Most Queries answered by Router (V5)

Hi,
I was one of the version beta 5 testers.
It might be me who don't remember or I have accidentally done a configuration I should/t have done, but don't remember I did...
I believe I before under 'Queries answered by' I saw the individual devices, but now I see most of the queries answered by the router (IP address) and next by the localhost and the rest by the cache.

Question is the correct/expected behavior?

Warm Regards - Steen

HW, OS, Config
Pi3B+
OS V10 Buster
Pi-hole V5
Used as DNS (unbound installed)
Router (Edgerouter ER4) is the DHCP server, configured to use Pi-hole as the DNS server
Upstream DNS Servers > 127.0.0.1#5335
Pi-hole assigned a static IP address
Advanced DNS settings:
Selected > Never forward non-FQDNs, Never forward reverse lookups for private IP ranges, Use DNSSEC
Not selected > Conditional forwarding

Debug Token:
https://tricorder.pi-hole.net/rfkamwvxb6

Your router shouldn't make an appearance as forward destination for Pi-hole if you haven't configured it.

You seem to strive at using unbound as Pihole's only upstream DNS server.

However, your debug log shows several anomalies in this regard:

*** [ DIAGNOSING ]: Setup variables
    PIHOLE_DNS_1=127.0.0.1#5335

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d
-rw-r--r-- 1 root root 1503 Jun  6 10:17 /etc/dnsmasq.d/01-pihole.conf
   server=127.0.0.1

*** [ DIAGNOSING ]: contents of /var/log
-rw-r--r-- 1 pihole pihole 31304 Jun  6 16:13 /var/log/pihole-FTL.log

   -----tail of pihole-FTL.log------
   [2020-06-06 10:17:21.003 2081] Imported 112838 queries from the long-term database
   [2020-06-06 10:17:21.004 2081]  -> Total DNS queries: 112838
   [2020-06-06 10:17:21.004 2081]  -> Cached DNS queries: 21843
   [2020-06-06 10:17:21.004 2081]  -> Forwarded DNS queries: 84243
   [2020-06-06 10:17:21.004 2081]  -> Blocked DNS queries: 6711
   [2020-06-06 10:17:21.004 2081]  -> Unknown DNS queries: 41
   [2020-06-06 10:17:21.004 2081]  -> Unique domains: 2438
   [2020-06-06 10:17:21.004 2081]  -> Unique clients: 36
   [2020-06-06 10:17:21.004 2081]  -> Known forward destinations: 2

It seems that unbound's 5335 port was configured during initial install (when setupVars.conf was written to), but somehow that information was lost or changed and didn't make it into dnsmasq's configuration.

This would mean that your Pi-hole may use the upstream nameserver as set in /etc/resolv.conf instead. I'm not entirely sure if that would also account for the fact that Pi-hole claims to know 2 forward destinations when you've in fact configured only one.

Nevertheless, you should try fixing the port first.
Do so via Pi-hole's UI and don't forget to save, then verify that /etc/dnsmasq.d/01-pihole.conf received the changes and report back if the issue persists.

Hi jfb....

Right - I read that, but somehow I can't why explain, but previously I didn't see the before the router as the main...

I checked the name server in the router I got:

Linux hansen-lopez 4.9.79-UBNT #1 SMP Thu Mar 5 16:49:39 UTC 2020 mips64

Welcome to EdgeOS
Last login: Sat Jun 6 16:46:33 2020 from xxx.xxx.1.40
steen@hansen-lopez:~$ show dns forwarding nameservers

Nameservers configured for DNS forwarding

xxx.xxx.1.2 available via 'statically configured'

So the only name server should be pi-hole...or?

Hi Bucking_Horn,

Thanks...

Not sure if I did the right way...
below what's in /etc/dnsmasq.d/01-pihole.conf

addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
cache-size=10000
log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
server=127.0.0.1#5335
domain-needed
bogus-priv
dnssec
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
interface=eth0
server=/use-application-dns.net/

I got this from the /var/log/pihole-FTL.log...

Imported 63937 queries from the long-term database
[2020-06-06 09:28:31.509 863] -> Total DNS queries: 63937
[2020-06-06 09:28:31.509 863] -> Cached DNS queries: 22172
[2020-06-06 09:28:31.509 863] -> Forwarded DNS queries: 34972
[2020-06-06 09:28:31.509 863] -> Blocked DNS queries: 6768
[2020-06-06 09:28:31.509 863] -> Unknown DNS queries: 25
[2020-06-06 09:28:31.509 863] -> Unique domains: 2450
[2020-06-06 09:28:31.509 863] -> Unique clients: 36
[2020-06-06 09:28:31.509 863] -> Known forward destinations: 1
[2020-06-06 09:28:31.509 863] Successfully accessed setupVars.conf

I'll see if this fixed the "issue" and come back with an update

Looking good.
(I strip all the irrelevant stuff from the logs, just posting the conspicuous parts - in this case, the server line in dnsmasq.conf, which now correctly carries the port).

As Pi-hole's dashboard is based on the most recent 24 hours, you should see it normalise by the same time tomorrow.

Given the fact that your pihole-FTL.log already shows only 1 forward destination, I am fairly confident that your issue has been addressed.
Looking forward to your confirmation tomorrow. :wink:

Got it, I shall strip not needed in the future, just I felt better tobe sure than sad :slight_smile:
Thanks...

PS: Got another "issue" will come to that after this one :slight_smile: :slight_smile:

Hi Bucking_Horn,

I am back...

Can I presume photo 1 shows the expected result?
And photo 2 looks right too?

Steen

Those screenshots look inconspicious to me:
All queries are forwarded to your localhost unbound now, if not blocked or answered by cache - no more router showing up unexpectedly. :slight_smile:

:slight_smile: :slight_smile:
Thanks for your help, very appreciated...
Stay Safe