ATT Fiber modem (HUMAX BGW320-500) --> Netgear Orbi Router (RBK852) --> other wired devices and Pi-hole connect to router (nothing but the router connected to the modem). I've got the modem set up to passthrough IP to the router, but do not have cascading router setup.
The modem and router are both new, as we moved recently. As such, I did a fresh re-install of Pi-hole, and had to change the IP because the address of the modem is a 192.168.1.xxx setup, and the router was 10.0.0.xxx. I've got the router as the DHCP server, and the DNS in the router points to the Pi-hole, so normally the only device showing as passing queries to the Pi-hole is the router (10.0.0.1).
It seemed like everything was working OK, but there were weird little issues going on. Certain sites wouldn't load (DNS error), so I tried changing my default DNS a few times, tried adding a secondary DNS in the router (8.8.8.8), and things seem to be working consistently now. However, today I noticed a weird device querying the pi-hole today:
Anyone have any idea what's going on with this? Have I been hacked? Let me know if you need to see anything else in my router settings, modem settings, pi-hole settings, etc.
Thanks! That’s reassuring. Is there any documentation about this? I don’t remember noticing it before at my old place (but may have just seen it, I guess).
I’d just like to understand what that localhost “device” is, and why it’s doing some queries, and why the domains are all the same. Thanks again.
Any computer will use the name localhost to refer to itself. That device you see there is the Pi-hole itself. lo is the loopback interface, any traffic leaving that interface will loop right back to the device itself.
You didn't mention which domain it queries, but I assume its a PTR request for 1.0.0.10.in-addr.arpa. Notice how the first part of that domain is the IP address of your router in reverse. These PTR queries are a reverse DNS lookup, they will return the hostname of the IP in the domain.
Your Pi-hole tries to discover the hostname of your router.
Pi-hole uses a globally available MAC address database to improve your experience helping you to identify networks by suggesting a vendor of the device.
