Router making thousands of PTR queries back to Pi-Hole

I have Pi-hole 5.15.3 running on Ubuntu 22.04.1 (amd64). My broadband router is a Netgear Nighthawk R7000 running FreshTomato 2022.6. The router (192.168.1.1) is making thousands of PTR queries back to Pi-hole (192.168.1.2) for internal addresses. The log file shows:

Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 44.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.44 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 11.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.11 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 6.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.6 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 47.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.47 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 250.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.250 is NXDOMAIN

The router is the DHCP server for the network. On the router, the DNS server is set to the Pi-hole (192.168.1.2). This gets handed out to the clients over DHCP correctly. In Advanced|DHCP/DNS, Use Internal DNS is disabled. On the Pi-hole Never forward non-FQDN A and AAAA queries and Never forward reverse lookups for private IP ranges are enabled, Conditional forwarding is disabled.

I believe this configuration to be correct but I do not know why I am getting these reverse queries for internal IP addresses from the router.

Please can somebody help me fix this? Thanks!

Debug Token:

(https://tricorder.pi-hole.net/hVba33E2/)

Sounds like you've created a DNS loop where DNS queries get trapped endlessly or until resources run out.
If you're already advertising the Pi-hole IP as a DNS server to the clients through the routers DHCP service, try defaulting below setting:

Thanks for your reply.

This setting is defaulted in the router:

What is strange is it seems to occur in phases:

Screenshot 2023-02-10 101237987×250 25.7 KB

The blue is the router requests to the Pi-hole.

Any other thoughts?

How can the settings in the screenshot be the OOTB factory defaults with that 192.168.1.2 IP?
Did the factory know about your 192.168.1.2 Pi-hole IP before they shipped the router?
Try again

The default setting is Auto. This picks up the ISP's DNS servers from the WAN DHCP and hands this out to the clients so the Pi-hole isn't used.

Are you sure about that?
If set to auto, what dns-server is displayed when run below one on the Pi-hole host:
(EDIT: Ow below one might need sudo/root powers for your distro!)

pihole-FTL dhcp-discover

Do you understand what I mean with a DNS loop?
An example of a DNS loop (EDIT: or partial DNS loop):

Client --> Router DNS --> Pi-hole conditional forwarding to router --
                ^                                                    |
                |                                                    |
                 ----------------------------------------------------

Or:

Client --> Pihole conditional forwarding to router --> Router --
             ^                                                  |
             |                                                  |
              --------------------------------------------------

Preferred is to have your router WAN settings be default, and only enter the Pi-hole IP in the router LAN DHCP service DNS field:

https://docs.pi-hole.net/main/post-install/

Like so:

Client --> Pi-hole --> Upstream configured DNS server(s)
              |
              V
             [CF]
              |
               ------> Router --> Router WAN DNS server(s)

There is another way to config your router, like deHakkelaar explained:

• In Advanced|DHCP/DNS you put your Pi-hole IP as DNS server (do not add an external DNS).
• In WAN DHCP you use the default DNS settings (do not set Pi-hole in both places to avoid a loop).

I understand about the DNS loop, and appreciate your detailed description and diagram.

I have set the DNS Server back to Auto in Basic: Network

In Advanced|DHCP/DNS I have added

dhcp-option=6,192.168.1.2

To Dnsmasq Custom Configuration

Rebooted the router, Pi-hole and clients. Unfortunately they still get passed the ISP's DNS servers through DHCP.

Is this correct or have I missed something? Would I be better off using the Pi-hole's DHCP server instead of the router's?

Thanks for your help so far!

From what you've shared above, Pi-hole is answering that query with NXDOMAIN, so this doesn't look like a DNS loop. The second line would then have been a forward back to your router, closing the loop.

Since it isn't, this looks more like a regular DNS request.

Perhaps your router is probing Pi-hole for names of known IP addresses?
Eventually on behalf of a client?

Your debug log has expired, but from what I remember from glancing at it, your .11 client got rate-limited at some time in the past. That may be related if your .11 would also have used your router for DNS, in addition to Pi-hole.

Also, your debug log showed that you are using .local as your local domain.
Note that the .local TLD is reserved for mDNS usage and should NOT be used with plain DNS.

Yeah I missed that part

Above is the correct way if can make it work this way.
You have to make it so that the router advertises the Pi-hole IP as the only dns-server when run below one:

pi@ph5b:~ $ pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
[..]
   dns-server: 10.0.0.2
[..]

If you cant make it work this way, you could opt to enable Pi-hole's own DHCPv4 service and disable the one on your router:

Thanks for your continued help. I think I have finally figured it out! Here is my output from that command now. My DHCP clients are getting 192.168.1.2 as their DHCP server.

Scanning all your interfaces for DHCP servers
Timeout: 10 seconds

WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable

• Received 302 bytes from eth1:192.168.1.1
  Offered IP address: 192.168.1.2
  Server IP address: 192.168.1.1
  Relay-agent IP address: N/A
  BOOTP server: (empty)
  BOOTP file: (empty)
  DHCP options:
  Message type: DHCPOFFER (2)
  server-identifier: 192.168.1.1
  lease-time: 86400 ( 1d )
  renewal-time: 43200 ( 12h )
  rebinding-time: 75600 ( 21h )
  netmask: 255.255.255.0
  broadcast: 192.168.1.255
  domain-name: "local"
  dns-server: 192.168.1.2
  wpad-server: "\n"
  router: 192.168.1.1
  --- end of options ---

DHCP packets received on interface wlan1: 0
DHCP packets received on interface lo: 0
DHCP packets received on interface eth1: 1

It seems my dnsmasq custom command wasn't quite right on my FreshTomato router. What I actually needed was this:

dhcp-option=tag:br0,6,192.168.1.2

I'm not getting any of the reverse lookups for local addresses between the router and Pi-hole now. Wait and see but I think this is the solution. My next step is to reenable the DNS server on the router and configure Conditional forwarding so I can resolve hosts on my local network.

Many thanks!

Nice find!

You'r still advertising the local name above as a search/suffix domain for your LAN though:

Thanks!

I've enabled Conditional Forwarding to my router and I can resolve local hostnames now.

I've also changed my search/suffix domain to home so I am compliant with the mDNS requirements.

I appreciate all your help in getting this up and running! I now consider this question fully resolved (no pun intended)

I have a Links's Velop mesh with. router and 2 other nodes. I get so many queries like this "206.1.168.192.in-addr.arpa" from them that my query log has become almost useless. I have no idea how to fix this. Any help would be appreciated.

A friend of mine has this same model and problem. We are testing a fix in a couple of hours and I will create a new topic with results.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.