Hi,
I have a Pi-Hole set up on my home network, which I access from anywhere through a SWAG reverse proxy at https://pihole.mydomain.org. I have set up a local DNS record in Pi-Hole to point mydomain.org to the local IP of the SWAG server.
Access from anywhere (local or not) works well. It’s just that when I am accessing some services (including the Pi-Hole) from my desktop through the reverse proxy via the DNS record (i.e. on the LAN), the Pi-Hole log gets completely spammed with requests like in the attached image. To be clear, I cropped the image, but it is pages and pages of the same. This is also the case for e.g. the qBittorrent Docker container I have set-up. So I guess it’s for ‘live’ pages which update their stats continuously, which makes sense. But the Pi-Hole log is unusable in this state. This does not occur when I am accessing the services externally, through the same reverse proxy, or when I access them locally with their local IP.
The thing is, I have already selected Never forward non-FQDN A and AAAA queries in the Pi-Hole settings. I also have Never forward reverse lookups for private IP ranges, Use DNSSEC, and Allow only local requests, but they seem less relevant.
The Pi-Hole, SWAG server, and PC I am accessing them from are three different machines on my LAN.
Any way to filter out just those queries? I obviously want to preserve all the other legitimate queries coming from my desktop.
Sounds like the DNS TTL (Time to Live) is set extremely low, preventing clients caching the record. Each time your browser makes a request (such as updating the graphs), it’s submitting a new DNS query each time.
According to this post, this is intentional behaviour for PiHole to support situations where you change a domain from the block to allowed. The same post also references the necessary file modifications, should you wish to extend the TTL regardless.
The only downside you’ll notice is a delay after whitlisting a domain, and it actually being unblocked. You’ll need to wait for the TTL to expire. Setting it to something like 15 minutes would be a reasonable compromise.
Could this be because you’ve set the forwarded address to be insecure in the reverse proxy essentially doing SSL termination at the reverse proxy? To test this theory, set the destination local address to also use https not just http
You could start troubleshooting by manually executing DNS queries from
mainDesktop.lan, and watching the DNS server logs. Not sure what OS the desktop is running, but assuming Windows you could run:nslookup -type=A pihole.example.duckdns.org.On macOS/Linux/etc.:
dig -t A pihole.example.duckdns.org.This could rule out behaviour from the proxy or applications.
