HA spamming PTR DNS lookups?

Has anyone else seen this behavior with their Home Assistant setup? I noticed today that my Home Assistant server is essentially spamming my DNS server for PTR records. Somewhere to the tune of 8k per 10 minutes.
The dip in the graph is an upgrade to Ubuntu I performed. I run HASSIO through Docker.

tempsnip

Banging my head trying to figure out what exactly is causing it. If I stop the docker service, the traffic drops immediately so it definitely looks like something in HomeAssistant. I realize this may not be a huge deal as the vast majority of the requests are being served up via the DNS cache, I am more worried about unnecessary traffic on my local network.

Oddly enough, after stopping docker and starting, it happened for a short time then no longer is occurring. Talking with a co worker, he theorized that maybe my Home Assistant server was not caching the lookups locally for some reason, but IS now. Seems plausible to me.

The blue is PTR requests coming from my HA Server.

What PTR searches was it actually making? Most software that receives connections (eg a web server, smtp server etc) do a reverse dns lookup when a client connects.

It was multiple devices on my network. At first I just thought it was my smart bulbs but then I saw my printer was in the request.

I could see how it would happen during the connect, but from what I could tell, it went back quite some time.(Couldnt 100% verify as the PiHole history always times out anything larger than a few days)

I have the same thing, trying to also figure this out. I know that pihole now logs PTR records since release 4.1. This seems to have only recently started happening for me though. The ‘red’ is my HA.

Is it stressing your pihole machine? Is it stressing your network?

fughetaboutit.

Some integrations don’t have a ‘scan_interval’ setting and can do many lookups per second.

If you are using PiHole, can you see what site it is trying to access? It should show up in the query log.

Asked and answered, read the thread.

It looks to be performing lookups for things I have integrated. Stuff like my NAS, ESP modules, etc. I’m now trying to figure out how to stop pihole showing PTR logs. I know the setting, just trying to figure out how to disable it through docker-compose.

Ah, so it’s not accessing the API of an external site by the sounds of it.

I had something similar when using the twitch integration in HA, it would access the API around 5 times per second whenever HA is running:

50

Once I disabled the twitch component in HA, I had far less DNS requests in the PiHole log, I even tried setting the ‘scan_interval’ setting but it did nothing.

If you really want to see what HA integrations could be causing this, try disabling some integrations then check the query log. :slight_smile:

EDIT: Are you using a device tracker?

Not the API stuff, no. A lot of these PTR’s are just other nodes on the networks (phones, etc.). It’s really just noise but would be good to disable these events. I know there’s an ANALYZE_ONLY_A_AND_AAAA=false|true setting which is supposed to stop logging PTRs but I’m running in a docker container, I can’t see how I can apply this yet.

EDIT: I am using unifi for device tracking actually. Would this be the cause?

Hmm, that is odd. I only see requests for external site access for my machine running HA but I’m using VENV not Docker.

It’s possible that it’s the device tracker, I can only suggest try disabling the tracker, restart the docker container, and see if there are less PTR’s, then turn it back on and again watch the query log.

I’m not really too familiar with the way Docker works but I know it has to do some funky things with DNS, hopefully someone with more Docker experience than me will reveal why this happens.

It is calling cache… your pihole and hass calling on itself.
Other system does not shows the cache because it is not query DNS if it still have the cache.
When you install pihole same system as hass, all cache queue will shows in pihole.
Filter out the cache and the number will be reasonable.

I left out a vital piece of information. My piHole is actually running on a separate device (pi zero). It serves as my DHCP and DNS server. So yes, I did see some overall latency when it was handling the thousands of requests that were flooding it. It wasn’t show stopping but enough to annoy me. PiHole was serving up the PRT requests from its cache so at least it wasn’t having to do the lookup to go with it.

After looking at the traffic today, I still see PTR requests, but they appear to be on a very predictable 1 hour interval. My only assumption (as others are also alluding too) would be that this is some type of discovery component either of HA or one of the integrations.

It would be nice to nail down exactly what or which part of HA is making these requests, but ultimately as long as they are not spamming in the thousands, like they were when I first started the thread, I can live with the behavior of occurring once per hour. As long as it doesn’t get spammy again, not sure I want to turn things off and do all the reboots needed to figure out which it is. I do have auto discovery on, so that could potentially be it.

Overall my setup is quite extensive at this point. > 180 entities with lots of wifi and network devices. It would probably take me a while to disable things 1 by 1 to figure this one out.

1 Like

Mine stopped yesterday after restarting and rebuilding pihole on my docker stack. I’m not even sure what would have fixed it. I did the same restarts of the HA host, docker host running pihole, etc. No config changes were done at all.

Came here via search, as I am encountering ‘similar’ issues. I run pi-hole on a separate Pi as of last weekend. The graphs are going crazy on requests coming from Hassio.local (on another Pi3). Top request seem to come all from integrations (tado + telegrambot in my case). Also a lot of ESPhome devices show up (even though most are disconnected / tests).


The following graph show how Hassio overshadows all the other requests on my network.

As @nickrout mentions above, it doesn’t harm and probably the behaviour has been like that, before Pi-hole was deployed. Still I found it obscure, and would love to have Hassio behave normal / decent :wink:

Any thoughts?

Well so much for this whole thing not causing any harm. Woke up to my Nest Hello stating its offline, look in Unifi and its most definitely online. Look at the device rating and it states DNS Timeout. Go to my pihole and its as if its crashed, FTL Service is not running etc. After reboot everything is back up and running but I see the following graph and these massive numbers:
Top is Home Assistant, second place is my UDM.
image
Obviously the blue is HA.

The only thing I can think of is discovery for something in HA just spamming these requests. I am going to comment out that line in my config and see if I continue to see these requests.
image

Disabled discovery, saw this chart spike right back up after the restart of HA. So what the heck…

Went to the ubuntu machine running docker with HA and did a tcp dump and screen flies by scrolling with PTR requests. My little PiZero seems to somehow be keeping up with these requests almost without an issue the majority of the time (probably because being served up from cache) but still. If it crashes from time to time, this will start driving me crazy trying to figure this out.

Starting to think maybe this has something to do with the DNS docker container that runs along side HA? The only time I see this seems to “calm down” is after a full restart of Ubuntu. I don’t believe I started seeing this issue until after that container was starting to be used. Looking at the docker stats, this container is constantly using 1.3 to 2% of CPU all the time with network usage at 1.46MB.

Going to try and stop the container to see if requests die off. Not sure what the repercussions to HA are though so guess Ill find that out as well.

Update: So, while looking at the containers in docker, I saw that AdGuardHome was running. I had installed this to test it out before deploying in another instance of HA for my parents. I had disabled the start at boot, but somehow it was re enabled. I can literally flip back and forth between enabled and disabled and watch the flood of requests go out for PTR records.

So it seems, this is tied probably to either AdGuardHome or maybe even PiHole running along side of HA. Going to install tcpdump on my PiZero so I should be able to confirm if that traffic appears to be “normal” from there as well.

Update 2: AAND PiHole on my PiZero is making some PTR requests, but nothing in the crazy volume I saw when AdGuardHome is running with HA. This leads me to believe the problem is either AdGuardHome or having it installed along side of HA with the DNS container. After I removed AdGuardHome, the DNS container is no longer using a bunch of CPU and Net I/O is tiny compared to what it was.

I was going to try and install PiHole along with HA but it wont start due to the DNS port already being in use (Maybe remnants of AGH?). Since I already run an instance of PiHole outside of my HA, I dont think I am going to look into that portion any further, but hopefully this helps anyone else that comes across this weird nuisance.

Good investigations.

Although why would you run two instances of pihiole on your network, similarly why pihole and adguard?

Although why would you run two instances of pihiole on your network

Some people do this who have more than 1 raspberry Pi, they have a 2nd PiHole Pi running as a failover (secondary) DNS server.

That way if your primary DNS goes down, you still have working internet.

Pihole + Adguard seems to be a bad combo by the looks of it, I’ve not tried adguard but I’ll be sure to make sure PiHole is disabled if I ever try it. :slight_smile: