn suggested earlier.
Yes, in Long-term Data > Query Log you can enter the domain name and then select a date range (eg Last 7 Days) and see all the entries for that domain. You can see if it was blocked or allowed and which computers or devices were asking for it. Have a play, use the checkboxes to see how it all works.
In particular, I have investigated a bit and it seems that nobody who thinks of blocking this domain on Xiaomi routers has nothing happening on their local network, at least nothing that can be considered a failure or malfunction. But in some Telegram chat they have told me that there are certain Xiaomi router installations that this happens, they constantly ping that domain, and although it is not on the lists of malicious or main ads, but they are among the lists, post blacklists like this:
GitHub - unknownFalleN/xiaomi-dns-blocklist: PiHole DNS Blocklist Xiaomi Domains
That it makes 4000 requests per day is strange. Having allowed it, it has not lowered the intensity, it is still a constant request. I have a mesh network and I thought that it could be the second router asking something to the main one (WAN gateway), but it is not like that, everything works the same (apparently) blocked or not blocked.
So in the absence of more information or similar cases I prefer to block for now and perhaps exclude from the statistics to have a clearer idea of what domains and requests go through and are blocked with their counters and graphs.
As a crazy idea without having any idea about the subject, it occurs to me perhaps to get some free software or with a certain free capacity to analyze the network and what packages contains each thing that happens in it, but I think that they are already big words and it gives me a little more respect and I would need additional time and support, which I don't have right now.
P.D: Network analyzers like Wireshark, but you have to know what to do and how to use it 
Unfortunately some devices are aggressive when it comes to trying to reach a certain domain. Pi-hole only reports what it sees – without Pi-hole this would still be happening but you would have no idea. Excluding a noisy domain from the stats can give some relief from the noise it makes.
As for blocking it, if others have blocked it and there are no obvious side-effects, I'm inclined to agree with you. You can always remove the block if it becomes a problem.
Anyway you've put quite some work into making your Pi-hole work the way you want it to, so enjoy your Pi-hole and have a play around with the features, explore what it can do. Periodically make a Teleporter backup so you have a copy of your setup saved. Searching the forums here and on Reddit will usually find someone who has already asked any questions you may have.
Yes, I will, now that I understand much better how everything works and what I should play and not without informing myself or asking beforehand, I am going to enjoy it.
To begin with, disable Adaway and test the experience without ads, free of additional plugins in any browser, I even suppose that it will facilitate the experience in the Smart TV browser, etc.
I did speed tests as well and very happy that it doesn't affect the download speed directly from the net, at least once the DNS has been resolved, everything works at maximum capacity.
Thank you all !
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.