Some websites are showing up as unknown in status while others work

Scepterus · October 1, 2020, 4:43am

Expected Behaviour:

[all websites should return some answer from the DNS set in the settings, and should be either blocked or allowed by pihole]

Actual Behaviour:

[some websites randomly return unknown when trying to resolve, thus not being able to reach those websites. clearing the network table and restarting the PiHole some times helps.
this is also confusing, due to the fact that if I sort the logs by status the top ones are unknown after that you get blocked, then approved, and then blocked again. so some entries appear as blocked but on the bottom.]

Debug Token:

[https://tricorder.pi-hole.net/jynrvstjz4]

Bucking_Horn · October 1, 2020, 5:57am

Please provide some examples.
Log excerpts or screen shots for sucha lookup will do.

Scepterus · October 1, 2020, 7:34am

this is an example of what the unknown looks like, this one has received a response, but when the issue happens it's just the unknown. sadly I forgot to take a picture of what happened earlier today before I cleared the network logs, but it happens every 2 to 3 days like some cache is filling up and not releasing.

Bucking_Horn · October 1, 2020, 7:51am

The logs might have more details, try

grep -n "showrss.info" /var/log/pihole.log*

Scepterus · October 1, 2020, 7:52am

/var/log/pihole.log:7793:Oct  1 05:20:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:7794:Oct  1 05:20:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:7795:Oct  1 05:20:42 dnsmasq[847]: dnssec-query[DS] showrss.info to 1.1.1.3
/var/log/pihole.log:7800:Oct  1 05:20:43 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:7804:Oct  1 05:20:43 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:7806:Oct  1 05:20:43 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:7807:Oct  1 05:20:43 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:7808:Oct  1 05:20:43 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:10015:Oct  1 05:35:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:10016:Oct  1 05:35:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:10018:Oct  1 05:35:42 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:10019:Oct  1 05:35:42 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:10020:Oct  1 05:35:42 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:12020:Oct  1 05:50:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:12021:Oct  1 05:50:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:12022:Oct  1 05:50:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:12023:Oct  1 05:50:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:12024:Oct  1 05:50:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:12026:Oct  1 05:50:42 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:12027:Oct  1 05:50:42 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:12028:Oct  1 05:50:42 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:12814:Oct  1 06:05:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:12815:Oct  1 06:05:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:12817:Oct  1 06:05:42 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:12818:Oct  1 06:05:42 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:12819:Oct  1 06:05:42 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:13438:Oct  1 06:20:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:13439:Oct  1 06:20:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:13441:Oct  1 06:20:42 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:13442:Oct  1 06:20:42 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:13443:Oct  1 06:20:42 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:14302:Oct  1 06:35:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:14303:Oct  1 06:35:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:14304:Oct  1 06:35:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:14305:Oct  1 06:35:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:14306:Oct  1 06:35:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:14307:Oct  1 06:35:42 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:14311:Oct  1 06:35:43 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:14313:Oct  1 06:35:43 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:14314:Oct  1 06:35:43 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:14315:Oct  1 06:35:43 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:14783:Oct  1 06:50:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:14784:Oct  1 06:50:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:14785:Oct  1 06:50:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:14786:Oct  1 06:50:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:14787:Oct  1 06:50:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:14788:Oct  1 06:50:42 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:14792:Oct  1 06:50:43 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:14794:Oct  1 06:50:43 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:14795:Oct  1 06:50:43 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:14796:Oct  1 06:50:43 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:15273:Oct  1 07:05:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:15274:Oct  1 07:05:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:15275:Oct  1 07:05:42 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:15276:Oct  1 07:05:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:15281:Oct  1 07:05:42 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:15283:Oct  1 07:05:42 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:15284:Oct  1 07:05:42 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:15285:Oct  1 07:05:42 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:15643:Oct  1 07:20:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:15644:Oct  1 07:20:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:15645:Oct  1 07:20:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:15646:Oct  1 07:20:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:15647:Oct  1 07:20:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:15648:Oct  1 07:20:42 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:15652:Oct  1 07:20:43 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:15654:Oct  1 07:20:43 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:15655:Oct  1 07:20:43 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:15656:Oct  1 07:20:43 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:16164:Oct  1 07:35:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:16165:Oct  1 07:35:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:16166:Oct  1 07:35:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:16167:Oct  1 07:35:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:16168:Oct  1 07:35:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:16169:Oct  1 07:35:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:16170:Oct  1 07:35:42 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:16174:Oct  1 07:35:42 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:16176:Oct  1 07:35:42 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:16177:Oct  1 07:35:42 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:16178:Oct  1 07:35:42 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:16823:Oct  1 07:41:16 dnsmasq[847]: query[A] showrss.info from 192.168.55.100
/var/log/pihole.log:16824:Oct  1 07:41:16 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:16827:Oct  1 07:41:17 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:16828:Oct  1 07:41:17 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:16829:Oct  1 07:41:17 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:19251:Oct  1 07:50:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:19252:Oct  1 07:50:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:19253:Oct  1 07:50:42 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:19254:Oct  1 07:50:42 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:19255:Oct  1 07:50:42 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:19256:Oct  1 07:50:42 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:19257:Oct  1 07:50:42 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:19259:Oct  1 07:50:42 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:19260:Oct  1 07:50:42 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:19261:Oct  1 07:50:42 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:22007:Oct  1 08:14:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:22008:Oct  1 08:14:48 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:22009:Oct  1 08:14:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:22010:Oct  1 08:14:48 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:22011:Oct  1 08:14:48 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:22012:Oct  1 08:14:48 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:22013:Oct  1 08:14:48 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:22015:Oct  1 08:14:48 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:22016:Oct  1 08:14:48 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:22017:Oct  1 08:14:48 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:23983:Oct  1 10:29:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:23984:Oct  1 10:29:48 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log:23985:Oct  1 10:29:48 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log:23986:Oct  1 10:29:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:23991:Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:23993:Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:23994:Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:23995:Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:25619:Oct  1 10:44:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:25620:Oct  1 10:44:48 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:25622:Oct  1 10:44:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:25627:Oct  1 10:44:48 dnsmasq[847]: dnssec-query[DS] showrss.info to 1.1.1.3
/var/log/pihole.log:25631:Oct  1 10:44:48 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log:25633:Oct  1 10:44:48 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:25634:Oct  1 10:44:48 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:25635:Oct  1 10:44:48 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:392:Sep 30 12:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:393:Sep 30 12:25:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:397:Sep 30 12:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:402:Sep 30 12:25:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:406:Sep 30 12:25:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:408:Sep 30 12:25:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:409:Sep 30 12:25:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:410:Sep 30 12:25:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:1281:Sep 30 12:40:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:1282:Sep 30 12:40:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:1283:Sep 30 12:40:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:1284:Sep 30 12:40:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:1289:Sep 30 12:40:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:1291:Sep 30 12:40:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:1292:Sep 30 12:40:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:1293:Sep 30 12:40:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:1561:Sep 30 12:55:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:1562:Sep 30 12:55:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:1563:Sep 30 12:55:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:1564:Sep 30 12:55:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:1569:Sep 30 12:55:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:1571:Sep 30 12:55:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:1572:Sep 30 12:55:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:1573:Sep 30 12:55:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:1776:Sep 30 13:10:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:1777:Sep 30 13:10:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:1778:Sep 30 13:10:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:1779:Sep 30 13:10:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:1784:Sep 30 13:10:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:1786:Sep 30 13:10:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:1787:Sep 30 13:10:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:1788:Sep 30 13:10:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:2332:Sep 30 13:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:2333:Sep 30 13:25:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:2334:Sep 30 13:25:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:2335:Sep 30 13:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:2340:Sep 30 13:25:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:2342:Sep 30 13:25:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:2343:Sep 30 13:25:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:2344:Sep 30 13:25:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:2681:Sep 30 13:40:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:2682:Sep 30 13:40:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:2683:Sep 30 13:40:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:2684:Sep 30 13:40:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:2689:Sep 30 13:40:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:2691:Sep 30 13:40:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:2692:Sep 30 13:40:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:2693:Sep 30 13:40:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:2934:Sep 30 13:55:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:2935:Sep 30 13:55:13 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log.1:2936:Sep 30 13:55:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 1.1.1.3
/var/log/pihole.log.1:2940:Sep 30 13:55:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:2942:Sep 30 13:55:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:2943:Sep 30 13:55:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:2944:Sep 30 13:55:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:3156:Sep 30 14:10:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:3157:Sep 30 14:10:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:3159:Sep 30 14:10:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:3160:Sep 30 14:10:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:3161:Sep 30 14:10:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:3485:Sep 30 14:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:3486:Sep 30 14:25:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:3487:Sep 30 14:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:3488:Sep 30 14:25:13 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log.1:3489:Sep 30 14:25:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:3491:Sep 30 14:25:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:3492:Sep 30 14:25:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:3493:Sep 30 14:25:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:3758:Sep 30 14:40:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:3759:Sep 30 14:40:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:3761:Sep 30 14:40:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:3762:Sep 30 14:40:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:3763:Sep 30 14:40:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:3926:Sep 30 14:55:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:3927:Sep 30 14:55:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:3928:Sep 30 14:55:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:3929:Sep 30 14:55:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:3934:Sep 30 14:55:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:3936:Sep 30 14:55:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:3937:Sep 30 14:55:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:3938:Sep 30 14:55:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:4126:Sep 30 15:10:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:4127:Sep 30 15:10:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:4128:Sep 30 15:10:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:4129:Sep 30 15:10:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:4134:Sep 30 15:10:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:4136:Sep 30 15:10:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:4137:Sep 30 15:10:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:4138:Sep 30 15:10:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:5029:Sep 30 15:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:5030:Sep 30 15:25:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:5031:Sep 30 15:25:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:5032:Sep 30 15:25:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:5037:Sep 30 15:25:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:5039:Sep 30 15:25:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:5040:Sep 30 15:25:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:5041:Sep 30 15:25:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:5950:Sep 30 15:40:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:5951:Sep 30 15:40:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:5956:Sep 30 15:40:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:5957:Sep 30 15:40:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:5967:Sep 30 15:40:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:5969:Sep 30 15:40:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:5970:Sep 30 15:40:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:5971:Sep 30 15:40:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:7254:Sep 30 15:55:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:7255:Sep 30 15:55:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:7256:Sep 30 15:55:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:7257:Sep 30 15:55:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:7262:Sep 30 15:55:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:7264:Sep 30 15:55:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:7265:Sep 30 15:55:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:7266:Sep 30 15:55:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:8869:Sep 30 16:10:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:8870:Sep 30 16:10:13 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:8871:Sep 30 16:10:13 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:8872:Sep 30 16:10:13 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:8877:Sep 30 16:10:13 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:8879:Sep 30 16:10:13 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:8880:Sep 30 16:10:13 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:8881:Sep 30 16:10:13 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:10646:Sep 30 16:31:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:10647:Sep 30 16:31:29 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:10648:Sep 30 16:31:29 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:10649:Sep 30 16:31:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:10654:Sep 30 16:31:29 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:10656:Sep 30 16:31:29 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:10657:Sep 30 16:31:29 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:10658:Sep 30 16:31:29 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:12422:Sep 30 16:44:57 dnsmasq[847]: query[A] showrss.info from 192.168.55.100
/var/log/pihole.log.1:12423:Sep 30 16:44:57 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:12424:Sep 30 16:44:57 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:12428:Sep 30 16:44:57 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:12430:Sep 30 16:44:57 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:12431:Sep 30 16:44:57 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:12432:Sep 30 16:44:57 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:12820:Sep 30 16:46:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:12821:Sep 30 16:46:29 dnsmasq[847]: cached showrss.info is 104.31.85.52
/var/log/pihole.log.1:12822:Sep 30 16:46:29 dnsmasq[847]: cached showrss.info is 104.31.84.52
/var/log/pihole.log.1:12823:Sep 30 16:46:29 dnsmasq[847]: cached showrss.info is 172.67.211.169
/var/log/pihole.log.1:14884:Sep 30 17:01:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:14885:Sep 30 17:01:29 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:14886:Sep 30 17:01:29 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:14887:Sep 30 17:01:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:14892:Sep 30 17:01:29 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:14894:Sep 30 17:01:29 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:14895:Sep 30 17:01:29 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:14896:Sep 30 17:01:29 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:16160:Sep 30 17:16:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:16161:Sep 30 17:16:29 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:16162:Sep 30 17:16:29 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:16163:Sep 30 17:16:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:16168:Sep 30 17:16:29 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:16170:Sep 30 17:16:29 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:16171:Sep 30 17:16:29 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:16172:Sep 30 17:16:29 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:18504:Sep 30 17:31:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:18505:Sep 30 17:31:29 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log.1:18506:Sep 30 17:31:29 dnsmasq[847]: dnssec-query[DS] showrss.info to 1.1.1.3
/var/log/pihole.log.1:18508:Sep 30 17:31:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:18512:Sep 30 17:31:29 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:18514:Sep 30 17:31:29 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:18515:Sep 30 17:31:29 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:18516:Sep 30 17:31:29 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:20815:Sep 30 17:46:29 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:20816:Sep 30 17:46:29 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:20818:Sep 30 17:46:29 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:20819:Sep 30 17:46:29 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:20820:Sep 30 17:46:29 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:24214:Sep 30 18:07:47 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:24215:Sep 30 18:07:47 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log.1:24217:Sep 30 18:07:47 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:24218:Sep 30 18:07:47 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:24219:Sep 30 18:07:47 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:25429:Sep 30 18:22:47 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:25430:Sep 30 18:22:47 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:25432:Sep 30 18:22:47 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:25433:Sep 30 18:22:47 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:25434:Sep 30 18:22:47 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:25940:Sep 30 18:37:47 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:25941:Sep 30 18:37:47 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log.1:25942:Sep 30 18:37:47 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:25943:Sep 30 18:37:47 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
/var/log/pihole.log.1:25945:Sep 30 18:37:47 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:25949:Sep 30 18:37:47 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:25951:Sep 30 18:37:47 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:25952:Sep 30 18:37:47 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:25953:Sep 30 18:37:47 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:27370:Sep 30 18:52:47 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:27371:Sep 30 18:52:47 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log.1:27372:Sep 30 18:52:47 dnsmasq[847]: dnssec-query[DS] showrss.info to 1.1.1.3
/var/log/pihole.log.1:27373:Sep 30 18:52:47 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:27378:Sep 30 18:52:47 dnsmasq[847]: reply showrss.info is no DS
/var/log/pihole.log.1:27380:Sep 30 18:52:47 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:27381:Sep 30 18:52:47 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:27382:Sep 30 18:52:47 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log.1:28824:Sep 30 19:07:47 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
/var/log/pihole.log.1:28825:Sep 30 19:07:47 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
/var/log/pihole.log.1:28827:Sep 30 19:07:47 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log.1:28828:Sep 30 19:07:47 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log.1:28829:Sep 30 19:07:47 dnsmasq[847]: reply showrss.info is 172.67.211.169

Bucking_Horn · October 1, 2020, 6:14pm

This is the section that correlates with your screenshot:

Scepterus:

Oct  1 10:29:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
Oct  1 10:29:48 dnsmasq[847]: forwarded showrss.info to 208.67.222.123
Oct  1 10:29:48 dnsmasq[847]: dnssec-query[DS] showrss.info to 208.67.222.123
Oct  1 10:29:48 dnsmasq[847]: query[A] showrss.info from 192.168.55.132
Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is no DS
Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is 104.31.84.52
Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is 104.31.85.52
Oct  1 10:29:48 dnsmasq[847]: reply showrss.info is 172.67.211.169

That seems to indicate that the unkown status is related to the "no DS" answer.

Though it may be that Pi-hole's UI is handling this as UNKNOWN, there's actually nothing wrong with the DNS resolution process.

There's a faint possibility that this may have been caused by our time being off (as seen in your other post), but I think Delegation Signer records should be returned regardless.

Still, fixing the time gap may have fixed this, so please keep monitoring this and report any reoccurences.

Scepterus · October 2, 2020, 5:08am

will do! thanks!

DL6ER · October 2, 2020, 10:58am

@Scepterus Could you please change the line

log-queries

to

log-queries=extra

in your /etc/dnsmasq.d/01-pihole.conf and run

pihole restartdns

?

This will give us some more details about which reply corresponds to which query exactly and, hence, ease debugging the UNKNOWN status here. Thanks!

Scepterus · October 2, 2020, 11:24am


/var/log/pihole.log:37885:Oct  2 14:03:30 dnsmasq[847]: forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:37887:Oct  2 14:03:30 dnsmasq[847]: reply showrss.info is 104.31.85.52
/var/log/pihole.log:37888:Oct  2 14:03:30 dnsmasq[847]: reply showrss.info is 104.31.84.52
/var/log/pihole.log:37889:Oct  2 14:03:30 dnsmasq[847]: reply showrss.info is 172.67.211.169
/var/log/pihole.log:38758:Oct  2 14:15:42 dnsmasq[23144]: 125 192.168.55.132/55263 query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:38759:Oct  2 14:15:42 dnsmasq[23144]: 125 192.168.55.132/55263 forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:38761:Oct  2 14:15:42 dnsmasq[23144]: 126 192.168.55.132/55263 query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:38766:Oct  2 14:15:42 dnsmasq[23144]: * 192.168.55.132/55263 dnssec-query[DS] showrss.info to 1.1.1.3
/var/log/pihole.log:38771:Oct  2 14:15:42 dnsmasq[23144]: * 192.168.55.132/55263 reply showrss.info is no DS
/var/log/pihole.log:38773:Oct  2 14:15:42 dnsmasq[23144]: 125 192.168.55.132/55263 reply showrss.info is 104.31.84.52
/var/log/pihole.log:38774:Oct  2 14:15:42 dnsmasq[23144]: 125 192.168.55.132/55263 reply showrss.info is 104.31.85.52
/var/log/pihole.log:38775:Oct  2 14:15:42 dnsmasq[23144]: 125 192.168.55.132/55263 reply showrss.info is 172.67.211.169

did what you asked and here's the log corresponding with this screenshot:

it was really weird finding the exact time in the log output, it was top down but 1 oct was lower than 2 oct.

DL6ER · October 5, 2020, 7:38pm

I did exactly the same you did and got

/var/log/pihole.log:43:Oct  5 20:45:27 dnsmasq[12934]: 3 127.0.0.1/56349 query[A] showrss.info from 127.0.0.1
/var/log/pihole.log:44:Oct  5 20:45:27 dnsmasq[12934]: 3 127.0.0.1/56349 forwarded showrss.info to 127.0.0.1
/var/log/pihole.log:49:Oct  5 20:45:27 dnsmasq[12934]: * 127.0.0.1/56349 dnssec-query[DS] showrss.info to 127.0.0.1
/var/log/pihole.log:54:Oct  5 20:45:27 dnsmasq[12934]: * 127.0.0.1/56349 reply showrss.info is no DS
/var/log/pihole.log:56:Oct  5 20:45:27 dnsmasq[12934]: 3 127.0.0.1/56349 reply showrss.info is 172.67.211.169
/var/log/pihole.log:57:Oct  5 20:45:27 dnsmasq[12934]: 3 127.0.0.1/56349 reply showrss.info is 104.31.85.52
/var/log/pihole.log:58:Oct  5 20:45:27 dnsmasq[12934]: 3 127.0.0.1/56349 reply showrss.info is 104.31.84.52

which seems to work absolutely fine

The issue seems to come from query no. 126 (look for the number after dnsmasq[23144]):

Scepterus:

/var/log/pihole.log:38758:Oct  2 14:15:42 dnsmasq[23144]: 125 192.168.55.132/55263 query[A] showrss.info from 192.168.55.132
/var/log/pihole.log:38759:Oct  2 14:15:42 dnsmasq[23144]: 125 192.168.55.132/55263 forwarded showrss.info to 1.1.1.3
/var/log/pihole.log:38761:Oct  2 14:15:42 dnsmasq[23144]: 126 192.168.55.132/55263 query[A] showrss.info from 192.168.55.132

It seems to get ignored. I'm not sure why/how this happens, but this is likely the ignored query.

This also perfectly matches

where you have the one query that is not being processed directly next to the other query.

I tried to reproduce two queries at the very same time when the cache wasn't already populated (simulation your situation), but even here everything worked fine:

/var/log/pihole.log:1205:Oct  5 20:52:54 dnsmasq[12934]: 600 127.0.0.1/46793 query[A] showrss.info from 127.0.0.1
/var/log/pihole.log:1206:Oct  5 20:52:54 dnsmasq[12934]: 600 127.0.0.1/46793 forwarded showrss.info to 127.0.0.1
/var/log/pihole.log:1207:Oct  5 20:52:54 dnsmasq[12934]: 601 127.0.0.1/35632 query[A] showrss.info from 127.0.0.1
/var/log/pihole.log:1208:Oct  5 20:52:54 dnsmasq[12934]: 601 127.0.0.1/35632 forwarded showrss.info to 127.0.0.1
/var/log/pihole.log:1217:Oct  5 20:52:55 dnsmasq[12934]: * 127.0.0.1/35632 dnssec-query[DS] showrss.info to 127.0.0.1
/var/log/pihole.log:1218:Oct  5 20:52:55 dnsmasq[12934]: * 127.0.0.1/46793 dnssec-query[DS] showrss.info to 127.0.0.1
/var/log/pihole.log:1223:Oct  5 20:52:55 dnsmasq[12934]: * 127.0.0.1/35632 reply showrss.info is no DS
/var/log/pihole.log:1225:Oct  5 20:52:55 dnsmasq[12934]: 601 127.0.0.1/35632 reply showrss.info is 104.31.84.52
/var/log/pihole.log:1226:Oct  5 20:52:55 dnsmasq[12934]: 601 127.0.0.1/35632 reply showrss.info is 172.67.211.169
/var/log/pihole.log:1227:Oct  5 20:52:55 dnsmasq[12934]: 601 127.0.0.1/35632 reply showrss.info is 104.31.85.52
/var/log/pihole.log:1228:Oct  5 20:52:55 dnsmasq[12934]: * 127.0.0.1/46793 reply showrss.info is no DS
/var/log/pihole.log:1230:Oct  5 20:52:55 dnsmasq[12934]: 600 127.0.0.1/46793 reply showrss.info is 104.31.85.52
/var/log/pihole.log:1231:Oct  5 20:52:55 dnsmasq[12934]: 600 127.0.0.1/46793 reply showrss.info is 104.31.84.52
/var/log/pihole.log:1232:Oct  5 20:52:55 dnsmasq[12934]: 600 127.0.0.1/46793 reply showrss.info is 172.67.211.169

Can you isolate which application/service is doing these lookups? My current speculation is that one of the concurrent DNS queries may be incomplete which is why the DNS server does not properly handle it.

Scepterus · October 6, 2020, 6:00am

that's the strange thing, I don't know which program is contacting that domain, only on my other computer I have a program that contacts that website, could the traffic come from my computer when I remote into the other computer?

Scepterus · October 6, 2020, 11:05am

https://sweeps.gg/giveaways/1000-giveaway-e6qcn/
this link produced this:

and this I know for a fact came from my browser. I use Opera as my main browser.

DL6ER · October 6, 2020, 9:42pm

This depends on your chose remote control. It is unlikely, though.

I just tried the link myself and about 60 queries were made. sweeps.gg was queried (as expected) when navigating to this page, however, sweeps.gift was never requested.

The response for sweeps.gg is A = IP, AAAA = IP. All green.
When manually enter sweeps.gift, this seems to give a different page. The response is A = IP, AAAA = NODATA

Scepterus · October 7, 2020, 5:46am

This depends on your chose remote control. It is unlikely, though.

I'm using normal windows RDP. so if that's not the case, it does not make sense that it comes from my computer. could the pi be confusing traffic? seems unlikely.

I just tried the link myself and about 60 queries were made. sweeps.gg was queried (as expected) when navigating to this page, however, sweeps.gift was never requested.

it might be because I'm logged in. I'll try to find another example that does not require anything like that.

EDIT:

this very site showed up on my search.

Scepterus · October 7, 2020, 5:58am

ran into the same problem i had where pages don't load with this picture.

I'm not going to clear the logs, this is what I got.

/var/log/pihole.log:19086:Oct  7 08:52:04 dnsmasq[22636]: 534 192.168.55.132/61982 query[A] www.linkedin.com from 192.168.55.132
/var/log/pihole.log:19087:Oct  7 08:52:04 dnsmasq[22636]: 534 192.168.55.132/61982 forwarded www.linkedin.com to 1.1.1.3
/var/log/pihole.log:19092:Oct  7 08:52:04 dnsmasq[22636]: 536 192.168.55.132/61982 query[A] www.linkedin.com from 192.168.55.132
/var/log/pihole.log:19117:Oct  7 08:52:04 dnsmasq[22636]: 534 192.168.55.132/61982 reply www.linkedin.com is <CNAME>
/var/log/pihole.log:19118:Oct  7 08:52:04 dnsmasq[22636]: 534 192.168.55.132/61982 reply www-linkedin-com.l-0005.l-msedge.net is <CNAME>

also I'm starting to notice a trend that everything that's not from the cache shows up as insecure. don't know if it's related but it is strange since the test for dnssec passed.

EDIT:

these are all unknown.

DL6ER · October 7, 2020, 10:57am

Even with the further examples you provided, I am unable to reproduce this locally. Are all unknown queries coming from the same client? To rule out that this may be a side-effect of some anti-virus/firewall/etc. application: Do you maybe have another device ideally with a different operating system (like phone, tablet, etc.) from which you could try to reproduce this?

This is unlikely. The queries are returned to the IP address shown there. If it would be the wrong device, the reply would never get received.

I'm not familiar with this, but I guess it does not forward such things. Can you use the machine without remote access? Does it still happen in this case?

This is not necessarily an issue, INSECURE just means it doesn't get any extra security through DNSSEC. It is less a hint to something problematic but more showing that DNSSEC cannot determine if this is secure or not. Not the best choice of wording if you ask me.

The vast majority of the web is actually not using any proper signature. At least that's my experience. Try browsing to the German site https://www.denic.de You should get a green SECURE report for this domain.

We could try recording your DNS traffic so I can inspect the data using Wireshark. Try

sudo tcpdump -w /tmp/dns.pcap  port 53

on your Pi-hole to start the recording. It can be terminated with Ctrl + C once we have recorded such an unknown query. Send me the file in a private message (in a ZIP-archive) if you are concerned about privacy. You can inspect the content of the file using

tcpdump -n -t -r /tmp/dns.pcap port 53

before sending it.

Scepterus · October 7, 2020, 11:22am

sudo tcpdump -w /tmp/dns.pcap port 53

is this available on pihole from the box or should I apt-get some package? because I tried running it and it did not find the command.

Are all unknown queries coming from the same client?

no, I have 2 windows machines where this happens. I could not reproduce this on my mobile device.
also, could this be related to my other topic regarding DHCP entries not populating correctly?
https://discourse.pi-hole.net/t/dhcp-leases-show-up-as-i-unknown-i/38876/16

DL6ER · October 7, 2020, 11:25am

Oh, sorry, I figured it would be available. Run

sudo apt install tcpdump

to get it.

Not, this unknown is just inserted automatically by the web interface when the name is empty. This is done client-side and is not related here. Just using the same word, by chance, for the different and unrelated things.

Scepterus · October 7, 2020, 11:31am

Not, this unknown is just inserted automatically by the web interface when the name is empty. This is done client-side and is not related here. Just using the same word, by chance, for the different and unrelated things.

yeah I know it's just the same word, what I meant was, could the root cause be the same?
sending you the pm now.

DL6ER · October 7, 2020, 11:36am

No, they are separate.