It’s a mesh wifi system called omni duo by jensen of scandinavia, rented from my isp. That sounds like what it could be doing, its already made about 22k queries alone this far. I usuallly dont have much experience with these mesh networks but it seemed fine.
At this stage, that is just a guess.
I've never heard of Jensen routers before, so you'd have to consult your router's documentation and support channels with regards to its configuration.
If you have access to another router, you could try to switch routers to verify whether those unexpected requests for
www.microsoft.com would cease.
But you also shouldn't discard other devices yet, as your debug log shows your router to distribute its own IP as local DNS server via DHCP:
*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds) Scanning all your interfaces for DHCP servers * Received 300 bytes from eth0:192.168.39.1 Offered IP address: 192.168.39.153 DHCP options: Message type: DHCPOFFER (2) router: 192.168.39.1 dns-server: 192.168.39.1 --- end of options ---
This would mean that any device that you haven't pointed manually to use Pi-hole would send its DNS requests to your router, which may be configured to use Pi-hole as its upstream DNS and hence forward those requests to your Pi-hole.
So any device that obtains its DNS information through your router's DHCP server could also be sending those requests.
Isn't that normal behavior by setting pihole's address in the router as dns entry? i thought that was the whole point to automatically make devices on the network use it, or is that problem in terms of it's not supposed to be like that.
I am 100% sure it's my router doing it at this point. 192.168.39.153 and 220.127.116.11 are my dietpi/pihole and router addresses respectively. Everything else is manually set or offline tested.
This is dependent on the router. My routers (Apple models) distribute the IP of Pi-hole and all the network clients use those IPs directly, without going through the router. Pi-hole sees every client as an individual client, as opposed to all the clients appearing to come through the router.
There are some confusing settings within the app, but I'll have a look. Considering my pi is a lot more prone to crashing than my router, I'm a little afraid of switching, if it's even possible like i mentioned earlier. Just of getting put in a situation where i will in some event not be able to access the pihole and lose my network.
At any rate with my current setup, it will continue to fill up the query log. It would be immensely useful if there was a feature implemented like @chrislph mentioned earlier to combat routers who behave like this, i'm not sure how prevalent they are. I'll weigh in on that request thread.
This is something you should address. Given adequate and continuous power, a Pi should very (very) rarely crash.
Mine routinely run months, and would likely run much longer unless I reboot them for kernel updates.
I'm running various other software alongside pihole with dietpi, even though it's probably not a great idea, it's kind of the only pi i have at the moment with the current prices.
I noticed most of the time it will show up as cache in the log, and other times it will be answered by unbound, but it's the same type of microsoft request, could this mean there's a different domain?
This shouldn't be happening if you have a decent power supply (eg the official one) and a good quality SD card. If you experiencing crashing then look at these and try to identify the cause.
For example a few years back a friend's Pi kept going offline and it turned out to be an interaction with his router sending malformed packets, and an older version of dhcpcd which crashed when it received them. That was fixed working with the dhcpcd author. These kind of interactions are quite unlikely and you shouldn't be seeing crashing.
I’ve gone through the router app settings, there doesnt appear to be any tick box option to directly turn off dhcp, but there are a few other settings for manually tuning. Im not sure if it will work for disabling.
Theres the issue with if i configure it wrong i will not be able to revert the settings, because i will completely lose access to the router in the app when i lose connection and have to reset router, naturally..
If anyone here wish to give me some guidance and help me configure or validate if changing any of these settings to use pihole as dhcp will work.
Theres an option for setting a static IP under internet settings from dhcp.
Then there’s the setting for dhcp server, but no off option here. I was thinking of pointing this to pihole’s address and in turn this would work of using that as the server instead, could this work?
If you could turn off the router's DHCP server and turn on the Pi-hole's DHCP server that would be the way I described. If you cannot turn off the router's DHCP server then the alternative approach is to tell the router's DHCP server to hand out the Pi-hole's address as DNS for the clients connecting.
The DHCP under Connection Type looks like the part related to the external IP address from your ISP. Don't change the Connection settings.
The later screenshot showing DHCP Server is your router handing out addresses on your network. That looks like the right section but there's nothing in there about the DNS to hand out so you can leave that as it is.
Is that it in the DNS section just below? What is in there?
This is the only setting where i can point the pihole’s dns, but as others have told me here my router does not respect this setting properly if not set manually on the device.
Would you suggest setting this setting to use a different dns and set piholes ip within the dhcp server setting maybe? I’ve done an attempt to set this already without changing the dns first, this like i mentioned earlier locked me out of the network, and i lost access to the admin panel to turn on pihole dhcp.
Yes that would be where you switch it to manual and put in the Pi-hole's address
192.168.39.153. The screenshot already shows this, so I assume that this was you already changing it before posting? Because further up your debug log showed that the router was giving out
18.104.22.168 (itself) as the DNS.
So after changing it, disconnect and reconnect a device from your network (toggle airplane mode, or its wifi off and on, or pull and reinsert the network cable). This will pick up its IP from the router's DHCP server again, but now it should get the Pi-hole's address as the DNS server because now the router is handing that out.
Then load a test site on the device, eg a local news site, and then look at the Pi-hole Query Log. You should be seeing that device's IP or even hostname appearing there directly now.
I'm assuming the Pi-hole itself is still running Unbound locally, as you mentioned yesterday, and that this is still working okay.
Couple of paragraphs from the user manual I found online, translated with Google Translate.
Omni uses 192.168.39.xxx as the default IP range for distributing IP addresses etc. If you want to change to another IP address range, you can do this by pressing Manual. Then enter the desired IP address range and press Save.
Omni uses as standard DNS addresses it receives from the internet modem. If you wish to
use other DNS addresses, you can change this by pressing Manual, enter new DNS addresses and press Save.
If this is working, you can disconnect and reconnect all the other devices, and now you should be able to see where these microsoft queries are coming from too.
I'm sorry. No the "Preferred DNS server" setting you see here with with Pihole's adress has been set for a long time.
From the link a little above here.
I have been using the router's standard DHCP setting all this time. With this I'm trying to say I changed the DHCP server IP from 192.168.39.1 (standard) to 192.168.39.53 (manual), to try and tell it this will be the new DHCP server, while still having 192.168.39.53 set in the DNS section on the other setting, so i was wondering if that was a mistake or if that is the right way to try to do it somehow. But i see now with the manual you found (that did not come with my router but i wish it did) that this is for setting local dhcp range, but there is no information about an endpoint to that range, so i don't understand.
Can i, or how can i, use these available settings switch to using pihole as dhcp server in the web interface? Another question i have is, how can i be sure these repeating www.microsoft.com queries even stop if i do that?
Can i set one range in the router's DHCP settings, and another in pihole's to not conflict somehow maybe? again I don't know what end range the router is, i only know the starting range.
I assume that's a typo here, as further up it's 153 not 53. Double check your entries.
I don't know, this router interface seems to have limited configurability.
That's what I do, so I can switch from the Pi-hole's DHCP server to the router's DHCP during any downtime needed and be sure there will no lease conflicts, but it's important to note that you still need to have just one DHCP server running, so you're back to switching off the router DHCP. If that's not possible you'll have to experiment with how to make it hand out the Pi-hole as DNS, if that is possible. The screenshot you posted seemed to show it was, but then your experience and debug log says the router is handing out its own address as DNS.
They won't; Pi-hole is just reporting what it sees being requested. The changes described here are secondary and a way to get more info by having the clients query Pi-hole directly, rather than query the router which queries Pi-hole.
To deal with the cause of the microsoft lookups you need to identify which device on your network is sending the queries and then make it stop. Using the approach of starting with your router and Pi-hole, checking that for a while, then adding your phone, checking that for a while, and adding more devices one by one, you'll be able to work out what's sending it.
Yes that was typo, my bad. Entries are correct.
It is my router unfortunately, so I'm out of luck for now.
Thanks for the assistance to all in here!
The router's DNS setting configures its own upstream DNS only, not the one send to DHCP clients. And in DHCP settings, no DNS can be configured. And I also do not see an option to disable the router's DHCP server, so that Pi-hole's cannot be used either. I'd contract the router's support and ask about:
- Whether/how it's possible to disable the router's DHCP server
- Whether/how it's possible to customise the DNS server that is handed over to DHCP clients
- Whether the router sends very frequent network requests to
www.microsoft.com, if so for what purpose and whether/how it can be omitted
If I'm not mistaken, by shutting down DHCP clients, you essentially ruled out any culprit but the router itself, unless there is a man in the wall (or neighbour) connected. Sadly I also do not see any connected clients list in that app UI to rule that out. Another question (more a request) for the support .
Btw, if you do face crashes, feel free to contact us via GitHub or forum to investigate. Apart of powering/PSU, also filesystem corruption, insufficient system memory (out-of-memory kills) and in rare cases CPU overheating (automatic security shutdown, but it should throttle down CPU frequency and voltage before, preventing the shutdown) can be reasons. An RPi can run incredibly stable, but of course there are more degrees of freedom to potentially cause instabilities compared to a router with stock firmware.
I've contacted support, he confirmed the router does request to some sort of cloud system under what i would guess the microsoft domain, that makes sense with the cname category.
He tells me to set the router in bridge mode to disable dhcp, i.e buy a new router and disable this one i guess? very strange. In other words he's suggesting not possible.
He tells me to set the DNS settings, so not very helpful. I tired explaining that i want the router to not be my local dns server and that it still is with these settings, other would normally be under the dhcp options in other routers i guess...
Not a great first impression with these mesh systems, but then again this is probably meant for someone with a different use case than mine.
Thank you, I might put up a post to find out what's going on with the crashes, it might be a filesystem problem. It seems to always crash when using kodi.
Isn't there a setting to switch between host mode and bridge mode or so?
Does not appear to be able to be a host. Setting bridge mode prompts a warning about that the router will have dns, dhcp and port forwarding be disabled and that it will only be able to connect after being connected to a router with internet access. Using my older asus router as a host will be bad for stability, and no 5ghz support.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.