I noticed something unusual today. Pihole tried to connect in 192.0.2.2:53 Is it normal or need research ...
192.168.88.99 Pihole
My debug token is: https://tricorder.pi-hole.net/1fg3jzur0v!
You have Pi-hole set to poll another service on the same device as the upstream.
PIHOLE_DNS_1=127.0.0.1#5353
Check that daemon and see what it is configured to use as the resolver. Pi-hole is not the program that generated those packets.
I am running unbound so i use the settings from Redirecting....
From your posted output, I can't see that Pi-Hole was the source of these queries. If they are coming from the Pi-Hole host platform, then they can be from any software running on that platform.
What is shown in the Pi-Hole query log for that IP address?
sudo grep 192.0.2.2 /var/log/pihole.log
1 Like
It is entirely possible that Unbound is querying that address. It is not part of the RFC 1918 reserved address space. A domain could use that address as an autoritative DNS server.
Reserved Address Space:
10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Τhe command does not show anything because i flush the logs. However, there is no other service except pihole and unbound αnd I'm pretty sure watching this log (I know because I have put this specific rule) from mikrotik firewall), that the 192.168.88.99 (pihole)trying to connect to 192.0.2.2 at port 53. Ιn any case, I do not want to question your words but I just want to find a solution.
Thanks
the rule
(add action=drop chain=forward comment="Drop packets from LAN that do not have LAN IP" in-interface=bridge log=yes log-prefix=LAN_!LAN src-address=!192.168.88.0/24)
in this case maybe @anon55913113 can help me who knows about mikrotik , because may have misunderstood and mistaken things.
192.168.88.99 is both Pi-hole and Unbound. Pi-hole is set to use 127.0.0.1#5353 (itself) to talk to Unbound, and then Unbound queries out to find the answers to queries (on port 53). Pi-hole does not send queries on port 53 in this configuration, only on port 5353.
The way to verify this would be to re-enable the Pi-Hole log and see if any queries to this IP are registered in the log. If there are none, then Pi-Hole is not making these requests.
I suspect you will find that Pi-Hole is not making these requests, for the reasons that @DanSchaper noted - you have Pi-Hole configured to send all of it's upstream DNS traffic to unbound on port 5353.
No VPN nothing. If you have to suggest a better rule to cut the lan requests I'm here. However, with this rule the request did not pass. (I think)
I will have my mind if it happens again and I will inform you about. Thank you very much for the answers.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.