Router Bombarding Pi Hole with Requests!

Hello

I'm new to OpenWRT and I'm not sure how to solve this.

I have noticed that my OpenWRT router is repeating the DNS requests of other PCs and phones to Pi Hole. Looking at the Pi Hole query log, the router sometimes makes the same request 20 times in the same millisecond. The router therefore gets rate-limited few times a day though I have increased the limit to 20,000 requests per minute. The devices initially makes the requests to Pi Hole and then the router repeats it many times. Now my blocked percentage is 2% while it was around 45% before (5M+ domains on adlist)

Here is my setup:

  • Pi Hole runs as docker container on a raspberry pi
  • Pi Hole runs with default settings and there is no conditional forwarding.
  • Router handles DHCP and DHPC points to Raspberry Pi as DNS
  • All devices have static leases on router

Here is my OpenWRT config /etc/config/dhcp :

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option strictorder '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '5m'
	option dhcpv4 'server'
	list dhcp_option '6,192.168.100.50'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'DEVICE 1'
	option dns '1'
	option mac 'MAC ADDRESS'
	option ip '192.168.100.10'

All other devices are configured as Device 1 above.

Would appreciate any help.

Thanks!

I believe the most important question is which are the DNS server configured in the Pi Hole and also do you have any local name resolution in the pihole (conditional forwarding)? Also did you disable reverse lookups?

I think we would need to see the log from the router and the pihole for the respective time of such requests.
You might also want to run tcpdump to check if the Router receives DNS requests at the given time.

If you have rules catching all outgoing dns requests, and redirecting them to the pi, I hope you've made an exception rule for the pi....

It seems at some point in the past I have added the Pi's IP address in the WAN DNS. I think I wanted to ensure that the router itself uses the PI for DNS. I was always under the impression that I removed it as It was only for tests.

Once I removed the IP of the PI, everything is normal now.

That said, only recently I started seeing this behavior of huge amounts of requests by the router while I've added the PI in the WAN DNS so many months ago. I wonder if recent Pi Hole updates contributed to this effect.

In all cases, this is solved for now. Thanks for all the replies.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.