Most Queries answered by Router (V5)

I was one of the version beta 5 testers.
It might be me who don't remember or I have accidentally done a configuration I should/t have done, but don't remember I did...
I believe I before under 'Queries answered by' I saw the individual devices, but now I see most of the queries answered by the router (IP address) and next by the localhost and the rest by the cache.

Question is the correct/expected behavior?

Warm Regards - Steen

HW, OS, Config
OS V10 Buster
Pi-hole V5
Used as DNS (unbound installed)
Router (Edgerouter ER4) is the DHCP server, configured to use Pi-hole as the DNS server
Upstream DNS Servers >
Pi-hole assigned a static IP address
Advanced DNS settings:
Selected > Never forward non-FQDNs, Never forward reverse lookups for private IP ranges, Use DNSSEC
Not selected > Conditional forwarding

Debug Token:

Your router shouldn't make an appearance as forward destination for Pi-hole if you haven't configured it.

You seem to strive at using unbound as Pihole's only upstream DNS server.

However, your debug log shows several anomalies in this regard:

*** [ DIAGNOSING ]: Setup variables

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d
-rw-r--r-- 1 root root 1503 Jun  6 10:17 /etc/dnsmasq.d/01-pihole.conf

*** [ DIAGNOSING ]: contents of /var/log
-rw-r--r-- 1 pihole pihole 31304 Jun  6 16:13 /var/log/pihole-FTL.log

   -----tail of pihole-FTL.log------
   [2020-06-06 10:17:21.003 2081] Imported 112838 queries from the long-term database
   [2020-06-06 10:17:21.004 2081]  -> Total DNS queries: 112838
   [2020-06-06 10:17:21.004 2081]  -> Cached DNS queries: 21843
   [2020-06-06 10:17:21.004 2081]  -> Forwarded DNS queries: 84243
   [2020-06-06 10:17:21.004 2081]  -> Blocked DNS queries: 6711
   [2020-06-06 10:17:21.004 2081]  -> Unknown DNS queries: 41
   [2020-06-06 10:17:21.004 2081]  -> Unique domains: 2438
   [2020-06-06 10:17:21.004 2081]  -> Unique clients: 36
   [2020-06-06 10:17:21.004 2081]  -> Known forward destinations: 2

It seems that unbound's 5335 port was configured during initial install (when setupVars.conf was written to), but somehow that information was lost or changed and didn't make it into dnsmasq's configuration.

This would mean that your Pi-hole may use the upstream nameserver as set in /etc/resolv.conf instead. I'm not entirely sure if that would also account for the fact that Pi-hole claims to know 2 forward destinations when you've in fact configured only one.

Nevertheless, you should try fixing the port first.
Do so via Pi-hole's UI and don't forget to save, then verify that /etc/dnsmasq.d/01-pihole.conf received the changes and report back if the issue persists.

Hi jfb....

Right - I read that, but somehow I can't why explain, but previously I didn't see the before the router as the main...

I checked the name server in the router I got:

Linux hansen-lopez 4.9.79-UBNT #1 SMP Thu Mar 5 16:49:39 UTC 2020 mips64

Welcome to EdgeOS
Last login: Sat Jun 6 16:46:33 2020 from
steen@hansen-lopez:~$ show dns forwarding nameservers

Nameservers configured for DNS forwarding available via 'statically configured'

So the only name server should be pi-hole...or?

Hi Bucking_Horn,


Not sure if I did the right way...
below what's in /etc/dnsmasq.d/01-pihole.conf


I got this from the /var/log/pihole-FTL.log...

Imported 63937 queries from the long-term database
[2020-06-06 09:28:31.509 863] -> Total DNS queries: 63937
[2020-06-06 09:28:31.509 863] -> Cached DNS queries: 22172
[2020-06-06 09:28:31.509 863] -> Forwarded DNS queries: 34972
[2020-06-06 09:28:31.509 863] -> Blocked DNS queries: 6768
[2020-06-06 09:28:31.509 863] -> Unknown DNS queries: 25
[2020-06-06 09:28:31.509 863] -> Unique domains: 2450
[2020-06-06 09:28:31.509 863] -> Unique clients: 36
[2020-06-06 09:28:31.509 863] -> Known forward destinations: 1
[2020-06-06 09:28:31.509 863] Successfully accessed setupVars.conf

I'll see if this fixed the "issue" and come back with an update

Looking good.
(I strip all the irrelevant stuff from the logs, just posting the conspicuous parts - in this case, the server line in dnsmasq.conf, which now correctly carries the port).

As Pi-hole's dashboard is based on the most recent 24 hours, you should see it normalise by the same time tomorrow.

Given the fact that your pihole-FTL.log already shows only 1 forward destination, I am fairly confident that your issue has been addressed.
Looking forward to your confirmation tomorrow. :wink:

Got it, I shall strip not needed in the future, just I felt better tobe sure than sad :slight_smile:

PS: Got another "issue" will come to that after this one :slight_smile: :slight_smile:

Hi Bucking_Horn,

I am back...

Can I presume photo 1 shows the expected result?
And photo 2 looks right too?


Those screenshots look inconspicious to me:
All queries are forwarded to your localhost unbound now, if not blocked or answered by cache - no more router showing up unexpectedly. :slight_smile:

:slight_smile: :slight_smile:
Thanks for your help, very appreciated...
Stay Safe