Hi! I'm running Pi-hole on a Raspberry Pi 4B 4GB with Raspbian. I combined Pi-hole with unbound and PiVPN. I also use it as a DHCP server. For a couple of months my queries have been flooded by the infamous .in-addr.arpa PTR requests. Because everything else seems to work normally I never bothered with this annoyance until now but I really want to solve it since it makes my statistics unreadable and because I worry something else might be broken. Yesterday I updated Pi-hole to the latest version (after approximately 4 months without updating) and this warning started showing off:
What is also weird about all of this is that the requests are made by the IP 192.168.32.2. I have no idea which of my devices uses that IP. I've seen threads of other people with the same problem but I couldn't find any way to solve it. I don't have Conditional Forwarding enabled so I don't think that could be a problem. I reviewed my modem settings and everything seems to be normal.
I'll leave you guys with some screenshots of the dashboard that may be useful:
To be honest I don't know what a VLAN controller is. Besides, as I mentioned, this has always happened even since I installed Pi-hole. I don't know if the culprit is some device in my home.
Edit: I checked the DHCP leases and there are no devices with the IP 192.168.32.2. They are all in the 192.168.0.x range (as expected).
Oh, I misunderstood! I'm not sure how to check what range it uses but I don't remember changing it so it must be the default range. My devices are on the 10.6.0.x range so I guess that's it.
If that's true, I have no idea where the client is coming from.
Did you have changed your network network range in the past from 192.168.32.XX? Do you have any device with you might have setup with a static address of 192.168.32.2?
No and no. The only thing I did recently was update pihole with pihole --up. I think the culprit might be the raspberry pi or the modem at most, I don't think there's another device doing this. I don't know why it would make all these requests either.
Edit: Using nmap I couldn't find any device on the 192.168.32.x range...
Looking at your debug log, it would seem you are running Docker, and you've configured multiple bridge interfaces on the machine hosting Pi-hole:
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] fbvverifier.mypi.co is 0.0.0.0 on lo (127.0.0.1)
[✓] fbvverifier.mypi.co is 0.0.0.0 on eth0 (192.168.0.143)
[✓] fbvverifier.mypi.co is 0.0.0.0 on wg0 (10.6.0.1)
[✓] fbvverifier.mypi.co is 0.0.0.0 on br-1f4682455984 (192.168.16.1)
[✓] fbvverifier.mypi.co is 0.0.0.0 on br-2a7e3b2d0ef1 (172.31.0.1)
[✓] fbvverifier.mypi.co is 0.0.0.0 on br-69a0913290ab (192.168.32.1)
[✓] fbvverifier.mypi.co is 0.0.0.0 on br-bac88f335aae (172.30.0.1)
[✓] fbvverifier.mypi.co is 0.0.0.0 on docker0 (172.17.0.1)
[✓] doubleclick.com is 172.217.173.142 via a remote, public DNS server (8.8.8.8)
Did you perhaps configure a 192.168.32.0/24 network somewhere in your Docker environment, where one of your running containers may claim that .2 ?
Ohhh I am running multiple docker containers. When I run docker network ls this is the output:
NETWORK ID NAME DRIVER SCOPE
874f4ef000af bridge bridge local
69a0913290ab homeassistant bridge local
b3621459626d host host local
2a7e3b2d0ef1 nextcloud bridge local
8996179956d5 none null local
1f4682455984 portainer bridge local
bac88f335aae swag bridge local
It seems that homeassistant is using this IP, since on the debug log br-69a0913290ab is associated to the IP 192.168.32.1 and homeassistant is running on network 69a0913290ab. I'll check if there's any config I can change for homeassistant but I'm not sure what it could be doing. I am also running swag as a reverse proxy and jellyfin on the host network, I don't know if that may influence anything.
