Jan 28 07:43:40 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:43:40 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:43:40 dnsmasq[1502]: dnssec-query[DS] mako.co.il to 208.67.222.123
Jan 28 07:43:41 dnsmasq[1502]: reply mako.co.il is no DS
Jan 28 07:43:41 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:43:41 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:43:41 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:43:41 dnsmasq[1502]: cached www.mako.co.il is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: cached e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:43:41 dnsmasq[1502]: query[A] rcs.mako.co.il from samsung
Jan 28 07:43:41 dnsmasq[1502]: forwarded rcs.mako.co.il to 208.67.222.123
Jan 28 07:43:41 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:43:41 dnsmasq[1502]: reply rcs.mako.co.il is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:43:41 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:43:41 dnsmasq[1502]: query[A] connect.facebook.net from samsung
Jan 28 07:43:41 dnsmasq[1502]: cached connect.facebook.net is <CNAME>
--
Jan 28 07:44:20 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:44:20 dnsmasq[1502]: cached www.mako.co.il is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:44:20 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:44:20 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:44:20 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:44:26 dnsmasq[1502]: query[A] realtime.www.linkedin.com from pc
Jan 28 07:44:26 dnsmasq[1502]: forwarded realtime.www.linkedin.com to 208.67.222.123
Jan 28 07:44:26 dnsmasq[1502]: forwarded realtime.www.linkedin.com to 1.1.1.3
Jan 28 07:44:26 dnsmasq[1502]: dnssec-query[DS] linkedin.com to 1.1.1.3
Jan 28 07:44:26 dnsmasq[1502]: reply linkedin.com is no DS
Jan 28 07:44:26 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:44:26 dnsmasq[1502]: reply realtime.www.linkedin.com is <CNAME>
Jan 28 07:44:26 dnsmasq[1502]: reply mix.linkedin.com is <CNAME>
--
Jan 28 07:45:23 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:45:23 dnsmasq[1502]: cached www.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:45:23 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:45:23 dnsmasq[1502]: reply rcs.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:45:23 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:45:23 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:45:23 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:45:23 dnsmasq[1502]: reply mobile.mako.co.il is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:45:23 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:45:50 dnsmasq[1502]: query[A] ipv4.tracker.harry.lu from 192.168.55.100
Jan 28 07:45:50 dnsmasq[1502]: forwarded ipv4.tracker.harry.lu to 208.67.222.123
Jan 28 07:45:50 dnsmasq[1502]: dnssec-query[DS] harry.lu to 208.67.222.123
Jan 28 07:45:50 dnsmasq[1502]: query[A] ipv4.tracker.harry.lu from 192.168.55.100
--
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:47:25 dnsmasq[1502]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 07:47:25 dnsmasq[1502]: query[A] rcs.mako.co.il from samsung
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.mako.co.il from samsung
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.google.com from samsung
Jan 28 07:47:25 dnsmasq[1502]: cached www.google.com is 172.217.18.36
Jan 28 07:47:25 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:47:25 dnsmasq[1502]: reply www.mako.co.il is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:47:25 dnsmasq[1502]: validation result is INSECURE
Jan 28 07:47:25 dnsmasq[1502]: reply rcs.mako.co.il is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 07:47:25 dnsmasq[1502]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 07:47:48 dnsmasq[1502]: query[A] wpad.lan from pc
Jan 28 07:47:48 dnsmasq[1502]: cached wpad.lan is NXDOMAIN
Jan 28 07:48:16 dnsmasq[1502]: query[A] www.google.com from samsung
Jan 28 07:48:17 dnsmasq[1502]: forwarded www.google.com to 208.67.222.123
--
Jan 28 08:01:58 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:01:58 dnsmasq[9917]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: dnssec-query[DS] mako.co.il to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: reply mako.co.il is no DS
Jan 28 08:01:58 dnsmasq[9917]: dnssec-query[DS] edgekey.net to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:01:58 dnsmasq[9917]: reply edgekey.net is no DS
Jan 28 08:01:58 dnsmasq[9917]: dnssec-query[DS] akamaiedge.net to 208.67.222.123
Jan 28 08:01:58 dnsmasq[9917]: reply akamaiedge.net is no DS
Jan 28 08:01:58 dnsmasq[9917]: validation result is INSECURE
Jan 28 08:01:58 dnsmasq[9917]: reply www.mako.co.il is <CNAME>
Jan 28 08:01:58 dnsmasq[9917]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:01:58 dnsmasq[9917]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 08:01:59 dnsmasq[9917]: query[A] googleads.g.doubleclick.net from samsung
Jan 28 08:01:59 dnsmasq[9917]: gravity blocked googleads.g.doubleclick.net is 0.0.0.0
Jan 28 08:01:59 dnsmasq[9917]: query[A] www.googletagservices.com from samsung
Jan 28 08:01:59 dnsmasq[9917]: gravity blocked www.googletagservices.com is 0.0.0.0
Jan 28 08:01:59 dnsmasq[9917]: query[A] mrb.upapi.net from samsung
Jan 28 08:01:59 dnsmasq[9917]: gravity blocked mrb.upapi.net is 0.0.0.0
Jan 28 08:01:59 dnsmasq[9917]: query[A] mobile.mako.co.il from samsung
Jan 28 08:01:59 dnsmasq[9917]: forwarded mobile.mako.co.il to 208.67.222.123
--
Jan 28 08:03:13 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:03:13 dnsmasq[9917]: cached www.mako.co.il is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: forwarded www.mako.co.il to 208.67.222.123
Jan 28 08:03:13 dnsmasq[9917]: validation result is INSECURE
Jan 28 08:03:13 dnsmasq[9917]: reply www.mako.co.il is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: reply wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: reply e974.b.akamaiedge.net is 104.79.233.245
Jan 28 08:03:13 dnsmasq[9917]: query[A] www.mako.co.il from samsung
Jan 28 08:03:13 dnsmasq[9917]: cached www.mako.co.il is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: cached wilcard.mako.co.il.edgekey.net is <CNAME>
Jan 28 08:03:13 dnsmasq[9917]: cached e974.b.akamaiedge.net is 104.79.233.245
Jan 28 08:03:13 dnsmasq[9917]: query[A] googleads.g.doubleclick.net from samsung
Jan 28 08:03:13 dnsmasq[9917]: gravity blocked googleads.g.doubleclick.net is 0.0.0.0
Jan 28 08:03:13 dnsmasq[9917]: query[A] ssl.gstatic.com from pc
Jan 28 08:03:13 dnsmasq[9917]: forwarded ssl.gstatic.com to 208.67.222.123
Jan 28 08:03:13 dnsmasq[9917]: query[A] www.googletagservices.com from samsung
Jan 28 08:03:13 dnsmasq[9917]: gravity blocked www.googletagservices.com is 0.0.0.0
Jan 28 08:03:13 dnsmasq[9917]: query[A] mrb.upapi.net from samsung
Jan 28 08:03:13 dnsmasq[9917]: gravity blocked mrb.upapi.net is 0.0.0.0
I know, i'm not sure if i installed the latest update today before or after that query in the log. but was this fixed in the last update?
just to note the last time I updated was on Sunday if I remember correctly.
Last gravity run finished at: Thu 28 Jan 07:49:12 IST 2021
and the query happend at
Jan 28 07:47:25 dnsmasq[1502]: query[A] www.mako.co.il from samsung
The gravity update was likely triggered by the Pi-hole update. So the query happend before the update.
Please continue to watch the query log for unknown(0) queries and report back if the still occure.
Jan 29 16:31:00 dnsmasq[9917]: query[A] mtalk.google.com from pc
Jan 29 16:31:00 dnsmasq[9917]: forwarded mtalk.google.com to 208.67.222.123
Jan 29 16:31:00 dnsmasq[9917]: query[A] mtalk.google.com from pc
Jan 29 16:31:00 dnsmasq[9917]: forwarded mtalk.google.com to 1.1.1.3
Jan 29 16:31:00 dnsmasq[9917]: forwarded mtalk.google.com to 208.67.222.123
Jan 29 16:31:00 dnsmasq[9917]: validation result is INSECURE
Jan 29 16:31:00 dnsmasq[9917]: reply mtalk.google.com is <CNAME>
Jan 29 16:31:00 dnsmasq[9917]: reply mobile-gtalk.l.google.com is 173.194.76.188
Jan 29 16:31:01 dnsmasq[9917]: query[A] autoupdate.geo.opera.com from pc
Jan 29 16:31:01 dnsmasq[9917]: cached autoupdate.geo.opera.com is <CNAME>
Jan 29 16:31:01 dnsmasq[9917]: cached us-autoupdate.opera.com is 37.228.108.132
Jan 29 16:31:01 dnsmasq[9917]: cached us-autoupdate.opera.com is 37.228.108.133
Jan 29 16:31:01 dnsmasq[9917]: query[A] auth.grammarly.com from pc
Jan 29 16:31:01 dnsmasq[9917]: forwarded auth.grammarly.com to 208.67.222.123
Jan 29 16:31:01 dnsmasq[9917]: query[A] auth.grammarly.com from pc
Jan 29 16:31:01 dnsmasq[9917]: forwarded auth.grammarly.com to 1.1.1.3
Jan 29 16:31:01 dnsmasq[9917]: forwarded auth.grammarly.com to 208.67.222.123
to the file /etc/pihole/pihole-FTL.conf (create if it does not exist) and run
pihole restartdns
Next time a Unknown (0) message appears, check again the pihole.log file like you did before (there should be additional output behind each log line.
Also, check /var/log/pihole-FTL.log which should contain log lines like:
[2021-01-31 10:46:50.992 1470315M] **** new UDP query[AAAA] query "discourse.pi-hole.net" from enp2s0:192.168.2.2 (ID 688, FTL 18129, /home/me/FTL/src/dnsmasq/forward.c:1623)
[2021-01-31 10:46:50.993 1470315M] discourse.pi-hole.net is known as not to be blocked
[2021-01-31 10:46:50.993 1470315M] **** got cache answer for discourse.pi-hole.net / / <unknown> (ID 688, /home/me/FTL/src/dnsmasq/rfc1035.c:1752)
Find the ID corresponding to your query from this message (ID 688 in the example above) and grep for it like
grep "ID 688" /var/log/pihole-FTL.log
This should give us a better understanding of what may be missing here.
that's still just the last 100 queries. which is btw why I don't see the point of having both 100 and all in the dropdown.
I usually do this and sort by status, the unknowns are at the top once you sort by status no matter how many are showing below it.
Show all is a link you can click on. I see the dark theme seems to make clickable links invisible. You may be missing a lot more on the web interface due to this...
edit I checked the theme and this link seems to be the only one that is "hidden". I will set up a pull request to fix this in the next release.
oh, that text.... my bad, it's my dark reader plugin's fault.
maybe make this switch a checkbox next to the number of entries to show?
like "show (10) of 100/all". just a suggestion.
anyway, nothing so far, and I restarted my pihole after the last one happened on the 29th so we have a whole week of data. we'll see next weekend if this doesn't come back then it may have been something left in memory that needed a restart after the update.