Router flooding DNS with PTR requests

Hi,

I'm running v23.05.3 (since a few minutes ago) and, before that, the snapshot for my GL-MT6000.

Everyday, when my timed plug turns one, the router turns on and immediately starts flooding my pi-hole with PTR requests, very soon reaching the cut rate of 2000 requests per second.

It feels like a dns loop, whereby the router queries the pi for local IPs and the pi queries the router which is configured as dhcp server (this is on purpose and I do not want to use pi-hole as dhcp server).

I have read a lot of similar threads but not managed to find a solution. I have tried to assign static leases to all the devices in the house and have defined hostnames via Luci in Network > DHCP and DNS > Hostnames.

Most requests are XX.dns-sd._udp.0.8.168.192.in-addr.arp, which I understand are discovery service requests. Pi-hole marks them as being sent to the router, which would confirm the loop.

I am therefore wondering why the router makes so many requests and why it won't resolve them itself since it should know the answer as the dhcp server. Of course, since I am new to networking, I may be missing something obvious and feel free to ask for any log or file of interest.

Thanks!

If it’s a loop due to PiHole conditional forwarding, try adding this entry on the router:

This tells the router not to forward such PTR queries to the upstream server (PiHole in your case), only answer them locally.

Thanks @dave14305, I'll give that a try. Two questions:

  • In the explanation bubble underneath, it reads "Forward specific domain queries to specific upstream servers.", isn't that the opposite of what you say? Or does the absence of an IP after the "/" mean that it does not get forwarded?
  • in case this works (which I guess I will see between now and tomorrow morning), does this mean that the hostnames were not necessary and can be removed (static leases will remain, but the hostnames may be redundant)

Correct.

Also correct.

thanks! I'll report in the morrow.

Hi @dave14305, happy to report that this indeed took care of all the requests we mentioned. This morning, when the router fired up, there were only around 50 requests instead of 4,000. So that's clear progress.

The only thing sent from the router are now many time requests. Same as before, I am sure that these are needed for proper time management, but it is normal that they seem to loop so much?

I don't think that is what it going on:
Since your router is handling DHCP and is sending DNS requests to the Pi-hole, the only client the Pi-hole sees is the router.

It looks like your router is trying to get the time but since you turned it off for hours it is so out of sync with the real time it is failing.

Frankly, I'm surprised DNS is working at all.
:spiral_notepad: Are you pulling the plug on the Pi-hole too?
I hope not: that will eventually corrupt it.

Neither should be turned off everyday but if the Pi-hole does not have a clean shutdown you will eventually have to build it again.

Not on the pi, no, as that would indeed be damaging (and might indeed make DNS requests difficult/impossible to answer when the router wakes up). But both the ISP modem (in bridge mode) and the router are on a timer plug and get disconnected at night.

Well, it is not a good idea and I think you are finding just one of many reasons why.

Actually, they disconnected also during the day. Since we only use internet at home in the morning and evening, this is when the devices are turned on. Quite frankly, if the only downside is a few extra requests to time servers, I can live with that. At any point, energy consumption and limitation is a more important factor to me.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.