I'm attempting to use portmaster on my windows machine in combination with my pihole on the network, which gives me an overview of all the programs and inbound/outbound connections that happens on my computer, and also with it's own set of features of blocking connections from them via filter lists similar to the blocklists of pihole. My router is set to use the pi as it's DNS and i'm using my router as DHCP.
Portmaster would normally want to route DNS through another upstream, but I have tried configuring it to use Pi's instead with dns://192.168.39.153:53?name=Pi.hole&blockedif=zeroip (Pihole) which hopefully should be correct per the instructions here: DNS Configuration - Safing Docs
However i'm now getting many pages worth of of _ldap._tcp.dc._msdcs queries from the address of my computer after setting this up. Is this expected behaviour, and if so would there be any way of ignoring this from the log somehow?
Total amateur here. If it wasn't happening before installing portmaster it is going to be a portmaster issue. Is your pc a member of a domain and portmaster is blocking access to your domain controller? Portmaster support seems to use https://www.reddit.com/r/safing/
I gave Portmaster a try as it seemed to be interesting. After configuring it to use my Pihole for DNS I gave it a whirl for a few hours. I didn't find any _ldap._tcp.dc._msdcs queries on my pihole. I did see a lot of _ldap._tcp.dc._msdcs entries with ignored next to them in the debug log. Have you made other changes from the default like open access to the rest of your network. Perhaps you need to reset the config to default and then re-add your DNS to see if it still does it and then change it one step at a time. I uninstalled Portmaster because it slowed down my browsing dramatically. The first page of every website was taking 30 seconds as if DNS was dialup speeds.
That's helpful. Was it tied to a domain, if so what was it?
_ldap._tcp.dc._msdcs.jensen.local for me is just a NXDOMAIN so it's pretty much just log clutter it seems. I don't know how your pihole seems to be able to ignore them.
I put it on a blacklist yesterday so it wouldn't completely overwhelm the recent page, and it's been just ramping down considerably it seems, it now only sometimes shows up so i've taken it off the blacklist. Not sure why. Can't find anything about it in the debug log either when i generate it either.
How do you mean?
That's unfortunate, doesn't do anything like that on my end.
Portmaster's default looks to isolate your pc from the rest of the local network. My _ldap._tcp.dc._msdcs queries in the debug logs were appended to my domain name and appeared to be coming from other machines on my network (multiple IPv6 addresses)hence why Portmaster was ignoring them.
I at one point made an incoming rule within the network noise "app" section for the local address of my router and my pihole, because they were listed there as being blocked, but i removed them later. Maybe at some point that fixed it down the line..
Right now everything is set at default and i havent seen the query listed for a while now. I'm still curious to what was happening though, hoping the portmaster devs will get back to me.
I completely forgot i also turned off ipv6 within my windows network controller, and it started flooding again as soon as i ticked it back on within the network adapter. So that's interesting to know. I'm going to disable it again considering it's not supported for my ISP.