Please follow the below template, it will help us to help you!
Expected Behaviour:
The log should not be spammed with query-PTR every 30 sec (or less).
Actual Behaviour:
tail -f /var/log/pihole.log | grep PTR gives me
Aug 10 14:24:46 dnsmasq[59586]: query[PTR] lb._dns-sd._udp.141.255.5.10.in-addr.arpa from 10.207.244.2
Aug 10 14:24:46 dnsmasq[59586]: query[PTR] lb._dns-sd._udp.47.255.4.10.in-addr.arpa from 10.207.244.2
Aug 10 14:24:46 dnsmasq[59586]: query[PTR] lb._dns-sd._udp.6.0.0.192.in-addr.arpa from 10.207.244.2
Aug 10 14:24:46 dnsmasq[59586]: query[PTR] lb._dns-sd._udp.0.1.168.192.in-addr.arpa from 10.207.244.2
Aug 10 14:24:46 dnsmasq[59586]: query[PTR] lb._dns-sd._udp.0.244.207.10.in-addr.arpa from 10.207.244.2
And at the end of the day, my phone (that uses pivpn) gets "Top Client" with 90% of the queries.
About 22000 requests atm, and 2700, 2700, 2500, 2500, 2500 each are "lb._dns..." type of queries.
No other client has these many requests, so it leads me towards pivpn (wireshark) doing stuff...
This is a fresh install a few days ago. And i have added the unbound to do recursive dns lookups.
This guide: unbound - Pi-hole documentation
Maybe this is usual, but maybe you "dont show" these in logs?
Debug Token:
[Replace this text with the debug token provided from running pihole -d (or running the debug script through the web interface]
This is not the expected behavior. Pi-hole responds to whatever queries come its way, and in this case you are getting mDNS queries, typically associated with the Apple Bonjour protocol.
I note that you are using unbound with Bullseye. May cause a problem (not specifically with mDNS, but with all queries).
You only show the filtered log for PTR. Please post a few lines that show an entire query, forward and reply. We're checking here to ensure your upstream DNS server is responding properly. It should look something like this with unbound:
Aug 10 00:43:37 dnsmasq[665]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.135
Aug 10 00:43:37 dnsmasq[665]: forwarded lb._dns-sd._udp.0.0.168.192.in-addr.arpa to 127.0.0.1#5335
Aug 10 00:43:37 dnsmasq[665]: reply lb._dns-sd._udp.0.0.168.192.in-addr.arpa is NXDOMAIN
The expected reply is NXDOMAIN, since this domain does not exist on the internet. It's a local service.
I will note that with a house full of IOS devices, I see just a few hundred of these queries in a day:
Sadly the issue remains, my iPhone (through vpn) is doing about 1100 queries in 24h (times 5) to these lb._dns stuff :/. Even after the above mentioned fix.
How can I further give you information that could help me?
These are mDNS queries, related to the Apple Bonjour protocol. These are generated at the client, and your unbound configuration will not affect Pi-hole's ability to provide an answer to the queries.
The change you should have made to unbound is to remove this file and prevent repopulating:
The Bonjour issue is not related to your unbound Pi-hole installation or configuration (it was a separate issue noted). If you run IOS and MacOS devices, you are going to get these queries, none of which Pi-hole can resolve. Examples from my dnsmasq log - at the time everybody in the house was sleeping:
Aug 13 04:04:02 dnsmasq[1212]: query[PTR] lb._dns-sd._udp.0.0.168.192.in-addr.arpa from 192.168.0.132
Aug 13 04:04:02 dnsmasq[1212]: forwarded lb._dns-sd._udp.0.0.168.192.in-addr.arpa to 127.0.0.1#5335
Aug 13 04:04:02 dnsmasq[1212]: reply lb._dns-sd._udp.0.0.168.192.in-addr.arpa is NXDOMAIN