Option to block/not forward all AAAA queries

How much? In actual, measurable numbers like total bytes. Less than 1MB?

This is not a view, it's a question. This is a feature request of unknown benefit, and a question of whether the feature would actually accomplish the desired goal.

Since 09.06.2020 I had 14606 forwarded AAAA queries. If response size is just 512 Byte it would have saved 14606x512/(1024x1024)=7,13MB.

When we implement this, requests will maybe arise to add this for other queries as well. For a second, I thought about adding a query-type-dependent regex extension. But this would be a lot of work and I don't see a justification for this right now.

I was thinking more in the direction of what you did with extending the possible types of client assignments (IP, subnet, MAC, interface, vendor, query type). Not sure if technically feasible at all at this place.

Not at all. Clients and queries are entirely different things. The per-client filtering could not even be abstracted for this.

Ok, thanks.

Just a follow up: I had a look at the ten most forwarded domains, making up ~70% of all forwarded AAAA queries. Not as single answer with only 512 bytes, they were all 1472 or 4096 bytes. The most common query was www.google.com (6300x) with 4096 bytes.

So the network traffic is likely to be 3 - 8x bigger than the calculation above.

www.google.com has a TTL of 300 seconds, so 6300 x 5 minutes = 525 hours of continuous google usage since June 9th. That is pretty impressive. Or was this over an entire year (=whole database)? Even is so, this roughly means two hours of Google a day. It is not unrealistic in itself, however, maybe still a bit extreme.

No just since June 9th. Two chromcast devices...
Actual "usage time" was maybe 2 hours.

How does it look for the Google domain without sorting by status?

This adds an option to limit regular expressions to specific query types:

You could try this with an regex + query type AAAA:

;querytype=AAAA

Note that this is still an experimental feature and may not fully work under all circumstances. However, I'm thankful for reports if something doesn't work.

1 Like

Thanks for the implementation.

I'll tried with .*;querytype=AAAA and it started working immediately.

I'll report back findings in a few days.

Blocking all AAAA queries for almost 24h now (since morning 07.07.2020).

I neither observe clients going crazy nor clients stopping queries AAAA records. They are just blocked, the amount of queries didn't change.

sqlite3  /etc/pihole/pihole-FTL.db -separator "," "Select count(domain), strftime('%Y-%m-%d %H',timestamp, 'unixepoch') from queries where type=2 group by strftime('%Y-%m-%d %H',timestamp, 'unixepoch')"

I think this is expected. IPv6 is to be preferred on the web for good reasons so you should always check if there is a way to connect via IPv6. If the system is lacking any IPv6 connectivity but is still doing AAAA lookups, then this could be considered a bug in the corresponding application.

5 posts were split to a new topic: Bug Reporting at Google

12 posts were split to a new topic: How to use AAAA_QUERY_ANALYSIS flag

Implemented with the improved regex engine in Pi-hole Core/Web v5.2 and FTL v5.3 released!