Localhost Querying Pihole domain?

I have noticed that the localhost has been querying the pihole domain quite often, anyone know why this is happening?

2 Likes

It is likely resolving internal domains. Can you post a few lines from /var/log/pihole.log or your query log showing this activity?

Dec 22 16:56:40 dnsmasq[621]: query[A] PiHole from 127.0.0.1
Dec 22 16:56:40 dnsmasq[621]: /etc/pihole/local.list PiHole is 192.168.2.5
Dec 22 16:56:40 dnsmasq[621]: query[AAAA] PiHole from 127.0.0.1
Dec 22 16:56:40 dnsmasq[621]: config PiHole is NODATA-IPv6

This looks normal. The Pi or software on the Pi (both show as localhost) is looking for the Pi-Hole address.

I understand that but why is it doing it every 10 seconds?

Do you have conditional forwarding enabled?

I do, is that what is causing this?

It could be. Conditional forwarding generates additional traffic between the router and Pi-Hole. Disable conditional forwarding for a bit and see if the behavior changes.

2019-01-03 15:57:10 A pihole localhost OK (cached) IP (0.1ms) Blacklist
2019-01-03 15:57:10 AAAA pihole localhost Unknown N/A
2019-01-03 15:57:08 A pihole localhost OK (cached) IP Blacklist
2019-01-03 15:57:08 AAAA pihole localhost Unknown N/A
2019-01-03 15:57:06 A pihole localhost OK (cached) IP Blacklist
2019-01-03 15:57:06 AAAA pihole localhost Unknown N/A
2019-01-03 15:57:03 A pihole localhost OK (cached) IP Blacklist
2019-01-03 15:57:03 AAAA pihole localhost Unknown N/A

Nope

This is weird i have even gone in and tried setting ttl for auth and local for dnsmasq to something that will make it cache it longer in hoping it would quit asking but it just keeps on going.

Setting a longer TTL won't make the device stop asking for the address, it will just extend the time that the answer is retained in cache.

What other software is running on the Pi in addition to Pi-Hole?

What version of Pi-Hole are you running?

I was hoping it would force the DNS client to realize that the ttl is X amount of time so quit asking :slight_smile:

PiHole 4.1.1

Running the latest version of PiVPN as well.

Please run a debug log and upload the token so we can look at your configuration for any problems.

Just now seeing this in the morning, I am no longer seeing these entries at such a rapid frequency, i made a couple of changes yesterday.

Changed local-ttl to 3600 like all of my other ttl settings for dnsmasq and i also knocked off the network my MiRobot vacuum which was polling the amazon instance every 2 seconds (hence the reason for me getting into dnsmasq/ttl configs in the first place) and my recent Denon 740H reciever that was querying for the full 32 bits of the local subnets reverse DNS zone every 5 seconds.

Taking these both offline and making the ttl changes has stopped all of the white noise on my install and I am going to run with this moving forward.

Hopefully this provides some information for anyone else that might see this problem.

If you would still like a debug session let me know, never done one.

Send us the token generated by

pihole -d

or do it through the Web interface:

udg1d4ndkj

Your debug log doesn't show any problems. The section pasted below is where Pi-Hole is tested using the loopback and LAN-facing IP's, and then with a third party DNS bypassing Pi-Hole. You should see success on all of these in a properly functioning Pi-Hole:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] hgb.ioaserf.cc;1 is 0.0.0.0 via localhost (127.0.0.1)
[✓] hgb.ioaserf.cc;1 is 0.0.0.0 via Pi-hole (192.168.1.5)
[✓] doubleclick.com is 172.217.2.238 via a remote, public DNS server (8.8.8.8)

Thanks @jfb for taking to time to check everything out, I really think it was some device on my LAN causing the issue.