Hi,
I followed the documentation, but in AdGuard's logs, I see a lot of "." queries coming from all my servers. Is this normal? Could there be an error in my configuration?
Without the configuration, how would we know ?
My first question was whether it was normal. I conclude that it is not 
. Here is my config:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '0'
option local '/starfleet/'
option domain 'starfleet'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option port '54'
list server '192.168.1.254'
config dhcp 'lan'
option interface 'lan'
option start '192'
option limit '14'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
option ra_default '1'
list ra_flags 'none'
list dhcp_option '6,192.168.1.254'
list dhcp_option '3,192.168.1.254'
list dns '2a01:xxx:xxx:xxx::254'
list dns 'fd20:xxx:xxx::254'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '1h'
config host
option ip '192.168.1.1'
option dns '1'
option leasetime '10d'
option name 'deepspace9'
option mac '9C:xx:xx:xx:xx:xx'
[...]
That's dnsmasq, which you obviously don't use.
Witch config do you want ? AdGuard ? OpenWRT ?
If adguard is the dns, then we need it's config ...
1 Like
You are using adguardhome, so send us what is your config about AGH.
1 Like
OK, I thought that since my internal DNS yyy.starfleet are managed by OpenWRT, the problem was coming from there...
http:
pprof:
port: 6060
enabled: false
address: 192.168.1.254:8080
session_ttl: 720h
users:
- name: YYY
password: ..........
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: fr
theme: auto
dns:
bind_hosts:
- 192.168.1.254
- 127.0.0.1
port: 53
anonymize_client_ip: false
ratelimit: 20
ratelimit_subnet_len_ipv4: 24
ratelimit_subnet_len_ipv6: 56
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- '[/starfleet/]127.0.0.1:54'
- '[//]127.0.0.1:54'
- https://dns.quad9.net/dns-query
- https://dns.cloudflare.com/dns-query
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
fallback_dns: []
upstream_mode: load_balance
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 300
cache_ttl_max: 3600
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: true
edns_client_subnet:
custom_ip: ""
enabled: false
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
bootstrap_prefer_ipv6: false
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams:
- 192.168.1.254:54
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
serve_plain_dns: true
hostsfile_enabled: true
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
querylog:
dir_path: ""
ignored: []
interval: 72h
size_memory: 1000
enabled: true
file_enabled: true
statistics:
dir_path: ""
ignored: []
interval: 2160h
enabled: true
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt
name: NoCoin Filter List
id: 1712842195
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt
name: Malicious URL Blocklist (URLHaus)
id: 1712842196
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt
name: Scam Blocklist by DurableNapkin
id: 1712842198
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt
name: Peter Lowe's Blocklist
id: 1712842199
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt
name: Dandelion Sprout's Game Console Adblock List
id: 1712842200
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt
name: Perflyst and Dandelion Sprout's Smart-TV Blocklist
id: 1712842201
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt
name: WindowsSpyBlocker - Hosts spy rules
id: 1712842202
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt
name: Phishing URL Blocklist (PhishTank and OpenPhish)
id: 1712842203
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt
name: Dandelion Sprout's Anti-Malware List
id: 1712842204
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt
name: AdGuard DNS Popup Hosts filter
id: 1734696303
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt
name: Phishing Army
id: 1734696304
whitelist_filters: []
user_rules:
- '########################################################################### free'
- '@@||freebox.fr^'
- '@@||free.fr^'
- '###################################################################### App Dacia'
- '@@||asnapieu.com^'
- '@@||gigya.com^'
- '######################################################################### Divers'
- '@@||my.aliexpress.com^'
- '@@||s.click.aliexpress.com^'
- '@@||measure.office.com^'
- ""
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
filtering:
blocking_ipv4: ""
blocking_ipv6: ""
blocked_services:
schedule:
time_zone: Europe/Paris
ids: []
protection_disabled_until: null
safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: true
google: true
pixabay: true
yandex: true
youtube: true
blocking_mode: default
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: []
safe_fs_patterns:
- /tmp/adguardhome/data/userfilters/*
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
filters_update_interval: 24
blocked_response_ttl: 300
filtering_enabled: true
parental_enabled: false
safebrowsing_enabled: true
protection_enabled: true
clients:
runtime_sources:
whois: true
arp: true
rdns: false
dhcp: true
hosts: true
persistent:
- safe_search:
enabled: false
bing: true
duckduckgo: true
ecosia: false
google: true
pixabay: true
yandex: true
youtube: true
blocked_services:
schedule:
time_zone: Europe/Paris
ids: []
name: Guillaume
ids:
- 192.168.1.6
tags:
- user_admin
upstreams: []
uid: ...............
upstreams_cache_size: 0
upstreams_cache_enabled: false
use_global_settings: true
filtering_enabled: false
parental_enabled: false
safebrowsing_enabled: false
use_global_blocked_services: true
ignore_querylog: false
ignore_statistics: false
- safe_search:
enabled: true
bing: true
duckduckgo: true
ecosia: false
google: true
pixabay: true
yandex: true
youtube: true
blocked_services:
schedule:
time_zone: Europe/Paris
ids:
- ebay
- imgur
- iqiyi
- kakaotalk
- kik
- lazada
- mail_ru
- ok
- onlyfans
- rockstar_games
- telegram
- tiktok
- tinder
- twitter
- vk
- voot
- wargaming
- wechat
- weibo
- zhihu
- douban
- hbomax
- linkedin
- origin
- qq
- shopee
- aliexpress
- claro
- valorant
- reddit
- 4chan
- betano
- betfair
- betway
- bigo_live
- blaze
- bluesky
- 500px
- coolapk
- directvgo
- kook
- line
- looke
- nebula
- mercado_libre
- olvid
- paramountplus
- plenty_of_fish
- signal
- shein
- temu
- wizz
- xiaohongshu
- yy
- tumblr
- rakuten_viki
- privacy
- pluto_tv
- plex
- peacock_tv
- canais_globo
name: Lilian
ids:
- 192.168.1.3
- 192.168.1.11
- 192.168.1.16
tags:
- user_child
upstreams: []
uid: ...............
upstreams_cache_size: 0
upstreams_cache_enabled: false
use_global_settings: false
filtering_enabled: true
parental_enabled: true
safebrowsing_enabled: true
use_global_blocked_services: false
ignore_querylog: false
ignore_statistics: false
log:
enabled: true
file: ""
max_backups: 0
max_size: 100
max_age: 3
compress: false
local_time: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 29
thnx, now post a "." log entry ...
The DNS query type is NS, which is really specific.
It seems that the devices in question are trying to update the list of currently available root DNS servers using something like "nslookup -type=ns .", but it's up to you to verify that theory...
1 Like