Please follow the below template, it will help us to help you!
Expected Behaviour:
Show only node-red-google-home.herokuapp.com
Not node-red-google-home.herokuapp.com.media.lan
Actual Behaviour:
Double entries in pihole
node-red-google-home.herokuapp.com
node-red-google-home.herokuapp.com.media.lan
I've a question.
Pi-Hole is running in a docker on a vlan called media.lan.
I also have iot.lan / home.lan / cam.lan
All clients from every vlan obtain an IP address from the USG router
All DNS requests are forwarded by the USG to the Pihole.
All Devices that try to work around my pihole (hardcoded 8.8.8.8) are redirected to to the Pi-Hole.
No one leaves the office by first visiting the pihole.
I noticed double entries in my permitted domain list
Why would I see double entries ?
This is not something that Pi-hole does control or influence - it is your clients that decide to submit those requests, and apart from a higher amount of queries, this is nothing to be worried about.
First, it is not uncommon for clients to honor the local domain by appending or the search suffix to a search when looking up hostnames. What is a bit unusual is that those requests would equal the amount of normal queries, they should be far less.
If you can narrow this down to specific clients, you could try to probe deeper why they do so.
Depending on the software that is submitting these requests, you might be able to exercise some degree of control.
For nslookup and dig, search behavior can be controlled via the ndots option individually. You may also be able to influence this systemwide on a client, e.g. via a respective ndots entry in /etc/resolv.conf for most Linuxs - see man pages for details, e.g.man resolv.conf).
Also when the clients are configured with a FQDN instead of a short name, the search domain/suffix media.lan wont get added when querying (they will have that one dot minimum already):
pi@ph5:~ $ man resolv.conf
[..]
ndots:n
Sets a threshold for the number of dots which
must appear in a name given to res_query(3) (see
resolver(3)) before an initial absolute query
will be made. The default for n is 1, meaning
that if there are any dots in a name, the name
will be tried first as an absolute name before
any search list elements are appended to it. The
value for this option is silently capped to 15.
The importance of using FQDN's
EDIT: hmmm I'm wrong, node-red-google-home.herokuapp.com is already a FQDN with two dots.
Tnx Guys for the suggestions.
I inspected the Docker Host machine and with tip number 1 I was pretty much sure it would be the Node-Red container causing this.. (Because in one of the flows I use Telegram as well).
Stopped the Node-Red Container
Changed DNS1 and DNS2 for that container (DNS1 pi-hole / DNS2 default gateway, gateway redirects by itself to Pi-hole so a bit redundant).
