Warning in dnsmasq core: ignoring query from non-local network 169.254.179.25
I understand this is happening because I've the pi replying to local queries only, but when I search this ip it says begon ip, my pi is behind a router/nat/openwrt firewall, how did this external ip reach it, and where is this coming from "what does begon here mean?"? should I be concerned?
debug token : https://tricorder.pi-hole.net/xCJrHji3/
That range is for IPV4 LLA ( local link addresses ). Perhaps a device failed to get a lease from your DHCP Server? Not sure. I would suggest you generate a debug log from the admin page Tools > Generate debug log and post the token for devs / moderators to review.
added the debug token
Hello mahos, thanks, you did the right thing by checking and asking. There's most likely nothing to worry about here. As mentioned by CallMeCurious the addresses in the range
169.254.0.0 - 169.254.255.255
are called Link Local addresses. If a network adapter cannot get an address from your DHCP server then it usually performs an "auto configure" and gives itself an address from this Link Local range instead. If multiple computers do that, now they each have a different Link Local address and can still communicate, even though there's no DHCP server managing the addressing. It's useful for connecting two ethernet ports directly to each other. They each give themselves a 169.254 address and can communicate.
You can turn Link Local off or on, on an adapter, but it's usually on by default. Normally you'll never see this address range because your DHCP server will be looking after addressing, typically in the 192.168 range on a home network. In that case the adapter gets one of those addresses instead and has no need to auto configure.
The most likely cause is that your computer's network adapter couldn't communicate with the DHCP server (your router in your case) and so gave up and assigned itself a Link Local address instead. Then the glitch resolved itself and Pi-hole noticed a DNS request from that address, and rejected it as it's from a different address space and you have the default setting of Allow only local requests selected.
I would be inclined to delete the warning and see if it happens again. If it keeps happening reliably, you can explore what the cause might be. For example some mesh networks are slow to boot and become available, and in that time a computer might be ready and give up with DHCP, so something like that might be a cause for some people.
The name "Bogon" is given to these address ranges that are not intended for the public internet. You can see a list of them here. You can see the familiar 192.168 range on there too.
It is possible to see these kind of IPs appearing in logs when they shouldn't be as a result of malicious attacks, where the addresses are spoofed to appear in these ranges, making them untraceable. However it's much more likely that the cause in your case is a network adapter that simply failed to reach a DHCP server and so performed an auto configure.
Your debug log looks okay, and your Pi-hole is on the 192.168 network with your router as the DHCP server correctly giving out the Pi-hole's IP as the DNS server, so it all looks good. Keep an eye on it and if it keeps reappearing, see if you can identify a pattern, for example it's always a particular computer and only when it's been booted for the first time, that kind of thing. That'll help confirm what's going on.
I see this in my pihole.log once a week every week at around the same time and ignore it. An old HP PC running windows 10 but normally powered down wakes up and makes numerous DHCPDISCOVER messages before attempting to use a 169.254. address. It sorts itself out a minute or two later. I attribute it to it being the sole device on the end of a powerline link.
thank you for all the useful info
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.