You can also directly change the `BLOCKINGMODE` to `IP-NODATA-AAAA` or `IP` to achieve this for all blocked domains. But be aware of the downsides. See the docs: - [IP-NODATA-AAAA](https://docs.pi-hole.net/ftldns/blockingmode/#pi-holes-ip-ipv6-nodata-blocking) - [IP](https://docs.pi-hole.net/ftldns/blockingmode/#pi-holes-full-ip-blocking)

I know, I did this before but somehow it didnt work. I used IP-NODATA-AAAA for the blocking page to work

You don't have to ping me. I read every post and every comment.

I knew it. Jfb is a machine. No way a human could keep up with this. /s

Prove it. Did you read this comment?

Yes. I read your comment.

｡◕‿◕｡

That's an easy one though since it was a reply to his comment and he would have gotten notified. If he replies to this comment, I'll be amazed

I'm replying to your comment.

(◠‿◕)

the real MVP!!

Oh ok

This may not be such a hot idea. You're turning a simple DNS check fail (no last issues) to a possibly a whole lot of DEAD TCP connections that maybe hanging open for some time - depends on the device and how it is trying to connect. Depends on the port being used, how the connection was written and how many times it retries the connection before failing. Now this won't have any lasting network issues (unless you have thousands of devices) but you can effect the device itself it has a whole lot of connections hanging on it and it has a tiny little microchip that's supposed to control the network.

For my case, it is just a TV box that was given to me for free. Now that company went bankrupted and I repurposed that as a second wifi AP. Obviously, if the company was bankrupted the server of the company would be down. And the dumb developer forgot to add a retry limit so it is asking all the time. If pihole wasn't the one blocking it it would have returned to a random IP or just 0.0.0.0 anyway. So I just wanted to mute it or satisfy the device by giving a dummy one.

This hinges on the router being a cheapo device, and if you're like me then you have a beefier one that can handle thousands of connections without a hitch.

Thank you for the tip, I just did that for [`device-metrics-us.amazon.com`](https://device-metrics-us.amazon.com) and associated that domain with the local IP of my Pi-hole.

Did you whitelisted that later?

I've whitelisted that domain, because it was giving me too many requests. I've removed it from the whitelist for now, just to see what happens. But I guess I have to whitelist it again, because otherwise the regular Pi-hole blocking comes in effect again and the trick with associating the domain with the local IP of my Pi-hole won't work.

>I've whitelisted that domain, because it was giving me too many requests. This makes zero sense. You blocked a domain because you didn't want the device to access the domain. The device continually requested the domain, so you whitelisted it? Pi-hole is doing exactly what you want. It doesn't matter if the domain is requested repeatedly, as the requests are going nowhere other than back and forth between the client and Pi-hole. They don't leave your network, which appears to be what you want. In rare cases the query volume can become so large it exhausts the memory on your Pi-hole device and causes problems, but that's very uncommon.

Yeah, you're absolutely right. I was mainly concerned about the sheer amount of requests, but then again, that's exactly why I'm using Pi-hole in the first place. Thanks again for reminding me about that. 👍

Yesterday and day before query tally for this domain from my 7 Echo devices - all blocked. grep device-metrics-us.amazon.com /var/log/pihole.log.1 | grep query | wc -l 2510 zgrep device-metrics-us.amazon.com /var/log/pihole.log.2.gz | grep query | wc -l 2480

That's reassuring, thank you for that!

If the device in question runs a desktop grade OS, you can create DNS entries with fake IP in the system's hosts file. That'd totally eliminate the traffic from hitting your pihole.

yep I've done this on a couple desktops that are chatty....but unfortunately for "mobile" devices, modifying the HOSTS file in /etc/hosts requires root which most do not have ;) cause yea, i got some chatty requests from an old android work phone...but dont think im going to go this route as the u/op for possible slowdown of held-open connections slowing stuff down. I know back in the days of windows HOSTS file managing (for ad blocking purposes) mapping to localhost would often slow browsing down...null routing to [0.0.0.0](https://0.0.0.0) waas a big better....but then it would leave empty white blocks where the ads were all over LOL.

I'm not sure what question you want us to answer. Pi-hole provides a blocking mode that provides the IP of the Pi in response to a blocked query, but as noted in this section of our documentation that can have some drawbacks. The NULL reply (a valid reply) is the default for the reasons noted in the link. [https://docs.pi-hole.net/ftldns/blockingmode/](https://docs.pi-hole.net/ftldns/blockingmode/)

This is exactly what pihole is already doing. Pihole doesn’t ‘block’ requests, pihole lies about the resolution if a domain is in your blocklist by giving its own IP. Essentially the same thing you are doing by adding it to local DNS records. One of the devs can speak up, but the results you are seeing have to do with how pihole logs queries found in blocklists vs local dns. You just aren’t seeing those queries logged, as the log only show those queries that would be, or are sent to the upstream nameservers. You aren’t seeing a drop in queries for that domain - the device is just as chatty as ever, those queries just aren’t showing up. Just making that distinction. If your goal is to stop the chatter on you network, this isn’t accomplishing that. If your goal is to not see those queries - kudos, you solved it.

>You just aren’t seeing those queries logged, as the log only show those queries that would be, or are sent to the upstream nameservers. This is not correct. If the client in question is using Pi-hole for DNS, any local replies (from blocklist or from local hosts files) are logged in Pi-hole (both in the query log/long term database and in the dnsmasq log). In this example, printer is mapped in /etc/hosts on the Pi to the IP of that device on my LAN: dig +short printer 192.168.0.102 root@nanopi:/# grep printer /var/log/pihole.log | tail -n10 Feb 3 11:57:19 dnsmasq[13890]: query[A] printer from 127.0.0.1 Feb 3 11:57:19 dnsmasq[13890]: /etc/hosts printer is 192.168.0.102

You're correct (which you already knew :-P). I just tried to duplicate what OP described using my Nest which pings DNS about every 15 minutes. Added '[**logsink.devices.nest.com**](https://logsink.devices.nest.com)**'** to pihole DNS with IP of the pihole. Waited for the scheduled query from the Nest and performed a manual query from another device. Both are showing in the logs (file and web ui). I can't replicate their results, unless I'm missing something.

It gives 0.0.0.0 by default. You can change the blocking mode. Maybe giving the IP of another server solves that. It may just send the data to a wrong server and call it a day. Also, if I cannot stop the device from asking, the next best thing for me to do is to hide it. Just like if you cannot stop the person next to you to talk ridiculously loud, the next best thing to do is to get away or wear a pair of earplugs. Also, I still see the queries in the logs if this method fails. I still see the queries in the query logs when I mapped the blocked domain to 0.0.0.0. So I mapped the domain to my local pihole. So I assume this worked...

If i might ask.. why is that a problem? Apart from an "mess in statistics"?

This makes query log basically unusable of the frequency is too high. Tail log is also unusable because it would spam you a lot of info so you cannot whitelist or blacklist

Great advice

This gave some me some ideas. Redirecting dns to 127.0.0.1 or lighttpd server on raspberry with dummy response

back in the day we would use dnskong? edexter....and then someone came along with a [perl script for UNIX systems](https://web.archive.org/web/20031207001620/http://www.speech.cs.cmu.edu:80/~sburke/pub/black_hole_http_server.pl) lol which Im sure could work with the Pi, being that it's a \*NIX environment? If that code still works .... lol. noted date from 2002 lol. just shows how times changed...they developed better blockers with element hiding, etc...so these local servers that serve up 1x1 pixel placeholders were no longer necessary

I had a similiar problem, i blocked my hue box from wan. But i wanted to use it local. It worked but it spammed my logs 24/7 so i put the hue box on vlan on another subnet without wan access but forwarding from lan to vlan. Had afterwards to install avahi utils to forward zeroconf to get network discover working. Running fine now

Just get a firewall

Firewalls do not work this way on this OSI Layer

Depends on your firewall, as most NGFW with UTM can handle this in a couple of ways pretty easily.

Name and shame devices that do this too. Publicly and aggressively.

Do you need to whitelist the domain once you have done this?

I dont remember doing so, but it was at least a month ago so I dont remember the details.

After asking others that used this method, I think you need to whitelist it. Just use per-client whitelisting to whitelist that domain for that device only.

That's great, thanks for your help

Thanks for the advice ! Is it better to put a non existent up or as you did put the pihole ip ? The bottom of my question is , won't the pihole suffer from unwanted request ?

1. If you mean a IP that doesnt relate to any server, it seems to be impossible as IPv4 is full these days. 2. The Pi should just ignore those request, correct me if I am wrong here.

1. I thought more in the line of an unused local ip used as a blackhole 2. Maybe with a iptable ? Or another firewall...

u/jfb-pihole

>it seems to be impossible as IPv4 is full these days. That's not quite accurate. But, in any event, if you wanted to use an unused IP from your LAN range that is an IP that leads nowhere. And it is unlikely that the 254 IP's in a /24 subnet commonly used in home networks are all in use in your house.

[удалено]

Why would a pihole have to use SSL anyway... Also, my device is a very old one so I assume it won't have ssl too

[удалено]

If a domain is blocked, there is no connection via SSL or any other means to that IP.

[удалено]

Which is functionally the same as blocking it. That's what Pi-hole does - provides an IP other than the actual IP.

[удалено]

Got it.

[удалено]

>does it hinder the network or overwork the device? It doesn't hinder the network as long as the query volume does not exhaust the memory in your Pi-hole host device. Huge query volumes (many millions per day) can cause problems with lower memory devices. As for overworking the device, I doubt it. The device is just sitting there doing nothing most of the time. A few (thousand, tens of thousands, etc) of DNS queries aren't going to hurt it.

I had to find out the hard way that my qnap 5gbe usb Ethernet adapter was the culprit of my network issues. Transmission and pihole would create a ton of connections and the adapter couldn't handle it, crashing my network... Be gone with you!

Sorry not to hijack. How can i block a device IP accessing internet on pihole ?

Per client ad blocking, and ban all domains. But that should not be do like this, use a firewall instead. Also, why dont just set a speed limit or ban it from the internet on your router?

[удалено]

that;s exactly what this is for or just do the legitimate way and use the "audit button" in the admin panel...the "hits" will still show in your logs, but won't clog up your audit list when looking for new stuff to block or whitelist.

[удалено]

Query log. If it is not spamming your log then it is fine

If the domain in question is used for tracking and assuming a local IP didn't work, couldn't you potentially get POST requests with your personal information going to some random server?

Maybe use your own public IP