Comment on Pi-Hole Local DNS Record Spamming Query Log
NocturnalEngineer@lemmy.world 11 months ago
Sounds like the DNS TTL (Time to Live) is set extremely low, preventing clients caching the record. Each time your browser makes a request (such as updating the graphs), it’s submitting a new DNS query each time.
According to this post, this is intentional behaviour for PiHole to support situations where you change a domain from the block to allowed. The same post also references the necessary file modifications, should you wish to extend the TTL regardless.
The only downside you’ll notice is a delay after whitlisting a domain, and it actually being unblocked. You’ll need to wait for the TTL to expire. Setting it to something like 15 minutes would be a reasonable compromise.
otl@lemmy.sdf.org 11 months ago
That would be surprising; most HTTP clients reuse network connections and connections are deliberately kept open to reduce the overhead of reopening a connection (including latency in doing a DNS lookup).
Then again, I’ve seen worse ;)
graveyardchickenhunt@lemmy.world 11 months ago
Not that unusual depending on the software. A lot of them honour the TTL literally.
One enterprise software I know that does it is VMware vcenter. I’m sure there’s plenty of consumer software that retries excessively.
ShellMonkey@lemmy.socdojo.com 11 months ago
It would make sense in this case, blocking via a proxy or firewall is a forced breaking of the link where this is just manipulating otherwise standard flows to accomplish something similar but they try to keep that feel where a change happens when you change it not after thing. If it was the pinhole setting the TTL though that should be the case for most any domain not just the duckdns.org one.
That leads me to think it’s actually the DDNS provider with the short TTL not it being cut down by the pinhole. When coming external the response comes from the public resolver and never gets logged to the pinhole, internally since the pi isn’t the authority it sends a recursive downstream that gets logged.
A means of fixing it might be creating a separate internal domain (a .local or whatever non routable you like) and setting a static response for that where the pinhole is the authority. It should keep it from having to check from a place (duckdns) that by design is meant to change frequently so they probably do have a 0 TTL.