Does anyone know what these are pictures included. It seems to be constant, I have 1 device using pihole which is powered off from 23:00 - 18:00 although looking at the traffic these are still being requested by pi.hole and localhost
These are reverse IP queries from Pi-hole (PTR requests). As you can see, they are happening on the hour.
This is Pi-hole determining the names of your DNS servers and the clients on your network.
A PTR request shows the IP in reverse order, so 254.1.168.192.in-addr.arpa is asking the question "what is the name of the client located at IP 192.168.1.254".
1.1.1.1.in-addr.arpa is looking for the name of the Cloudflare DNS server.
The related DS and DNSKEY transactions are due to DNSSEC.
Just two other things if I untick Use DNSSEC in settings does this disable it or just hide the information on the query logs?
I am using Cloudflare as my upstream so 1.1.1.1 & 1.0.0.1 although on the dashboard it just shows one.one.one.one four times? I did read that this is known to happen but should it not list the secondary as well?
Not sure if I'm being stupid but if I disable dnssec and use the DNSSEC Resolver it still shows as (Yes, your DNS resolver validates DNSSEC signatures)?