Understanding Long term data list

(I guess we all have to start somewhere. I'm a noob here, and so this is my first question.)

Hi folks.

Today I decided to get PiHole running on my system and am going through the fun stage of tweaking things.

On the long term data then top lists:
Ok, some sites are getting hit a bit.

I kind of get that, but also kind of don't.

I am seeing a LOT of hits to the play.google.com site.
Which is fair enough in some ways, but a bit worrying in another.


AFAIK, I don't have any mobile phones/tablets/etc that would want to talk to play.google.com connected.

Granted I did have one connected a while back, but they are now all off-line.

I'm not wanting to create panic but is there a way to see who is asking for connections to the sites in the list?

(Yes, it probably is documented. I just haven't found it yet.)

Thanks in advance.

Why are you getting hits to this domain, or why is this worrying? Pi-hole is accurately reporting the DNS queries made by clients.

In the same long term data tab, but under Query Log (not Top Lists), you can display the full query log for the same time period. This shows the client that made the request for each domain. You can search for the domain of interest (play.google.com in this case) and this will filter to that domain and you can see the client(s) that requested it.

You said this but also

As the term long-term tries to tell you, this is a page that has history for a very long time back. Up to a year by default. So your device might have been reported a long time ago when you already had Pi-hole (not clear to me if you have just started using Pi-hole in terms of looking at it or if you installed it freshly).

Granted. But considering I have just installed PiHole, and there are 500+ attempts to access play.google.com it is ..... Interesting.

One thing I now realise won't be helping is how PiHole is ... connected.

My network was set up that my Modem (Router I guess is really the name) is the main DNS and all devices point to it then it has a DNS entry.

When I added PiHole, all I had to do was edit the Modem's DNS entry and point it to PiHole.

Alas I now realise this is a problem, as all requests are shown to come from it, and not the device which actually did the request.


This is a common issue of typically cheap or even free of charge (ISP-provided) routers. You could disable the router's DHCP server and use the DHCP server that is embedded in Pi-hole. It was added for almost exactly this scenario. Once all your devices reconnected to your network (and got a new DHCP lease), they will directly ask the Pi-hole and you will get individual client IP addresses. Don't forget to assign the Pi-hole a static IP address.

... 90% of my devices are fixed IP addresses.

Yes, I'm weird with this scenario.

The router is a Linksys 1900ACS, not the one given by my ISP.

I may try that soon. The problem being that I have a few WiFi devices connected.
If disabling the Routers DHCP will mean a restart: That is a (small) can of hurt I am opening because it takes the WAP off line and some of the devices don't like that happening and don't reconnect.

That means I have to fluff around resetting them.

So, it isn't that I don't want to do what you said. But in light of all/most of the devices being FIXED IP addresses, would this change anything?

I'm not familiar with this device but maybe you can configure the DNS server elsewhere? Such that the clients receive the Pi-hole as DNS server directly without the detour over the router. This is uncommon practice for "better" routers in my experience.

Fixed as in really a static configuration on the devices themselves or fixed more in the sense of static DHCP reservations?
If it is the former, you should simply go to your clients and change the configured DNS server to your Pi-hole. There is no need to keep the router in here. If you loose host names resolution though this, try configuring your router using the conditional forwarding feature.

Fixed, as in I set the IP address when building the machine.

Originally I didn't have/need a DNS. I had a local network. All the devices lived in their own little world.

Each had a file of hosts that was propagated among them and they all talked happily.

Then, came the internet! (DSL)

So: all devices were simply pointed to the router for internet access. Gateway, DHCP (not that I needed it, but.....) and DNS.

Again: that worked.

Then came the new thing called NBN - basically DSL on steroids.
New modem. Replacing the older one.
Plugged it in, set it's IP address and entered the DNS, etc and again: away it all went.
All I had to do was change one thing.

Now with PiHole, all I had to do was point the Router's DNS to PiHole and set PiHole to .... which ever DNS I want.

One change.

Yes, I can now - kind of see - what is wrong with that.

But really, that can't be true. From what I know.

Unless it is different with how DNS works. Which is probably true, as I have never really played with it.

Oh, and if it is of any meaning: I am in Australia. The backwater for technology.
(And most other things as well.)

Your clients ask the router for DNS information. Your router is configured to ask your Pi-hole. So the Pi-hole sees the request coming from you router. This explains why you are seeing the router's IP address as client. Because it is the router that is asking. Once your router got the answer from your Pi-hole it forwards (actually: proxies) the answer back to the original requestor.

This is correct and expected.

I'm in Germany. I used to have 56k modem for a long time. Then we had 768kbit (yes, this was already called DSL) until a few years ago. This jumped to 50 MBit and will soon jump to (up to) 1 GBit with FTTH. Quite a drastic evolution.

Sorry if this sounds like a spoiled 2 year old having a hissy fit.

I am seeing the address being blocked now.

Now - at time of writing - I have 4 devices (machines) turned on.
1 This machine. NUC. Ubuntu.
2 RasPi
3 RasPi
4 RasPi running PiHole.

I get that this machine may be sending requests out to play.google.com but 3 RasPies?

That is more for Mobile phones/tablets to talk to Mummy and update their Apps, etc.

What else would you need to access that site for?
Ok, I have a Smart TV. But it is turned off. I've just unplugged it to see if it is the cause.

(Small world)

I am good friends with a couple of people from your part of the world. They live here.

Thanks for the explanation of how DNS works.

('t would be nice if .... ) Ah, yes, I dream a lot.

I unplugged the TV. Still getting hits to play.google.com now.

Alas I have about.... 400 tabs open in Firefox just now. (Don't ask - long story)

But again: it puzzles me why any tab would want to report back to there.

yes, I have a few google tabs open. (Email etc) Not not the play store.
(Or not that I remember)

(maybe I should search the tabs I have open and make sure there are/not any.)

Opened a new window, and started to type the URL. No "Switch to open tab" things popped up.

Oh well. For now it can just be blocked. I'm not too worried. Just curious WHO is wanting to go there when there aren't any devices connected that use the play store.

I guess what I could do is get another machine online rather than this one and see if the count still goes up when this machine is turned off.

That way - at least - I could establish if it is (or not) this machine.

I may be repeating myself but it's worth the effort to go to your machines and tell them to use the Pi-hole as their DNS servers without the detour over the router. The insight you get into your network using the Pi-hole interface will increase a lot. You will also be able to block/permit sites selectively for individual clients, etc.

1 Like

That is actually a good point.

I shall start with the other 2 RasPies and see what happens.

Interesting. It is THIS machine. Hmmmm...... Curiouser and curiouser.

That is very interesting for me.
The linksys router I have has this thing called "Parental block" which supposedly blocks devices from internet access at certain times.

Alas the way it does it is not good. It requests the device connecting via WiFi gets a certificate from an external site.
That can't work if the router itself is blocking internet access.

I don't get how that is supposed to work, but it didn't work for my needs.

Initial testing shows me PiHole's blocking is a lot better.

I just need to find how to do that per device at times.

This is possible with a cron job and enabling/disabling prepared rules for said clients.

For instance, install a regex . (yes, only a point) for a given group. This mean block everything. Then use a cron job to enable or disable this at a given time. You can likely find others who have done precisely the same thing when you search through this forum. If you don't find anything fitting to your particular use case, open a new ticket with a clear title like "Scheduled blocking for clients" and there will maybe a large contributions from the community.

1 Like