Top permitted domains on the admin console should display the resolved domain names
Top permitted domains appear to be displaying reverse DNS lookups, e.g. 66.206.218.216.in-addr.arpa
9plmy47qs4
I'm not sure when this started (it wasn't always like this), nor why it's happening.
This was new behavior starting with V4.1 (if my memory is correct). Starting with this release, Pi-Hole analyzes and displays more query types, including reverse lookup (PTR) and several other types.
To Pi-Hole, a PTR request is counted the same as other types, so if there are many of them, they will migrate to the top of your top lists.
If you prefer to have Pi-Hole analyze only A and AAAA queries, then use this option as described in the referenced thread:
ANALYZE_ONLY_A_AND_AAAA=true
I may not understand the problem you are seeing. Please post a screen snap or section of /var/log/pihole.log showing what you see. Thanks.
I made the change you suggested last night. The screenshot is from this morning. The settings change had no effect (I did restart pihole-FTL).
I may not be describing the problem well. This screenshot should help:
The top domains are from the previous 24 hours, so even if you turn off the analyze option they will show in the domains until the 24 hours rolls over.
Click on one of the top permitted domains showing an ARPA address and that will open that query filter in the query log. You can do this for each and determine which client(s) are the source of the queries.
Are they all coming from one client or multiple clients?
I'd say 99.9% of the queries are from my router. A few here and there from localhost and my main desktop PC.
Do you have any ports open or forwarded on your router, specifically 53?
You can check using the tools here: GRC | ShieldsUP! — Internet Vulnerability Profiling
Select "proceed" on the first page, then "all service ports" on the second page
All the external addresses belong to Hurricane Electric. Do you have an IPv6 tunnel with them?
Port 53 is not open. 443 and a few other higher ones are open. No IPv6 tunnel.
"The top domains are from the previous 24 hours, so even if you turn off the analyze option they will show in the domains until the 24 hours rolls over."
Thank you, top permitted domains shows only A and AAAA records now, as set in /etc/pihole/pihole-FTL.conf
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
