Log is flooded with reverse DNS lookups

craigim · August 10, 2018, 11:56am

Please follow the below template, it will help us to help you!

Expected Behaviour:

Pihole log shows a reasonable number of dns requests

Actual Behaviour:

After installing v4, everything worked normally (actually much better over v3) for a few days, after which I noticed that things were getting sluggish and the CPU load on my Raspberry Pi B was pegged at 100%. Looking at the tail of the log, entries like

Aug 10 00:04:31 dnsmasq[1727]: 2461507 10.0.0.1/11276 query[PTR] 1.0.0.10.in-addr.arpa from 10.0.0.1
Aug 10 00:04:31 dnsmasq[1727]: 2461507 10.0.0.1/11276 forwarded 1.0.0.10.in-addr.arpa to 10.0.0.1

are appearing in the log at a rate of about 32 per second based on the timestamps. If, however, I go to the console dashboard, I don't see that rate of inquiries, blocked or otherwise. 10.0.0.1 is the address of my router (a Netgear R6250).

The Raspberry Pi that I have it running on is dedicated only to pihole. It's running Raspbian Wheezy Lite.

I have tried pihole -r to repair, but I'm not sure where to go from here other than to downgrade back to 3 to see if it calms down.

Debug Token:

0k1h83r538

jfb · August 10, 2018, 12:30pm

Wheezy is not a supported OS - it is beyond EOL. Recommend upgrading your OS to either Jessie or Stretch.

https://docs.pi-hole.net/ftldns/compatibility/

Ronnick · August 10, 2018, 6:30pm

I’m on the latest rapist stretch and seeing this as well. 3 dirrerent pi’s. An Rp3 and 2 zero W’s. All run fine for a few minutes then a ton of reverse lookups to the point I get query status unknowns because of the lookups. Turned off conditional forwarding for the time being but miss the host names. Using my archer c7 v2 OpenWRT as the DHCP server. Pihole V4.0

Ronnick · August 10, 2018, 6:32pm

Currently running a zero w fresh install.

jfb · August 10, 2018, 6:40pm

Please upload a debug log and post the token here (from your current install).

Ronnick · August 10, 2018, 6:57pm

I’m away at the moment but I’ve looked at the debug log and it looks good to me. I will post a log token as soon as I can.

Ronnick · August 10, 2018, 7:00pm

The odd thing is it doesn’t spam the log until it has run for a bit after a reboot. It seems to run perfectly for a little while before it gets borked with the reverse dns lookup flooding.

craigim · August 10, 2018, 11:22pm

That's what I get for posting before coffee. I'm running Stretch and I run updates regularly.

craigim · August 11, 2018, 12:50am

I turned off conditional forwarding, and that seems to have quieted things down. I then flushed the log and ran another debug session. The token is trotdk0wxd

Ronnick · August 11, 2018, 3:32pm

Just switched conditional forwarding back on. No flooding yet but here’s a token just for a baseline. Will post back when flooding occurs with another token. Token knzsg7ilm7

Ronnick · August 11, 2018, 3:37pm

Flooding just started. Getting query status unknown because of the constant reverse dns lookups. Token 544prsldte

Mcat12 · August 11, 2018, 7:36pm

It seems that you might have a loop between the router and Pi-hole. How is DNS set up in your network? Make sure that if a query is sent to Pi-hole and goes to to router via conditional forwarding that it does not loop back to the Pi-hole.

system · September 1, 2018, 7:36pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.