The issue I am facing:
Some device on the local network is exceeding the maximum allowed number of DNS requests.
Basically can't access internet.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNSMASQ_WARN Warning in `dnsmasq` core:
Maximum number of concurrent DNS queries reached (max: 150)
Details about my system:
Running Pihole on Raspberry Pi Zero W with
Unbound as Upstream DNS.
DNSSEC is enabled
DHCP is not enabled
Conditional forwarding is not enabled
I suspect that the abusive device is a Roku Streaming Player.
It looks like it knows it is dealing with a Pihole and is just brute forcing it to jam the Pihole???
Is there any workaround for abusive devices?
echo ">top-clients >quit" | nc localhost 4711
0 16281 :: pi.hole
1 13397 192.168.0.89 Roku
$ echo ">top-ads >quit" | nc localhost 4711
0 7650 scribe.logs.roku.com
Look at the query log
13 QUERIES PER SECOND
Apr 4 22:44:20: query[A] cloudservices.roku.com from 192.168.0.89
Apr 4 22:44:20: exactly blacklisted cloudservices.roku.com is 0.0.0.0
Apr 4 22:44:20: query[A] scribe.logs.roku.com from 192.168.0.89
Apr 4 22:44:20: gravity blocked scribe.logs.roku.com is 0.0.0.0
Apr 4 22:44:20: query[A] cloudservices.roku.com from 192.168.0.89
Apr 4 22:44:20: exactly blacklisted cloudservices.roku.com is 0.0.0.0
Apr 4 22:44:20: query[A] scribe.logs.roku.com from 192.168.0.89
Apr 4 22:44:20: gravity blocked scribe.logs.roku.com is 0.0.0.0
Apr 4 22:44:20: query[A] scribe.logs.roku.com from 192.168.0.89
Apr 4 22:44:20: gravity blocked scribe.logs.roku.com is 0.0.0.0
Apr 4 22:44:20: query[A] scribe.logs.roku.com from 192.168.0.89
Apr 4 22:44:20: gravity blocked scribe.logs.roku.com is 0.0.0.0
Apr 4 22:44:20: query[A] scribe.logs.roku.com from 192.168.0.89
Apr 4 22:44:20: gravity blocked scribe.logs.roku.com is 0.0.0.0
Apr 4 22:44:21: query[AAAA] hulu.com from 192.168.0.89
Long term Data shows in the last 7 days 65,000 queries to scribe.roku.com