I have a IPv4 only network and would like to block all AAAA queries (~20% of total queries). They will not be of use for any client but increase network traffic anyway.
What network devices that don't have IPv6 addresses are making AAAA queries?
Much of this is cached in your screenshot so
is likely quite exaggerating the real numbers:
4/20 = 20% of the queries in your screenshot are really forwarded. Taking your 20% of the total share and multiplying this by the 20% of AAAA queries being forwarded further decreases with number to 4% in total.
I do not want to trample down your request but first try getting real numbers, maybe from the database by counting the number of queries with status = forwarded and type = AAAA and divide this by the total number of queries.
If the numbers really turns out to be low, the developers should invest their limited time into something else (personal opinion only!)
sqlite3 /etc/pihole/pihole-FTL.db "select status, count(status) from queries where type=2 group by status;"
1|1559
2|14606
3|34105
4|39
5|24
https://docs.pi-hole.net/database/ftl/#supported-query-types
So it's 20% of all queries are AAAA and 40% of those are forwarded (~14.00/34.100)= total of 8% of all queries are useless network traffic.
How do you conclude this? The client asked for an IP address and received one.
1 Like
They are not able to connect to this IP address as I don't have IPv6.
What is your setting for AAAA_QUERY_ANALYSIS
It's not set, so defaults to yes. But this option doesn't influences the ability to resolve AAAA but only to analyze them (as discussed here). Even with AAAA_QUERY_ANALYSIS=no clients can still resolve AAAA but it is just not shown in the dashboard (and maybe not saved in the database).
Did you compute status forwarded / cached ? That does not make any sense.
Percentage of forwarded AAAA queries relative to all AAAA queries is rather:
14606 / (1559+14606+34105+39+24) = 29 %
with 29% forwarded AAAA, this gives roughly 6% forwarded AAAA
How do you know the effect on clients of blocking their AAAA queries? Will they go into a query frenzy looking for a reply, adding more DNS traffic to the network? It seems to me the simplest solution in the short term is to set AAAA_QUERY_ANALYSIS=NO and free up Pi-hole from analyzing and storing these requests. Even if they happen on the network, it's a very, very tiny fraction of the overall network activity.
2 Likes
They are requesting AAAA records, we give them what they request.
You're right. I must have had a blackout.
I have a larger saved dataset of queries and also there I get 34% forwarded AAAA (double checked).
This is the pessimistic view. The optimistic view is they stop querying. It's the same as now blocking an A record for a specific. domain. Some clients will desperately try to resolve, but most don't.
I don't give my clients access to the flurry.com A record - what's the difference to block every domain for AAAA records?
You block flurry.com so the client gets a response of 0.0.0.0 or NXDOMAIN or ::, but it gets a response.
If you don't want the queries to happen then fix the clients so they stop asking for them.
Maybe I have to rephrase my FR.
Returning NXDOMAIN or :: as response to any AAAA query is what I want.
This might be impossible to many IoT devices.
If that's the FR then it won't happen.
Why not?
It's useless.
Could you please elaborate a bit more?
Yeah, it will do absolutely nothing for anything.
Can you please elaborate as to what you think it will do?