I have Pi-hole 5.15.3 running on Ubuntu 22.04.1 (amd64). My broadband router is a Netgear Nighthawk R7000 running FreshTomato 2022.6. The router (192.168.1.1) is making thousands of PTR queries back to Pi-hole (192.168.1.2) for internal addresses. The log file shows:
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 44.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.44 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 11.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.11 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 6.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.6 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 47.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.47 is NXDOMAIN
Feb 9 08:49:36 dnsmasq[1384]: query[PTR] 250.1.168.192.in-addr.arpa from 192.168.1.1
Feb 9 08:49:36 dnsmasq[1384]: config 192.168.1.250 is NXDOMAIN
The router is the DHCP server for the network. On the router, the DNS server is set to the Pi-hole (192.168.1.2). This gets handed out to the clients over DHCP correctly. In Advanced|DHCP/DNS, Use Internal DNS is disabled. On the Pi-hole Never forward non-FQDN A and AAAA queries and Never forward reverse lookups for private IP ranges are enabled, Conditional forwarding is disabled.
I believe this configuration to be correct but I do not know why I am getting these reverse queries for internal IP addresses from the router.
Sounds like you've created a DNS loop where DNS queries get trapped endlessly or until resources run out.
If you're already advertising the Pi-hole IP as a DNS server to the clients through the routers DHCP service, try defaulting below setting:
How can the settings in the screenshot be the OOTB factory defaults with that 192.168.1.2 IP?
Did the factory know about your 192.168.1.2 Pi-hole IP before they shipped the router?
Try again
Are you sure about that?
If set to auto, what dns-server is displayed when run below one on the Pi-hole host:
(EDIT: Ow below one might need sudo/root powers for your distro!)
pihole-FTL dhcp-discover
Do you understand what I mean with a DNS loop?
An example of a DNS loop (EDIT: or partial DNS loop):
Client --> Router DNS --> Pi-hole conditional forwarding to router --
^ |
| |
----------------------------------------------------
From what you've shared above, Pi-hole is answering that query with NXDOMAIN, so this doesn't look like a DNS loop. The second line would then have been a forward back to your router, closing the loop.
Since it isn't, this looks more like a regular DNS request.
Perhaps your router is probing Pi-hole for names of known IP addresses?
Eventually on behalf of a client?
Your debug log has expired, but from what I remember from glancing at it, your .11 client got rate-limited at some time in the past. That may be related if your .11 would also have used your router for DNS, in addition to Pi-hole.
Also, your debug log showed that you are using .local as your local domain.
Note that the .local TLD is reserved for mDNS usage and should NOT be used with plain DNS.
Above is the correct way if can make it work this way.
You have to make it so that the router advertises the Pi-hole IP as the only dns-server when run below one:
pi@ph5b:~ $ pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
[..]
dns-server: 10.0.0.2
[..]
If you cant make it work this way, you could opt to enable Pi-hole's own DHCPv4 service and disable the one on your router:
Thanks for your continued help. I think I have finally figured it out! Here is my output from that command now. My DHCP clients are getting 192.168.1.2 as their DHCP server.
Scanning all your interfaces for DHCP servers
Timeout: 10 seconds
WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Network is unreachable
Received 302 bytes from eth1:192.168.1.1
Offered IP address: 192.168.1.2
Server IP address: 192.168.1.1
Relay-agent IP address: N/A
BOOTP server: (empty)
BOOTP file: (empty)
DHCP options:
Message type: DHCPOFFER (2)
server-identifier: 192.168.1.1
lease-time: 86400 ( 1d )
renewal-time: 43200 ( 12h )
rebinding-time: 75600 ( 21h )
netmask: 255.255.255.0
broadcast: 192.168.1.255
domain-name: "local"
dns-server: 192.168.1.2
wpad-server: "\n"
router: 192.168.1.1
--- end of options ---
DHCP packets received on interface wlan1: 0
DHCP packets received on interface lo: 0
DHCP packets received on interface eth1: 1
It seems my dnsmasq custom command wasn't quite right on my FreshTomato router. What I actually needed was this:
dhcp-option=tag:br0,6,192.168.1.2
I'm not getting any of the reverse lookups for local addresses between the router and Pi-hole now. Wait and see but I think this is the solution. My next step is to reenable the DNS server on the router and configure Conditional forwarding so I can resolve hosts on my local network.
I have a Links's Velop mesh with. router and 2 other nodes. I get so many queries like this "206.1.168.192.in-addr.arpa" from them that my query log has become almost useless. I have no idea how to fix this. Any help would be appreciated.