IPv6 queries, localhost

1a7e2bd6 · May 13, 2017, 12:17pm

The last period I got more and more queries with the below messages. I am looking and searching for a clue to solve this, but until now no idea.
It is very annoying that there are so much queries from the "localhost", but what are they or what is the meaning of these.

piece from log
May 13 14:06:01 dnsmasq[714]: query[AAAA] raspberrypi_hole from 127.0.0.1
May 13 14:06:01 dnsmasq[714]: cached raspberrypi_hole is NODATA-IPv6
May 13 14:06:02 dnsmasq[714]: query[AAAA] raspberrypi_hole from 127.0.0.1
May 13 14:06:02 dnsmasq[714]: cached raspberrypi_hole is NODATA-IPv6
May 13 14:06:03 dnsmasq[714]: query[AAAA] raspberrypi_hole from 127.0.0.1
May 13 14:06:03 dnsmasq[714]: cached raspberrypi_hole is NODATA-IPv6
May 13 14:06:03 dnsmasq[714]: query[AAAA] raspberrypi_hole from 127.0.0.1
May 13 14:06:03 dnsmasq[714]: cached raspberrypi_hole is NODATA-IPv6

I also had disabled ipv6 but why is this one still in the logs visable? (in modprobe.d/ipv6.conf I had added a rule "blacklist ipv6")

Anyone got an idea how to solve this, I have the idea to get completely wrong information about the top domains and top cliens (both are raspberry pi`s)

Mcat12 · May 13, 2017, 7:41pm

Something running on your Pi is requesting that domain a lot, so you need to find that as it's the root cause. As for why it still is logging IPv6 requests when you disabled IPv6, DNS allows IPv6 requests to be made via IPv4. It just gives back the IPv6 address instead of the IPv4 address then.

jacob.salmela · May 15, 2017, 3:16am

In addition to what @Mcat12 said, in cases like this, you often need to turn all the services off and turn them back on one by one to determine what is causing the queries to happen.

1a7e2bd6 · May 15, 2017, 6:37pm

Hi Mcat12 & Jacob,

Thanks for your replies, I guess I found the problem -> exim4
I had some scripts running at random times, where the cron wants to mail the output of those scripts. The result was a mail file of over 250mb in a few weeks, with just that mailinformation.
Now I have disabled the mailnotifications of the cron, so that will be ended for now, but there are still some more things to search for.

I have disabled the ipv6 on Exim4
Need to disable ipv6 reverse lookup in the ssh server (this could also be a reason that even when disabling ipv6, there are still connection proofs made)

Thanks, and keep up the very good work with the pi, I am very happy with it.