Query Log 99% of PiHole HostName from Router

Expected Behavior:

Log should only show ALLOWED / DENIED requests.

Actual Behavior:

Most of the log is (Client = Router) looking up the PiHole Server for DNS Entry (Domain = Pi_HostName)


I noticed this when setting up a preprod network to test before switching out all my networking gear. I think it is due tot he fact I'm not using the standard "192.168.X.X" setup and using a custom SUBNET. Is there a way to filter this? I saw some stuff on rfc6761.conf but can't find custom setups via the Googles to set up the filter by IP Address (or hostnames).

Any help is appreciated and thank you in advance!


I'm not sure if its helping. The Type for the Local hosts is 'A'. I've tried `ANALYZE_ONLY_A_AND_AAAA' in both true and false and still get rekt on the logs. I have a screenshot here.

As your lan.nekroval is sending a legit query for lan.dns that is answered with an IP in return, you'd have to find out why your lan.nekroval client is making those requests and then look for ways to control that client's behaviour.

That's the router... PiHole is not the DHCP server so it only shows router accessing it (which is fine). The entry LAN.DNS is the Raspberry Pi (PiHole).

lan.dns: PiHole DNS Server
lan.nekroval: Router (all requests for DNS are routed to PiHole)

Note: Again, this happens when I don't use the standard 192.168.x.x as the IP Range on the Network.
Note: There's so many because we have 50+ devices on that router alone.

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log


It was a PC on the network freaking out about DNS entries...
Actually, its the piHole admin site causing it... so #VISIBLE_CONFUSION.

If I use the IP for the Pi to access the admin page... no entries at all.
If I use the host defined in lan.conf (custom file). it spams the hell out of it while the page is open.


// Notes
I'm running a custom config file to respond to local network calls for PC Hosts... Since I run Windows and Linux, them talking to each other is a pain, so I created a config list of all the hosts (by IP) and each computer can now use all the host names in the same format.

//etc/pihole/lan.list #sample lan.nekroval << Router lan.dns << DNS Server (PiHole) lan.XX lan.XX lan.XX lan.XX

I had multiple PCs and an iPad watch the tail.log... and whenever ANY DEVICE has the dashboard open, it spams dns server. I've narrowed it down to the dashboard. Every time the script updates the metrics at the time, it adds another query.

So, assuming website closes the connection and reopens it per update?

Does this also happen when using http://pi.hole/admin ?

The recent pihole-FTL v5.9 extended interface-dependent handling of pi.hole and the machine’s hostname, enabling Pi-hole to reply with different addresses on different interfaces (as opposed to handling only the configured interface as before).

Starting with the most recent pihole-FTL v5.10, you can control how Pi-hole will reply with an address for which a local interface exists, by appropriately configuring PIHOLE_PTR in your /etc/pihole/pihole-FTL.conf.

pi.hole/admin doesn't do it...
This is strange cause I remember on an older build, pi.hole was defined somewhere, but going through all the CONF files I don't see it anymore (even in /etc/hosts). So... where is pi.hole coming from?

My PiHole is setup to answer custom URI within a CONF file, so I'm not sure this option would not work unless the devs foresaw people doing weird custom dns records for machine hosts like me :stuck_out_tongue:

// Example Machine Host
PC20 << PC Hostname in Windows / Linux
lan.pc20 << PiHole conf configuration

I forgot about the pi.hole URI so I'll just use that. Thanks for all the help tho. I was more worried about machines getting caught in a DNS loop and wrecking the network. lol.

I think they did:

  • NONE Pi-hole will not respond automatically on PTR requests to local interface addresses. Ensure pi.hole and/or hostname records exist elsewhere.

See if using PIHOLE_PTR=NONE -along with your custom conf -would alleviate your issue. Don't forget to manually add a pi.hole record as well.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.