Recent content by bibikalka

It is totally possible! I do run it a bunch of those. I just reinstalled on all of them, most were below 30.56, I think some were much older. But I guess this one slipped through on a stick. I also have my TCL TV mysteriously asking for adb access from a device I don't recognize. I have not...

Yes, I tracked down the specific malware apk. It installed itself somehow on the idle stick. I am thinking maybe some shady streaming app did that. Turned it off for the next few days, may resume later. This PiHole implementation has been very robust for me in this configuration. So everything...

Found a trojan on 192.168.1.190 that apparently was resolving some sites and creating a flood of DNS requests. Still, PiHole should not crash in those circumstances ! :D https://github.com/pi-hole/pi-hole/issues/6557#issuecomment-4015326297

@jacklul I posted a bug report here: https://github.com/pi-hole/pi-hole/issues/6557#issuecomment-4014302072 It seems those malware sites are designed to try to crash the resolver. I don't think it's an issue of EntWare version ...

Yep, it's a bunch of weird sites. Seems like some malware installed itself on one of my Firesticks that was sitting idle for about 10 days now. A suspicious app called "System update". The requests started on March 2nd, I wonder how that thing got itself installed : # grep Rate-limiting FTL.log...

@jacklul I ran into a couple of crashes with this new version. DNS stopped working twice now this week, checked PiHole, not running. Has not happened before, at least, I don't recall seeing that. This error: 2026-03-04 05:13:40.570 CST [4097M] INFO: ########## FTL terminated after 1h 6m 58s...

Updated too! So far so good! I do see the config option in there "forceDisk = false", so far memory has not been an issue - so won't turn it on. Memory use looks reasonable so far # ps wT |grep pihole 843841 pihole 43468 S < pihole-FTL 844005 pihole 43468 S < {database} pihole-FTL 844006...

@snapieee If you need per device blocking you should go with on the router PiHole. It allows really fine grained controls: https://www.snbforums.com/threads/pi-hole-directly-on-the-router-yes.90719/

Technically VPN "Exclusive" DNS is supposed to channel DNS traffic into the same VPN channel. However, it looks like when there is no VPN it behaves the same as the regular kill-switch - does not stop DNS traffic. I'll probably block the DNS requests in PiHole for this specific client so there...

So I think it's been doing these brief DNS requests whenever VPN is down since the very beginning. So far I have no seen ill effects, even if the device knows the IP, it still cannot connect to it because of the killswitch. One could possibly block port 53 access on the router to killswitched...

It's identical to when the stock DNS on 192.168.1.1 does resolutions. A killswitched device can call the main router 192.168.1.1 for DNS, and you would see those too since obviously the router itself is not killswitched. It's just that a PiHole instance made the monitoring more accessible. Now...

The device in question is 192.168.1.9. When there is a VPN connection, its DNS queries flow through the VPN tunnel. When there is no VPN connection it's DNS queries go back to the router (PiHole in my case). Naturally, neither the router nor PiHole are killswitched! :) It seems 192.168.1.9...

No, it definitely was not cached. I sorted DNS queries by the longest time, and that's how I noticed this odd behavior so PiHole was talking to a real site. Unless one is actively looking - cannot see anything :) So I don't think that computer was actually talking with anybody outside, only...

admin@RT-AC86U-9988:/tmp/home/root# iptables -v -L FORWARD | grep KILLMON 45329 5311K KILLMON all -- br+ eth0 anywhere anywhere admin@RT-AC86U-9988:/tmp/home/root# iptables -v -L KILLMON Chain KILLMON (1 references) pkts bytes target prot opt in out source...

@Viktor Jaep I was looking at my PiHole logs, and noticed that for a brief moment a computer that is always tunneled through VPN is shown as requesting DNS outside of the tunnel: 2026-02-15 18:34:55 A 9.rarbg.to honda ... 2026-02-15 18:37:13 A 9.rarbg.me honda...