My Pi Hole is saying my Android phone is causing over 3000 DNS requests for google ad services each day, I've uninstalled just about every app I can think of since it started but the problem persists
Is there any way to find out which app is causing the requests? I don't think Pi Hole could do it, but was wondering if anyone could think of any other method?
It doesn't seem to be causing any network issues, but battery life has definitely taken a hit lately, not sure if this is the cause
Click on 192.168.1.120. It should bring you to a filtered query log with requests only from that device. From there, look and see what's there. If you still don't know, post some of the queries here.
Unfortunately not, the firewall app didn't show anything helpful, pihole tail log shows a lot of requests to amazonaws and samsung cloud, but still no closer to working out what is causing it
Samsung cloud has always been enabled to backup / sync certain data I selected and has never caused this, so not sure it's that causing it (Galaxy S7)
Aug 11 17:15:38 dnsmasq[27281]: query[A] okee79p5ag.execute-api.us-west-2.amazonaws.com from 192.168.1.120
Aug 11 17:15:38 dnsmasq[27281]: forwarded okee79p5ag.execute-api.us-west-2.amazonaws.com to 4.2.2.2
Aug 11 17:15:38 dnsmasq[27281]: forwarded okee79p5ag.execute-api.us-west-2.amazonaws.com to 4.2.2.1
Aug 11 17:15:38 dnsmasq[27281]: forwarded okee79p5ag.execute-api.us-west-2.amazonaws.com to 208.67.220.220
Aug 11 17:15:38 dnsmasq[27281]: forwarded okee79p5ag.execute-api.us-west-2.amazonaws.com to 208.67.222.222
Aug 11 17:15:38 dnsmasq[27281]: forwarded okee79p5ag.execute-api.us-west-2.amazonaws.com to 8.8.4.4
Aug 11 17:15:38 dnsmasq[27281]: forwarded okee79p5ag.execute-api.us-west-2.amazonaws.com to 8.8.8.8
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.178
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.46
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.251
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.14
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.140
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.56
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.202
Aug 11 17:15:38 dnsmasq[27281]: reply okee79p5ag.execute-api.us-west-2.amazonaws.com is 54.230.79.183
Aug 11 17:15:40 dnsmasq[27281]: query[A] stock.todayweather.co from 192.168.1.120
Aug 11 17:15:40 dnsmasq[27281]: forwarded stock.todayweather.co to 4.2.2.2
Aug 11 17:15:40 dnsmasq[27281]: reply stock.todayweather.co is 104.236.89.221
Aug 11 17:15:44 dnsmasq[27281]: query[A] api.samsungcloud.com from 192.168.1.120
Aug 11 17:15:44 dnsmasq[27281]: cached api.samsungcloud.com is <CNAME>
Aug 11 17:15:44 dnsmasq[27281]: forwarded api.samsungcloud.com to 4.2.2.2
Aug 11 17:15:44 dnsmasq[27281]: reply api.samsungcloud.com is <CNAME>
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 52.211.49.4
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 52.213.189.48
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 52.211.222.35
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 52.213.36.61
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 52.211.4.15
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 52.211.2.124
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 52.211.164.168
Aug 11 17:15:44 dnsmasq[27281]: reply scloud-p2ew1-ext.elb.samsungcloud.com is 54.171.255.0
hey, I blocked all traffic (including all system apps) on my Android phone using Netguard.
Still, every second a request is made (and blocked) to ssl.google-analytics.com
Some hints on google search
partly disabling google services (like playstore and music) can cause this huge amount of quesries to ssl.google-analytics.com
That does not help much, but try to disable (some) blocklists for a while ans see if it gets any better.
Also interested in this
I have many queries from an Android device to profile.localytics.com
And I'm struggling to find the app making the requests with any monitor type app
ah. I have LineageOS with only a very minimal amount of google services installed.
Still would be interesting to find what process exactly is making these calls (and kill it with fire)
I also had an app that was contacting Localytics every minute. I used the Exodus app to look through each of my apps to find out what trackers they were using. Turns out the culprit was the MyRogers app which is provided by my mobile service provider to track my data and airtime usage. It was pretty useful but now I've disabled it.