Pihole running on a VM - lots of requests from VM host to pihole

@DiWiT Try this suggestion.

It appears that your Windows host (192.168.1.220) is repeatedly issuing reverse DNS (PTR) queries for its own IP address (222.1.168.192.in-addr.arpa) to your Pi-hole server (192.168.1.222), leading to rate-limiting issues. This behavior is often due to the Windows system attempting to resolve its own IP address, possibly for network identification or logging purposes.​

Steps to Mitigate the PTR Query Flood

1. Assign a Static Hostname in Pi-hole's DHCP Settings:

• Navigate to Pi-hole's admin interface.
• Go to Settings > DHCP.
• Under Static DHCP leases, assign a hostname to the Windows host's MAC address.
• This ensures that reverse DNS lookups for 192.168.1.220 return a valid hostname, potentially reducing repeated queries.​Pi-hole Userspace

2. Disable Conditional Forwarding (if enabled):

• In Pi-hole's admin interface, go to Settings > DNS.
• Ensure that Conditional Forwarding is disabled.
• Conditional Forwarding can sometimes create loops, causing excessive PTR queries.​Pi-hole Userspace+4Pi-hole Userspace+4Pi-hole Userspace+4Pi-hole Userspace+1GitHub+1

3. Adjust Pi-hole's Logging Behavior:

• Edit the Pi-hole FTL configuration file:

sudo nano /etc/pihole/pihole-FTL.conf

• Add the following line to limit logging to A and AAAA queries:

ANALYZE_ONLY_A_AND_AAAA=true

• Save the file and restart Pi-hole's DNS resolver:

sudo pihole restartdns

• This change reduces log clutter but does not stop the PTR queries themselves.​Pi-hole Userspace+6Pi-hole Userspace+6GitHub+6

4. Check for Duplicate MAC Addresses:

• Ensure that the virtual network adapter of your Ubuntu VM has a unique MAC address different from the Windows host.
• Duplicate MAC addresses can cause network confusion, leading to excessive ARP and DNS traffic.​

5. Review Windows Host's Network Configuration:

• On the Windows host, check for any services or applications that might be causing repeated reverse DNS lookups.
• Use tools like Process Monitor or Wireshark to identify processes generating these queries.​

6. Implement DNS Query Rate Limiting:

• In Pi-hole's admin interface, go to Settings > DNS.
• Adjust the Rate Limit settings to a level that balances between preventing abuse and allowing legitimate traffic.​

By following these steps, you should be able to mitigate the excessive PTR queries from your Windows host to the Pi-hole server. If the issue persists, consider exploring further network diagnostics or consulting Windows-specific forums for additional insights.​