HA spamming PTR DNS lookups?

I have the same thing, trying to also figure this out. I know that pihole now logs PTR records since release 4.1. This seems to have only recently started happening for me though. The ‘red’ is my HA.

Is it stressing your pihole machine? Is it stressing your network?

fughetaboutit.

1 Like

Some integrations don’t have a ‘scan_interval’ setting and can do many lookups per second.

If you are using PiHole, can you see what site it is trying to access? It should show up in the query log.

Asked and answered, read the thread.

It looks to be performing lookups for things I have integrated. Stuff like my NAS, ESP modules, etc. I’m now trying to figure out how to stop pihole showing PTR logs. I know the setting, just trying to figure out how to disable it through docker-compose.

Ah, so it’s not accessing the API of an external site by the sounds of it.

I had something similar when using the twitch integration in HA, it would access the API around 5 times per second whenever HA is running:

50

Once I disabled the twitch component in HA, I had far less DNS requests in the PiHole log, I even tried setting the ‘scan_interval’ setting but it did nothing.

If you really want to see what HA integrations could be causing this, try disabling some integrations then check the query log. :slight_smile:

EDIT: Are you using a device tracker?

Not the API stuff, no. A lot of these PTR’s are just other nodes on the networks (phones, etc.). It’s really just noise but would be good to disable these events. I know there’s an ANALYZE_ONLY_A_AND_AAAA=false|true setting which is supposed to stop logging PTRs but I’m running in a docker container, I can’t see how I can apply this yet.

EDIT: I am using unifi for device tracking actually. Would this be the cause?

Hmm, that is odd. I only see requests for external site access for my machine running HA but I’m using VENV not Docker.

It’s possible that it’s the device tracker, I can only suggest try disabling the tracker, restart the docker container, and see if there are less PTR’s, then turn it back on and again watch the query log.

I’m not really too familiar with the way Docker works but I know it has to do some funky things with DNS, hopefully someone with more Docker experience than me will reveal why this happens.

It is calling cache… your pihole and hass calling on itself.
Other system does not shows the cache because it is not query DNS if it still have the cache.
When you install pihole same system as hass, all cache queue will shows in pihole.
Filter out the cache and the number will be reasonable.

I left out a vital piece of information. My piHole is actually running on a separate device (pi zero). It serves as my DHCP and DNS server. So yes, I did see some overall latency when it was handling the thousands of requests that were flooding it. It wasn’t show stopping but enough to annoy me. PiHole was serving up the PRT requests from its cache so at least it wasn’t having to do the lookup to go with it.

After looking at the traffic today, I still see PTR requests, but they appear to be on a very predictable 1 hour interval. My only assumption (as others are also alluding too) would be that this is some type of discovery component either of HA or one of the integrations.

It would be nice to nail down exactly what or which part of HA is making these requests, but ultimately as long as they are not spamming in the thousands, like they were when I first started the thread, I can live with the behavior of occurring once per hour. As long as it doesn’t get spammy again, not sure I want to turn things off and do all the reboots needed to figure out which it is. I do have auto discovery on, so that could potentially be it.

Overall my setup is quite extensive at this point. > 180 entities with lots of wifi and network devices. It would probably take me a while to disable things 1 by 1 to figure this one out.

2 Likes

Mine stopped yesterday after restarting and rebuilding pihole on my docker stack. I’m not even sure what would have fixed it. I did the same restarts of the HA host, docker host running pihole, etc. No config changes were done at all.

Came here via search, as I am encountering ‘similar’ issues. I run pi-hole on a separate Pi as of last weekend. The graphs are going crazy on requests coming from Hassio.local (on another Pi3). Top request seem to come all from integrations (tado + telegrambot in my case). Also a lot of ESPhome devices show up (even though most are disconnected / tests).


The following graph show how Hassio overshadows all the other requests on my network.

As @nickrout mentions above, it doesn’t harm and probably the behaviour has been like that, before Pi-hole was deployed. Still I found it obscure, and would love to have Hassio behave normal / decent :wink:

Any thoughts?

Well so much for this whole thing not causing any harm. Woke up to my Nest Hello stating its offline, look in Unifi and its most definitely online. Look at the device rating and it states DNS Timeout. Go to my pihole and its as if its crashed, FTL Service is not running etc. After reboot everything is back up and running but I see the following graph and these massive numbers:
Top is Home Assistant, second place is my UDM.
image
Obviously the blue is HA.

The only thing I can think of is discovery for something in HA just spamming these requests. I am going to comment out that line in my config and see if I continue to see these requests.
image

Disabled discovery, saw this chart spike right back up after the restart of HA. So what the heck…

Went to the ubuntu machine running docker with HA and did a tcp dump and screen flies by scrolling with PTR requests. My little PiZero seems to somehow be keeping up with these requests almost without an issue the majority of the time (probably because being served up from cache) but still. If it crashes from time to time, this will start driving me crazy trying to figure this out.

Starting to think maybe this has something to do with the DNS docker container that runs along side HA? The only time I see this seems to “calm down” is after a full restart of Ubuntu. I don’t believe I started seeing this issue until after that container was starting to be used. Looking at the docker stats, this container is constantly using 1.3 to 2% of CPU all the time with network usage at 1.46MB.

Going to try and stop the container to see if requests die off. Not sure what the repercussions to HA are though so guess Ill find that out as well.

Update: So, while looking at the containers in docker, I saw that AdGuardHome was running. I had installed this to test it out before deploying in another instance of HA for my parents. I had disabled the start at boot, but somehow it was re enabled. I can literally flip back and forth between enabled and disabled and watch the flood of requests go out for PTR records.

So it seems, this is tied probably to either AdGuardHome or maybe even PiHole running along side of HA. Going to install tcpdump on my PiZero so I should be able to confirm if that traffic appears to be “normal” from there as well.

Update 2: AAND PiHole on my PiZero is making some PTR requests, but nothing in the crazy volume I saw when AdGuardHome is running with HA. This leads me to believe the problem is either AdGuardHome or having it installed along side of HA with the DNS container. After I removed AdGuardHome, the DNS container is no longer using a bunch of CPU and Net I/O is tiny compared to what it was.

I was going to try and install PiHole along with HA but it wont start due to the DNS port already being in use (Maybe remnants of AGH?). Since I already run an instance of PiHole outside of my HA, I dont think I am going to look into that portion any further, but hopefully this helps anyone else that comes across this weird nuisance.

Good investigations.

Although why would you run two instances of pihiole on your network, similarly why pihole and adguard?

Although why would you run two instances of pihiole on your network

Some people do this who have more than 1 raspberry Pi, they have a 2nd PiHole Pi running as a failover (secondary) DNS server.

That way if your primary DNS goes down, you still have working internet.

Pihole + Adguard seems to be a bad combo by the looks of it, I’ve not tried adguard but I’ll be sure to make sure PiHole is disabled if I ever try it. :slight_smile:

I had the same problem. In my case, it depended on the integration/component.

I recently switched all the hardcoded IPs in my configuration files to local names instead and I saw a huge jump in my pihole chart (like you did). Requests from my hassio went from the low 100s to nearly 3000 per 10 minute timeframe. I could see which host it was requesting records for in the pihole logs (like you did) and I then used trial and error to back out the changes until I found the culprit.

It was ZoneMinder, my security camera integration/component. When I put the hostname of the system in there instead of the IP I get nearly 3000 queries in 10 minutes from hassio for it.

I just barely figured this out you can see the requests dive at the end.

I came across this after I observed the same issue with my pi-hole/hass setup. I found a solution that seemed to work for me. Posting in the hope that it will help someone else too.

Initially, I disabled the Nmap Tracker integration. All x.x.x.x.in-addr.arpa PTR lookups seemed to stop.

After looking a little more at the integration, and NMAPs options, I reconfigured the Nmap Tracker and added the following to suppress DNS resolution.

scan_options: " -n "

So far traffic on my pi-hole is reasonable again.

2 Likes

How did you reconfigure Nmap tracker… your option for -n scan did not help me… the only solution it was to stop using Nmap…

1 Like

I think this might be related to why my devices get kicked off wifi sometimes, I am also seeing a large amount of dns lookups on adguard: When hassio is online other devices on network lose wifi connection · Issue #1194 · home-assistant/operating-system · GitHub