Is it normal for pihole to randomly query domains with the client set to pi.hole?
I noticed quite a few AAAA A queries from pi.hole but also stuff like .local domain queries and so on that all have pi.hole itself as the client is this normal behavior?
Please provide some examples for those requests, e.g. by sharing a screenshot.
(At Discourse, you can paste images straight in a post.)
Most of them are DS replies which i think is part of dnssec but then are things like these
now i do have devices in my network for which it would make sense to send those queries but not for the pihole itself i think
Now some of these probably are other containers on the raspberrypi i got a jellyfin instance on that running too but that doesn’t really explain the brave and discord queries
They seem to be randomly picked from queries other devices that use the pihole would make
What is the IP of the client? I think it will be another container (or maybe ::).
Please click on the table row to show the details and check which IP is making the query:
In my case, queries from pi.hole are coming from another container on the same host.
maybe but the healtcheck queries of my unbound container are specifically logged as localhost (also need to change that since it makes no sense for the unbound container to query the pihole)
other possibilty is that maybe some freak race condition causes it to misslable the query?
also i see it suddenly make queries of a different search domain that cannot be even reached by the pihole itself (but one of the clients probably queried it before)
well for now i have disabled all the other containers and will just see what happens.
this one keeps coming up for some reason
| 2a4bdae240342194b734ed184604eb50f3226052ee33add4cac3b43efce7a3d.us-east-1.prod.service.minerva.devices.a2z.com |
|---|
its on my blocklist and appearantly an amazon telemetry service but why does my pihole ask for it interrestingly instead of asking for it as localhost basically it the resquest comes from a piv6 adress associated with the pihole
wait no this is another device that for some reason associcates with the hostname pi.hole wtf how did that happen
i figured that out by searching the network list for the ipv6 adress and it has a huge list of different hostnames associated with ipv6 adresses including 1 with pi.hole
gonna flush the network table and see if that helps
There actually has to be some kind of weird race condition going on here i just watched a query get attributed to a client that i know cannot possible have issued that query simply of how specific that domain is. Either from the DHCP server its getting the info from or in pihole
To be fair trough this happened directly after a network tab flush
I appreciate your desire to explore a chain of thought for the benefit of the forum, but please use the edit feature (pencil icon at the bottom of your post) to edit your post and save a draft and keep coming back to it and updating it until you feel you've captured the whole idea, what you tested and the results, in a single post.
The idea being to keep topics more concise for others to read instead of posting each thought as it comes to you. Please don't take that the wrong way, your ideas and testing are appreciated.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
