I am seeing a number of events in the query log that I do not understand.
Hopefully someone can shed some light on what these events are and mean.
Running a FritzBox as my main router and it is meshed with a second FritzBox called “garage” as seen here.
Anyone any suggestions or ideas?
Thanks.
Similar as below:
Ask Fritzbox 
And FritzBox say ask Pi-hole 
Dnsmasq, and by extension Pi-hole display “opcode” whenever a non-query DNS packet is received.
There are multiple DNS types (not to mention malformed requests) that can result in “opcode”. In the following table, every type except “Query”:
OpCode Name Reference
0 Query [RFC1035]
1 IQuery (Inverse Query, OBSOLETE) [RFC3425]
2 Status [RFC1035]
3 Unassigned
4 Notify [RFC1996]
5 Update [RFC2136]
6 DNS Stateful Operations (DSO) [RFC8490]
(from Domain Name System (DNS) Parameters)
I think the most likely explanation is that one or more of these non-query functions (particularly Status and Notify) could likely be being used by Fritzbox in their mesh system to coordinate the DNS servers present in the different Fritzbox nodes. I wouldn’t expect their frontline support team to be aware of such details. Alternatively, it could also just be sending mangled packets for some reason.
Either way, as these are not related to queries Pi-hole does not show detailed information about what Fritzbox is doing.
If you desperately need to work out more detail than this, you could try capture the dns packets using tcpdump.
On your pihole:
sudo tcpdump -i enp0s3 -n -vvvv host garage.fritz.box and port 53
(replacing enp0s3 with your network interface).
Don’t be surprised if it just turns out to be malformed requests.
You can use below argument for the interface:
-i any
Or compact the whole thing and skip timestamps (-t):
sudo tcpdump -ntvvvi any host garage.fritz.box and port 53
EDIT: Or better yet, the Pi-hole host might not be able to resolve garage.fritz.box as it might not have the Fritzbox IP in /etc/resolv.conf:
sudo tcpdump -ntvvvi any host $(dig +short @localhost garage.fritz.box) and port 53
Thanks for the input…….and looks like you are correct “malformed requests” for an external connection.
841676 91.337756 garage.local pihole DNS 104 Dynamic update 0xa23a SOA myfritz.net A garage
841677 91.338996 garage.local pihole DNS 116 Dynamic update 0x3e78 SOA myfritz.link A garage[Malformed Packet]
841775 91.347617 pihole garage.local DNS 71 Dynamic update response 0xa23a Not implemented SOA myfritz.net
841776 91.347651 pihole garage.local DNS 72 Dynamic update response 0x3e78 Not implemented SOA myfritz.link
841794 91.348208 garage.local pihole ICMP 99 Destination unreachable (Port unreachable)
841795 91.348299 garage.local pihole ICMP 100 Destination unreachable (Port unreachable)
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
