lb._dns-sd._udp.MYDomain.net blacklisted

mcnahum · January 4, 2021, 6:28pm

I got some new blacklisted entries on my log:

lb._dns-sd._udp.clients.MyDomain.net and b._dns-sd._udp.clientsMyDomain.net (where MyDomain.net is the name of my domain and clients were my clients devices are...)

if I click on white list I'm getting an error:

Domain lb._dns-sd._udp.clients.MyDomain.net is not a valid domain.
Added 0 out of 1 domains

any clues on it?

jfb · January 4, 2021, 6:30pm

Please provide some details of these queries and replies from your dnsmasq log at:

/var/log/pihole.log

You should see a query, a forward and a reply for each. Post a few lines showing several examples.

mcnahum · January 4, 2021, 6:38pm

not sure if it's enough ... it's a big file ...

Jan  4 19:28:43 dnsmasq[31518]: query[PTR] lb._dns-sd._udp.0.10.168.192.in-addr.arpa from 192.168.10.196
Jan  4 19:28:43 dnsmasq[31518]: forwarded lb._dns-sd._udp.0.10.168.192.in-addr.arpa to 8.8.4.4
Jan  4 19:28:43 dnsmasq[31518]: query[PTR] lb._dns-sd._udp.clients.MyDomain.net from 192.168.10.196
Jan  4 19:28:43 dnsmasq[31518]: config lb._dns-sd._udp.clientsMyDomain.net is NXDOMAIN
Jan  4 19:28:49 dnsmasq[31518]: query[PTR] lb._dns-sd._udp.0.10.168.192.in-addr.arpa from 192.168.10.205

jfb · January 4, 2021, 7:36pm

These are DNS Discover Service queries, frequently associated with the Apple Bonjour protocol.

When these are forwarded to an upstream DNS resolver (in your case Google DNS), that resolver is unable to resolve them if they are not defined on an authoritative nameserver (and they are not).

mcnahum · January 4, 2021, 11:21pm

Thanks, but is it normal to have a block displayed as blocked?

Blocked (regex blacklist)

jfb · January 5, 2021, 12:20am

Why is NXDOMAIN better than the NULL IP?

jfb · January 5, 2021, 12:47am

This is not consistent with what the developers have found. This is why NULL blocking is the default in Pi-hole, not NXDOMAIN.

https://docs.pi-hole.net/ftldns/blockingmode/

Advantages & Disadvantages

Similar to NULL blocking, but experiments suggest that clients may try to resolve blocked domains more often compared to NULL blocking.

DL6ER · January 5, 2021, 12:50pm

@anon55913113 is right, this bug is about you being authoritative for MYDomain.net and a cosmetic issue in Pi-hole displaying such domains as (regex) blocked when they don't exist. This bug will get fixed by the PR referenced in this other thread.

mcnahum · January 5, 2021, 1:18pm

Thanks,
I also see on the block list a search from my Windows devices of "WPAD.clients.MYDomain.net" I guess it's for the Web Proxy Auto-Discovery ...? it's display as blocked also on the Query Log in the interface...

DL6ER · January 5, 2021, 1:20pm

Yes, I guess this is expected with Windows.

That'll be resolved with the same bugfix.

system · January 26, 2021, 1:20pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.