Recent Queries show . [dot] Domain searches a lot

My Pi-hole is running fine into a docker container but looking into the Query-log there is a lot of queries from just a single dot '.' as domain. The query is coming from the container itself but what is querying and why?

This started very recently with me as well, running Pi-Hole in Docker on DietPi.

I found this post: Single dot domain/DNS root zone query issue with containerized wireguard - #29 by armujahid which I've now implemented, I'll report back if this solves the issue.

Are you running any other docker container with pihole?

For me this problem only occurs if I run additional containers with containerized pihole. Accepted solution has a limitation mentioned at Single dot domain/DNS root zone query issue with containerized wireguard - #30 by armujahid

1 Like

Thanks for the input @armujahid .

I've tried the suggested solution for a short while and the problem persists.
Given that it introduces the limitation you mention, I reverted to my initial docker-compose config.

I am indeed running Unbound in docker.
My docker-compose file can be seen below, and has not been altered for months. Also, the Unbound docker image has not been updated for weeks.

 version: "2.1"
 
 services:
   pihole:
     container_name: pihole
     image: pihole/pihole:dev
     hostname: *HIDDEN*
     networks:
       default:
         ipv4_address: 172.16.0.2
     environment:
       TZ: 'Europe/Brussels'
       DNS1: '172.16.0.3'
       DNS2: '172.16.0.3'
       WEBPASSWORD: '*HIDDEN*'
     volumes:
       - '/data/pi-hole/unbound:/opt/unbound/etc/unbound:rw'
       - '/data/pi-hole/etc-pihole:/etc/pihole'
       - './etc-dnsmasq:/etc/dnsmasq.d'
       - '/etc/localtime:/etc/localtime:ro'
     restart: unless-stopped
 
   unbound:
     container_name: unbound
     hostname: unbound
     image: klutchell/unbound:latest
     volumes:
       - ./unbound-conf:/etc/unbound/custom.conf.d
     networks:
       default:
         ipv4_address: 172.16.0.3
     ports:
       - 5335:5335/tcp
       - 5335:5335/udp
     restart: unless-stopped
 
 networks:
   default:
     driver: bridge
     ipam:
       config:
         - subnet: 172.16.0.0/24

I've discovered the source: to identify if certain devices are 'online' on the home network, I started pinging these devices on a regular basis. To do so, I used their local domain name (e.g. laptop.lan) instead of their IP address, to ensure I still reach the right devices even if their IP address would change. Since changing that to pinging their IP addresses, the "." queries in my case disappeared. Is it normal in case of domain name pings for the dot to be queried?

I also am running Wireguard and stopping this docker, eliminated the problem. I've read your post and will look further into this problem. Haven't got Wireguard operational yet and I'm beginning to think both bugs have the same source.

I added these lines in my Wireguard docker-compose.yml

dns:
- 172.21.0.2

(where 172.21.0.2 is my Pihole IP address) and all mysterious . searches disappeared.

Thank you [ChurchOfNoise]&[armujahid]!

This will also happen if you have DNSSEC enabled. You'd see a lot more than just NS queries though, there would be DNSKEY and DS queries as well.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.