Only Apple devices spam with "in-addr.arpa" requests

Expected Behaviour:

Pi-hole not sending the “in-addr.arpa” requests to an upstream provider.

Actual Behaviour:

Close to 90,000 of these requests per day sent to 9.9.9.9. (return: NXDOMAIN)
oh btw, 90% of these are from 2 iPhones and the rest from 2 iPads.

CONFIG:

Router = DHCP server that shares the Pi-hole IP for DNS
Router itself uses Pi-hole as DNS

Pihole: v5.17.2
OFF: Conditional forwarding (tested with 'ON' - same result)
ON: Never forward non-FQDN A and AAAA queries
ON: Never forward reverse lookups for private IP ranges
ON: Allow only local requests
Upstream DNS: Quad9 (filtered, DNSSEC)
Local DNS names: configured in Pi-Hole

Why doesn’t Pi-hole know that there is NO USE in sending these “in-addr.arpa” requests to an upstream DNS provider?
I don’t want to see them in my logging and don’t want them send upstream.

After spending hours trying to find the cause I have to consult the experts :slight_smile:
Any suggestions on what I should do in my config?

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

These are DNS Discovery Service requests, common with the Apple Bonjour protocoal.

They can't be resolved by an upstream DNS provider. The clients are looking for answers from other devices on your LAN.

sent 1:1

I need smarter devices on my LAN :slight_smile:
These services are fine but I guess they should never be send to an upstream provider, right?

Were you able to see anything in the debug info?

I'm curious about a few things.

  1. Are Service Discovery queries different to PTR? I can't find a clear answer on this – it seems that PTR might be classed as a form of service discovery.
  2. Is Pi-hole seeing actual PTR queries or is it interpreting what it sees as PTR queries?
  3. Should the queries shown in the opening screenshot be sent upstream where they will natually receive a NXDOMAIN, when they relate to hosts on a private subnet?
  4. Is Pi-hole sending these queries upstream, or is this a presentation 'bug', in that Pi-hole's presentation only deals with rendering all queries as blocked, returned from cache or sent upstream?

Basically I'm trying to clarify exactly what events are taking place here and whether the behaviour seen is correct. I'm so used to seeing local devices generate apparent PTR requests for local devices that I'd never considered if or why these might end up sent upstream or whether that should be happening.

1 Like

Team,

@rdwebdesign
Any updates or should I ask somewhere else or do something else?

Cheers!
DJ

Can you please generate a new debug log?
The previous one is long gone (they are automatically deleted after 48h and only developers and moderators are able to read them).

@rdwebdesign Thank you, I will add the info in the next few minutes

Here's the debug log: https://tricorder.pi-hole.net/HUWCtBhj/