Thousands of DNS requests for domain

I had the same issue, but resolved it by deleting the three iptables rules that pihole adds on installation (allow tcp/udp port 53, allow tcp port 80). Try this:

sudo iptables -D INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -D INPUT -p tcp -m tcp --dport 53 -j ACCEPT
sudo iptables -D INPUT -p udp -m udp --dport 53 -j ACCEPT

sudo ufw allow from <> to any port 53
sudo ufw deny 53

This should work until you update pi-hole (which will re-add the rules). I'm looking into saving the rules with iptables-persistent right now, I'll let you know if that works.

UFW isn't catching the requests because these auto-installed rules are superseding UFW, since UFW is a thin abstraction layer over iptables and rule order is critical in iptables.

Thanks for that, iptables had no entries on it though which is weird.

What I did now is deleted all ufw rules (/lib/ufw/user.rules) and set default to deny everything (ufw default deny incoming), then added back in my work, home, friends etc ips to 53 and 80, and so far that seems to be working perfectly. Will update if anything changes but this seems like the way to go for me at least.

We are reviewing a code change that will prompt for user approval prior to installing any rulesets. This will also remove the firewall configuration from the --unattended so that any changes to firewalls is done with a whiptail confirmation.