What's new

RT-AC68U, 386.9, constant DNS lookups of www.google.com

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

JoeTheDownloader

Occasional Visitor
This is more a "what's going on" than an actual problem, but I learn a lot this way so here goes and thanks in advance for any help:

Scenario:
  • RT-AC68U, Merlin 386.9, henceforth "the router"
  • Everything is working just fine
  • The router is the D/G for the local LAN only, a flat /24 network
  • DHCP is on the router only - it hands out DHCP leases with the DNS pointing to a pi-hole (which is itself not a DHCP server)
  • DNSDirector is also configured on the router to push any stubborn devices towards the pi-hole
  • The router's own DNS is pointed at Google 8.8.8.8/8.8.4.4 with DNSSEC enabled, DNS Rebind protection on and Prevent client auto DoH set to auto. DNS priv protocol is set to none.
  • The router has a DNSDirector exemption allowing the pi-hole to be exempt from filtering
  • The pi-hole's own DNS is set to be the router, since I need to resolve internal things too
  • Forward local domain queries to upstream DNS is enabled since I use my domain name internally but also externally to give split horizon DNS for convenience
Question:

The pi-hole receives frequent DNS requests for www.google.com (A and AAAA records) and occasional other subdomains of google from the router itself.

I don't understand why the router is generating this traffic, or if perhaps it is forwarding it on behalf of another device. I don't understand why it is forwarding it to the pi-hole recursively, rather than looking it up using the DNS configured on the WAN.

Weird!

Thanks again for reading, if indeed you still are.
 
If I understand what you posted; are you saying you set the router as the DNS server on the Pi-Hole > Setting > DNS page? If so I assume you are using the custom DNS field correct? If so why have you set your router and Pi-hole up that way?

Normally the intial general setup of an Asus router running Merlin and using Pi-Hole along with DNS Director would go something like what is detailed in the following link:
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

When using DNS Director with Pi-Hole it shouldn't be uncommon to see router DNS request entries show up in the Pi-Hole query list. In your case because you have configured your router (I assume WAN DNS entries) for Google DNS servers and have configured your Pi-Hole to use the router as the DNS that would may explain why you are seeing Google DNS requests showing up from the router.

There are ways to block a DNS server request using the LAN> Route tab in the router's GUI. An example of how to do so is explained in this link: https://12vpx.com/docs/block-google-dns/asus
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top