Hi,
I was not checking pi-hole statistics for a few months, but noticed a lot of of these weird queries a few days ago: diyiyou.com, 9k9k.com, ..
pi-hole runs on Raspberry Pi for about 2 years, version:
(Pi-hole Version v4.3.2 Web Interface Version v4.3.2 FTL Version v4.3.1).
I did not change anything in the pi-hole configuration (except that I recently upgraded it to the latest version) and on my router (asuswrt-merlin).
I blocked the domains in the pi-hole yesterday, see the screenshot.
Not sure where is this coming from. I shutdown all smartphones, tablets, PCs and TVs, but, they are still showing up there (client 192.168.1.1 is my router).
Is this a problem ?
Any idea what might be wrong ?
This is on the pihole raspbery pi:
pihole-FT 14162 pihole 5u IPv4 221519 0t0 TCP *:53 (LISTEN)
pihole-FT 14162 pihole 7u IPv6 221521 0t0 TCP *:53 (LISTEN)
Router does not have any setting related to the port 53.
Checking pihole long term data revealed that this issue started on October 10.
There were some other similar domains showing up at that time, mostly from CN (pkke33.cn, agent.xz639.cn, m.downxia.com, m.ddooo.com,.. .etc).
I definitely did not do anything on my systems that day (I was traveling).
Did virus/malware check on my PCs today, found nothing.
However, found a post on the Internet describing similar situation (pihole, ASUS router, similar domains) hinting on possibility that router may be compromised.
Upgraded my router to the latest Merlin version, restored factory defaults and configure it again.
Now, pihole is not showing those DNS queries any more.
