Freegeoip.net / geoplugin.net / api.db-ip.com

syoung67 · January 17, 2021, 8:03am

I have pi-hole running on Debian 10 with no customisations and no problems. Out of the box it blocks calls every minute to freegeoip.net and geoplugin.net and I blacklisted api.db-ip.com. These calls appears to come from the pi-hole server itself rather than any client but I cannot find out which program or service is calling them. No program has complained or failed with these blocks in place but I'd like to know where they come from. I've tried netstat and wireshark without success probably because the calls are "only" every minute so I ask here in case the reason behind these being on the block list can help me.

Expected Behaviour:

Pi-hole works as expected

Actual Behaviour:

Pi-hole works as expected

Debug Token:

N/A

deHakkelaar · January 17, 2021, 9:30am

Thats difficult but not impossible I believe:

syoung67 · January 17, 2021, 11:14am

Thanks, I should have also mentioned that I tried several of the ideas proposed using tcpdump etc but had the same problem that many people describe of not being able to capture the moment of the request, I agree it is not impossible but I've not managed yet to do it.

deHakkelaar · January 17, 2021, 1:11pm

tcpdump wont show you the PID (process ID) thats doing the queries.

jfb · January 17, 2021, 8:14pm

Appear to come from or do come from?

grep freegeoip.net /var/log/pihole.log* | tail -n15

system · February 7, 2021, 8:14pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.