Unknown DNS Requests

Hi,

Does anyone know what these are pictures included. It seems to be constant, I have 1 device using pihole which is powered off from 23:00 - 18:00 although looking at the traffic these are still being requested by pi.hole and localhost

1.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.4.0.0.7.4.6.0.6.2.ip6.arpa
1.1.1.in-addr.arpa
1.1.in-addr.arpa
1.1.1.1.in-addr.arpa
254.1.168.192.in-addr.arpa
0.0.1.in-addr.arpa
1.in-addr.arpa)
0.1.in-addr.arpa
1.0.0.1.in-addr.arpat
0.0.7.4.6.0.6.2.ip6.arpas
0.7.4.6.0.6.2.ip6.arpa
7.4.6.0.6.2.ip6.arpa
4.6.0.6.2.ip6.arpa



These are reverse IP queries from Pi-hole (PTR requests). As you can see, they are happening on the hour.

This is Pi-hole determining the names of your DNS servers and the clients on your network.

A PTR request shows the IP in reverse order, so 254.1.168.192.in-addr.arpa is asking the question "what is the name of the client located at IP 192.168.1.254".

1.1.1.1.in-addr.arpa is looking for the name of the Cloudflare DNS server.

The related DS and DNSKEY transactions are due to DNSSEC.

https://pi-hole.net/blog/2021/12/12/understanding-dnssec-validation-using-pi-holes-query-log/#page-content

This is normal activity for Pi-hole.

Ah that clears things up a little thanks.

Just two other things if I untick Use DNSSEC in settings does this disable it or just hide the information on the query logs?

I am using Cloudflare as my upstream so 1.1.1.1 & 1.0.0.1 although on the dashboard it just shows one.one.one.one four times? I did read that this is known to happen but should it not list the secondary as well?

Untitled

This is how Cloudflare reports their DNS server names. They all show as one.one.one.one.

root@nanopi:~# nslookup 1.1.1.1
1.1.1.1.in-addr.arpa    name = one.one.one.one.

root@nanopi:~# nslookup 1.0.0.1
1.0.0.1.in-addr.arpa    name = one.one.one.one.

Thanks for your help its much appreciated

One last thing if I untick Use DNSSEC in settings does this disable it or just hide the information on the query logs?

As the UI states, Use DNSSEC toggles DNSSEC validation in Pi-hole on and off.

If you just want to hide Pi-hole's DNSSEC related requests, set SHOW_DNSSEC=false in pihole-FTL.conf.

Not sure if I'm being stupid but if I disable dnssec and use the DNSSEC Resolver it still shows as (Yes, your DNS resolver validates DNSSEC signatures)?

https://dnssec.vs.uni-due.de/

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.