FTL icon indicating copy to clipboard operation
FTL copied to clipboard
verified publisher icon pi-hole

DNS entry with wrong hostname for an IP

Open Steffen75 opened this issue 7 months ago • 5 comments

Versions

  • Pi-hole: v6.0.6
  • Web: v6.1
  • FTL: v6.1

Platform

  • OS and version: Debian 12
  • Platform: VM

Expected behavior

I don't know if this is the correct component for filing this bug. But I have an IPv4 DNS entry "AP1" in my Pihole that is X.X.X.240 (Wifi access point 1). I would expect to see this getting only assigned to the actual access point when browsing the web interface.

Actual behavior / bug

The actual bug is that this hostname also gets assigned to another machine. When I'm browsing the web interface I see a Client AP1 in the "Top Clients" list that makes lots of queries (like a machine that's actually used for surfing the web). Now when I look under Tools/Network I see a machine X.X.X.209 (inside my DHCP range) with a high number of queries, the hostname AP1. And there's also an entry AP1 with access point's actual IP that does a low number of queries like you would expect from an access point.

And to make things even stranger the entry in the network section also shows an IPv6 with the hostname AP1.

Has anybody seen a similar behaviour?

Steffen75 avatar May 13 '25 07:05 Steffen75

Please add a debug token.

yubiuser avatar May 13 '25 07:05 yubiuser

Now that I got access to this Pihole:

Debug Token

  • URL: https://tricorder.pi-hole.net/8QyB1x7e/

Screenshot

Image

Steffen75 avatar May 13 '25 16:05 Steffen75

Side question: How did you run the debug command? Because it's missing sudo powers...

You have defined a local DNS record for xxx.240 to be ap1.internal, but this won't stop other device to use that hostname as well. What device is your DHCP server? Your router? What is the output of

dig -x XXXX.209 @IP_OF_YOUR_DHCP_SERVER

yubiuser avatar May 14 '25 07:05 yubiuser

Side question: How did you run the debug command? Because it's missing sudo powers...

Normal user. I believe in the old fashioned root account. And since the debugging wasn't complaining...

You have defined a local DNS record for xxx.240 to be ap1.internal, but this won't stop other device to use that hostname as well. What device is your DHCP server? Your router?

Yes, it's my router.

What is the output of dig -x XXXX.209 @IP_OF_YOUR_DHCP_SERVER

;; ANSWER SECTION: 209.X.X.X.in-addr.arpa. 60 IN PTR imac-of-wife.internal.

Which is fine, correct and perfectly explains the number of DNS requests the Pihole receives from this IP.

Also my Pihole's DNS upstream is Unbound querying root servers running on the same VM. So the wrong combination of ap1.internal and X.X.X.209 must happen somewhere inside the Pihole.

Steffen75 avatar May 15 '25 05:05 Steffen75

Normal user. I believe in the old fashioned root account. And since the debugging wasn't complaining...

Yeah, this is why I was asking, because the script complaint about some missing capabilities (which do not affect debugging your particular issue), e.g.

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 6 seconds)
   Error: Insufficient permissions or capabilities (needs CAP_NET_BIND_SERVICE). Try running as root (sudo)

I moved your issue to another repo, maybe @DL6ER can tell us the debug flags to continue debugging on this.

yubiuser avatar May 15 '25 06:05 yubiuser

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

github-actions[bot] avatar Jun 14 '25 08:06 github-actions[bot]