HI
go through proxmox/wireguard to the net pihole is also installed on the proxmox and the traffic runs through it....
a lot of crap is filtered... one domain [sb.scorecardresearch.com] is particularly naughty ... every minute a request.
do you have any idea with what or how I find out what this is?
have my computer now 3x well scanned almost all extensions in the browser deleted that is still there...
Look on the client that is making the requests.
Then, on that client, stop processes or apps one at a time until the requests stop. The last thing you stopped was responsible for the requests.
Click it in that table and it will take you to the Query Log and show all the entries for it from the last 24 hours. Those will show the client or clients which are requesting it. Now that you know which clients to look at, follow the process from jfb to identify the cause, eg the site or app calling it repeatedly.
This domain is used for web analytics. You'll find it used by various sites or apps such as news media, so they can track which stories visitors are engaging with.
Look at the Client column. That shows which client on your network is making the requests for that domain. You can see it is the client that has the IP address 192.168.222.114. Do you know which device this is?
Pi-hole's network view might be helpful. It's in Tools > Network. Change the box at the top to show All entries. Look for the IP address in the left column. You can click the column heading Number of queries to sort the table by the busiest clients; that should put the IP near the top. Does this help identify it?
Once you've identified it, something on that device is requesting that domain repeatedly and you can track it down. Perhaps it's a news app or site.
You might also consider hiding the domain from the Dashboard. Take a look at Settings > API and the instructions in there.
Only you can determine what it is on that machine which is repeatedly requesting the domain. Use a process of elimination to close and stop everything on there (assuming this is feasible, I have no idea what that machine is for).
Confirm that the requests stop in Pi-hole. Then, one by one, re-enable and restart everything and determine when the requests start up again.
Once you know that, you can take whatever action you feel is appropriate.
that's one way, can't you do it another way? connect/monitor pihole with taskmanager and PID so that iphole recognizes which process it is right now? i don't know now to do but in the future an idea?
Pi-hole is working at the DNS protocol level across the network. It has no knowledge of how other machines are set up or which processes on those machines are querying domain names.
You have to do that on the offending machine itself, using either a process of elimination or using tools like tcpdump or Wireshark or a commercial product.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
