Please follow the below template, it will help us to help you!
Expected Behaviour:
to run normal like it has for years
Actual Behaviour:
flooding the query with TXT and NODATA reply for Cisco.com and Adobe.com from router(?) until it fills up my sd card. log files can reach 22GB.
looks like
08:02:29: query[TXT] cisco.com from 10.0.0.1
08:02:29: exactly blacklisted cisco.com is NODATA
08:02:29: query[TXT] cisco.com from 10.0.0.1
08:02:29: exactly blacklisted cisco.com is NODATA
08:02:29: query[TXT] cisco.com from 10.0.0.1
08:02:29: exactly blacklisted cisco.com is NODATA
08:02:29: query[TXT] adobe.com from 10.0.0.1
08:02:29: forwarded adobe.com to 1.0.0.1
08:02:29: reply adobe.com is NODATA
08:02:29: query[TXT] adobe.com from 10.0.0.1
08:02:29: forwarded adobe.com to 1.0.0.1
08:02:29: reply adobe.com is NODATA
08:02:29: query[TXT] cisco.com from 10.0.0.1
08:02:29: exactly blacklisted cisco.com is NODATA
08:02:30: query[TXT] cisco.com from 10.0.0.1
08:02:30: exactly blacklisted cisco.com is NODATA
08:02:30: query[TXT] adobe.com from 10.0.0.1
08:02:30: forwarded adobe.com to 1.0.0.1
08:02:30: reply adobe.com is NODATA
08:02:30: query[TXT] adobe.com from 10.0.0.1
08:02:30: forwarded adobe.com to 1.0.0.1
08:02:30: reply adobe.com is NODATA
08:02:30: query[TXT] cisco.com from 10.0.0.1
08:02:30: exactly blacklisted cisco.com is NODATA
08:02:30: query[TXT] adobe.com from 10.0.0.1
08:02:30: forwarded adobe.com to 1.0.0.1
08:02:30: reply adobe.com is NODATA
08:02:30: query[TXT] cisco.com from 10.0.0.1
08:02:30: exactly blacklisted cisco.com is NODATA
08:02:30: query[TXT] adobe.com from 10.0.0.1
08:02:30: forwarded adobe.com to 1.0.0.1
08:02:30: reply adobe.com is NODATA
Things I have tried to do. Switch to unbound. flush logs, delete logs, completely uninstall and reinstall pihole, reset router. Changed wifi password to see if it was coming from another device (only thing ethernet into router is the pihole), reboot pi/router/modem.
I can not for the life of me figure out what is going on. Why is the router trying to access those sites and why is it TXT and why is it getting NODATA and why is it doing this millions of times. Nothing I do changes anything. Was literally hands off worked fine for years until recently. This is a normal installation on a raspberry pi connected via ethernet
If I make my router the DNS but keep the DHCP on the router the querys for Cisco and Adobe stop. As soon as I switch it back to the Pihole it starts again right away.
if I type in
sudo service dnsmasq status -l
i get
Unit dnsmasq.service could not be found.
pi@raspberrypi:~ $ sudo systemctl status dnsmasq
Unit dnsmasq.service could not be found.
Another thing we should look at. Are all the queries to your Pi-hole shown as originating from your router, or do you see individual clients or IP's in your query log and dnsmasq log?
What are the outputs of the following from the Pi terminal:
I have nextcloud installed on the pi as well, ports 80,443 are open but ssl. they've been running together for years without any issues until recently. I haven't upgraded or changed the firmware that I know of
So I had the router doing dns/dhcp and ran what you asked for which was is the first ones. And then I switched the dns/dhcp to the pihole and immediately it started with Cisco/adobe and hasnt stopped
so right now I have the router "use isp" for the dns, but I have the DHCP box on the router unchecked. On the Pi I have DHCP checked. looking at the querys it seems to be blocking and on my devices it seems to be blocking... but its not doing the cisco/adobe. no f'in idea why that seems to be working when I dont have the pihole address in the dns on the router.
How do I use Pi-hole's built in DHCP server (and why would I want to)? according to this page, I only have to make pihole my DHCP server and it'll work. I wonder by making it my DHCP server AND pointing my router to use it as a DNS server as well it was creating some sort of loop?
The way I use to have it setup for years was in the "internet" setup section on netgear it asks "Domain Name Server (DNS) Address"
Get Automatically from ISP
Use These DNS Servers
where you would check the box and put in the pihole address.
and then under the LAN setup I would uncheck the box that said "Use router as DHCP Server"
then on the pihole I would check the box that says "DHCP server enabled"
currently under "internet" setup I have the box checked that says "get auto from ISP", under LAN setup I have the box unchecked still that says "Use router as DHCP Server" and on the pihole I have the box checked "DHCP server enabled"
not sure how that is different but its not spamming cisco/adobe like it was before. As soon as I check the box "Use These DNS Servers" with the pihole address it starts spamming again.
Again I used those settings for years, my brother uses the same settings with no issues. No idea why it started all the sudden.
Sorry for this stupid question, but how would you ever word that question in a router forum? and as long as the pihole is doing the DHCP its ok if I dont have the router pointed to my pihole for DNS? I really appreciate your time