What could be causing a number of requests to resolve to client 10.4.0.1

My setup is a bit non-standard. I have pi-hole running in a linux container. I am seeing a bunch of requests in the top clients table coming back to 10.4.0.1 which is the gateway of the lxc-bridge. Is there a something in my setup causing this?

pihole.toml

Note that I omitted the commented lines to just show the settings with:

grep -v -e '#' -e '^$' pihole.toml
[dns]
  upstreams = [
    "1.1.1.1",
    "1.0.0.1"
  CNAMEdeepInspect = true
  blockESNI = true
  EDNS0ECS = true
  ignoreLocalhost = false
  showDNSSEC = true
  piholePTR = "PI.HOLE"
  replyWhenBusy = "ALLOW"
  blockTTL = 2
  hosts = []
  domain = "lan"
  bogusPriv = true
  hostRecord = ""
  queryLogging = true
  cnameRecords = []
  port = 53
  revServers = [
    "true,10.9.0.0/16,10.9.8.1,lan"
  [dns.cache]
    size = 10000
    optimizer = 3600
    upstreamBlockedTTL = 86400
  [dns.blocking]
    active = true
    mode = "NULL"
    edns = "TEXT"
  [dns.specialDomains]
    mozillaCanary = true
    iCloudPrivateRelay = true
    [dns.reply.host]
      force4 = false
      IPv4 = ""
      force6 = false
      IPv6 = ""
    [dns.reply.blocking]
      force4 = false
      IPv4 = ""
      force6 = false
      IPv6 = ""
  [dns.rateLimit]
    interval = 60
[dhcp]
  active = false
  start = ""
  end = ""
  router = ""
  netmask = ""
  leaseTime = ""
  ipv6 = false
  rapidCommit = false
  multiDNS = false
  logging = false
  ignoreUnknownClients = false
  hosts = []
  [ntp.ipv4]
    address = ""
  [ntp.ipv6]
    address = ""
  [ntp.sync]
    server = "pool.ntp.org"
    interval = 3600
    count = 8
    [ntp.sync.rtc]
      set = false
      device = ""
      utc = true
[resolver]
  resolveIPv4 = true
  resolveIPv6 = true
  networkNames = true
  refreshNames = "IPV4_ONLY"
[database]
  DBimport = true
  maxDBdays = 91
  useWAL = true
  [database.network]
    parseARPcache = true
    expire = 91
[webserver]
  domain = "pi.hole"
  acl = ""
  port = "80o,443os,[::]:80o,[::]:443os"
  threads = 50
  headers = [
    "Content-Security-Policy: default-src 'self' 'unsafe-inline';",
    "X-Frame-Options: DENY",
    "X-XSS-Protection: 0",
    "X-Content-Type-Options: nosniff",
    "Referrer-Policy: strict-origin-when-cross-origin"
  ]
  [webserver.session]
    timeout = 1800
    restore = true
  [webserver.tls]
    cert = "/etc/pihole/tls.pem"
  [webserver.paths]
    webroot = "/var/www/html"
    webhome = "/admin/"
  [webserver.interface]
    boxed = true
  [webserver.api]
    max_sessions = 16
    prettyJSON = false
    pwhash = ""
    totp_secret = ""
    app_pwhash = ""
    app_sudo = false
    cli_pw = true
    excludeClients = []
    excludeDomains = []
    maxHistory = 86400
    maxClients = 10
    client_history_global_max = true
    allow_destructive = true
    [webserver.api.temp]
      unit = "C"
[files]
  database = "/etc/pihole/pihole-FTL.db"
  gravity = "/etc/pihole/gravity.db"
  gravity_tmp = "/tmp"
  macvendor = "/etc/pihole/macvendor.db"
  setupVars = "/etc/pihole/setupVars.conf"
  pcap = ""
  [files.log]
    ftl = "/run/log/pihole/FTL.log"
    dnsmasq = "/run/log/pihole/pihole.log"
    webserver = "/run/log/pihole/webserver.log"
[misc]
  privacylevel = 0
  delay_startup = 0
  nice = -10
  addr2line = true
  etc_dnsmasq_d = false
  dnsmasq_lines = []
  extraLogging = false
  readOnly = false
  [misc.check]
    load = true
    shmem = 90
    disk = 90
[debug]
  database = false
  networking = false
  locks = false
  queries = false
  flags = false
  shmem = false
  gc = false
  arp = false
  regex = false
  api = false
  tls = false
  overtime = false
  status = false
  caps = false
  dnssec = false
  vectors = false
  resolver = false
  edns0 = false
  clients = false
  aliasclients = false
  events = false
  helper = false
  config = false
  inotify = false
  webserver = false
  extra = false
  reserved = false
  ntp = false
  netlink = false
  all = false

I don't see anything that stands out from the toml.

What are you using for the lxc setup? Could there be an entry in /etc/resolv.conf from the template that is hijacking queries?

In the container, /etc/resolv.conf just contains:

nameserver 1.1.1.1

The container config is pretty vanilla:

lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = x86_64
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 10.0.4.250/24
lxc.net.0.ipv4.gateway = 10.0.4.1
lxc.net.0.hwaddr = 00:16:3e:e4:ed:32

lxc.rootfs.path = overlay:/mnt/data/lxc/base/rootfs:/mnt/data/lxc/pihole/overlay/delta
lxc.uts.name = pihole

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.