Many requests to "lb._dns-sd._udp.0.1.168.192.in-addr.arpa"

Please follow the below template, it will help us to help you!

Expected Behaviour:

I should not be seeing requests to lb._dns-sd._udp.0.1.168.192.in-addr.arpa

Actual Behaviour:

I'm seeing lots of requests to lb._dns-sd._udp.0.1.168.192.in-addr.arpa

This is running on a DD-WRT Router. My setup is as follows:

image361×450 25.6 KB

image584×525 43.2 KB

image586×127 12 KB

image424×517 25 KB

image426×312 13.4 KB

I'm pretty sure this has to do with my iptables forced dns redirection. As you can probably see:
Router IP: 192.168.1.1
Subnet: 255.255.255.0
Pi-hole IP: 192.168.1.4

Other Networks
192.168.10.0/24 (No Pi-hole as DNS)

What can I do in the GUI or iptables to stop these requests? I assume they should be going to the router, not from the router to Pi-hole.

Any Help Would be Appreciated!

If you have conditional forwarding enabled in Pi-Hole, then de-select this option and see if that reduces the frequency of requests.

The requests are for DNS Discovery Service, commonly associated with the Bonjour network protocol.

Thanks, I'll try that!

Note that this is normal network traffic. Example from a Pi-Hole running on my network (127 is a Mac Mini, 130 is a MacBook Air, 140 is a Win7 PC, 126 is an iPhone 6S, 125 is an iPad Pro).

sudo grep lb._dns-sd._udp.0 /var/log/pihole.log | grep query | tail -n20
Mar 10 13:49:13 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127
Mar 10 13:49:16 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.130
Mar 10 14:40:03 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.140
Mar 10 14:49:13 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127
Mar 10 15:40:03 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.140
Mar 10 15:49:13 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127
Mar 10 15:50:06 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.130
Mar 10 16:23:58 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.126
Mar 10 16:39:57 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.140
Mar 10 16:49:13 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127
Mar 10 17:21:29 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.125
Mar 10 17:39:46 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.140
Mar 10 17:49:13 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127
Mar 10 17:50:56 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.130
Mar 10 18:38:54 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.140
Mar 10 18:49:13 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127
Mar 10 19:38:54 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.140
Mar 10 19:49:13 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127
Mar 10 19:51:46 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.130
Mar 10 20:28:38 dnsmasq[500]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.127

I would assume, but why is it flooding Pi-hole?

It's flooding Pi-Hole because you likely have a loop between Pi-Hole and your router. This is commonly caused by having conditional forwarding enabled.

Is there a way in iptables to fix this?

I don't know. I don't use iptables to re-direct traffic.

Is there an alternate method to do this?

Do you have conditional forwarding enabled?

Not anymore. I disabled it and reanabled it, flushed the logs and not seeing it again...

First, I specified my Upstream servers in the router, kept the IPTables rules and then I did this:

image490×404 20.7 KB

image988×601 69.9 KB

No more requests!

I am happy now