Top Client is the Gateway IP

The issue I am facing:

I was looking over some of my dashboard stats and found that my top client -- by a country mile -- is the router/gateway on 192.168.100.1. I'm not 100% certain this is wrong but it feels wrong ... I'd want the original requestor to be shown and not the middleman.

Details about my system:

  • My pihole is running as a VM under the Proxmox hypervisor with Ubuntu as the Linux flavor.
  • My pihole has an IP in the subnet 192.168.100.0/24
  • My upstream provider is another VM running unbound and also living in the 192.168.100.0/24 subnet

I also have another machine -- a Synology NAS -- which runs Pihole in Docker, runs in the same subnet, and also is pointed to the same unbound resolver. It does not have the gateway address listed anywhere.

What I have changed since installing Pi-hole:

The addition of unbound is quite new but otherwise I haven't done anything differently. Admittedly, I may be just noticing this now but the timeframe the problem started is a bit unclear to me.

Just guessing here, but the behavior you describe would maybe indicate devices on your LAN are using the router as their DNS server, and the router is passing those requests to Pihole.

You need to configure clients to all use Pihole directly, usually through DHCP settings. Another option is to manually set the DNS server on each device in your LAN to use Pihole for DNS.

Possibly but I'd not have expected that as on the 192.168.100.0/24 subnet I have Synology and Proxmox Hypervisors for the most part. The Proxmox containers all inherit from the host and it definitely uses my Pi-hole servers (three of them). And all the gateways are a Unifi UDM router who's DHCP all suggests clients use the pi-hole servers too.

I will have another look though as maybe something has slipped through the cracks. It's always the things you're sure you fixed that take the longest to fix. :slight_smile:

Providing a debug log (under Tools) will help the devs help you find the source of the problem.

Oh ok. Sorry I'm decently technical but I'm not deep on pihole.

The three log files are HREFs to the debug token for the given machine. If it's better to provide the file upload here I can do that too.

  • dns0 which runs on Synology and PiHole is a Docker container, who's client list looks good to me
  • dns1 [PROBLEM] which is the questionable one running as an Ubuntu container under Proxmox
  • dns2 [PROBLEM] which I see also has this problem and is also running in an Ubuntu container under Proxmox

Also worth noting that:

  • All three Pi-Hole servers use unbound for upstream queries to 192.168.100.230#5335
  • dns0 has not yet been synced with gravity-sync and therefore doesn't have local DNS names, in contrast dns1 and dns2 are regularly synced.
  • I do have a Tailscale Split-VPN running in my home and:
    • some of my *.home DNS entries point to Tailscale IP addresses
    • some of my *.local DNS entries point to 10.0.0.0/8 networks which is a different house and uses Tailscale's "subnet routing" to transparently traverse the Tailscale VPN and arrive in the other house.
    • The "subnet router" is another VM running on the same 192.168.100.0/24 network and so requests for any 10 based network should hop first to this subnet-router which does not need the gateway (192.168.100.1) to do any routing for (and therefore would not appear to be the cause on this hop).
    • Tailscale's subnet router then sends it to a Tailscale IP address 100.x.y.z which is then routed out to the WAN and eventually into the other house.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.