is not resolving

I am pretty sure I saw a message during the last stable system update that the host for network connectivity checks was being set to I can’t find that message again in the systemd journal or pacman log though.

Anyway, since February 28th my Pihole server now sees many lookups for the non-existing host: and that host is not resolving, obviously.

So, my guess is that something went wrong updating the host for the network connectivity check, because now it believes this host is part of my LAN. It used to be right? That always resolved correctly.

The problem seems to be the (lan part). The rest should work. I wonder where the .lan comes from, because that’s not from the update…

Yes, the .lan part is obviously the issue. Somehow it seems to get appended. This didn’t happen with the previous setting, where it use the Archlinux domain.

It happens on all my (6 or so) Manjaro PCs/laptops. And it started happening after the Feb 28th update.

It’s done by this hook though, which has nothing with .lan in it.
Are you sure it’s not something PiHole does?

My Openwrt router does DHCP and it uses the .lan for the local area network, so every host is $hostname.lan. That’s how my network has been configured like forever. Pihole is only the local caching DNS.

I have never seen this behavior with any FQDN and I do check Pihole logs frequently. I am pretty stumped. like you.

Sounds like your router thinks is a local address. Maybe because it’s not using https?

Found it! It’s only for the AAAA records. does not have an IPv6 address configured. Please add that in the DNS records.

I don’t think that’s going to happen. :wink:

Put we can ping @philm who controls that stuff to see what he can do about it.

It’s not like this IPv6 stuff is totally new and unknown off: :wink:

You block every Domain that does not have a AAAA record? I mean, I can understand why you want to block Amazon and big parts of AWS, but there are many domains out there that does not have a AAAA record.

My ISP gives me full IPv6 access and I run dual stack. I don’t block any hosts that do not have an IPv6 address, that would be silly.

But every other DNS lookup that only resolves to an IPv4 address does not result in additional lookups that get the .lan attached.

So, I don’t know what causes this behavior. I think it is something about NetworkManager. It uses this FQDN for checking network connectivity and I think it does additional weird things when it receives only an IPv4 but not an IPv6 address when checking for connectivity. This additional weird stuff does not happen for normal DNS lookups.

We currently only offer A Records for all our services. Let’s see what I can do about AAAA Records.

1 Like

That shouldn’t matter.

Notice the NODATA entry for the AAAA query.

What are you using for DNS resolution? IOW, how are requests getting to your pi-hole?

I am on xfce unstable and the recent Network Manager update on 2/26/2021 removed my interval setting in /usr/lib/NetworkManager/conf.d/20-connectivity.conf . I put interval = back to 36000, however, it is still pinging I am not sure what the source of is. Hourly??? Maybe pamac?? Here is the log from asuswrt-Merlin running Diversion. Note that gaps are because it will not show while running vpn.

2021-03-02 16:33	A	Allowed
2021-03-02 16:12	A	Allowed
2021-03-02 16:12	A	Allowed
2021-03-02 16:01	A	Allowed
2021-03-02 15:38	A	Allowed
2021-03-02 15:38	A	Allowed
2021-03-02 15:37	A	Allowed
2021-03-02 15:01	A	Allowed
2021-03-02 14:00	A	Allowed
2021-03-02 13:00	A	Allowed
2021-03-02 12:00	A	Allowed
2021-03-02 11:00	A	Allowed
2021-03-02 10:06	A	Allowed
2021-03-02 10:00	A	Allowed
2021-03-02 08:09	A	Allowed
2021-03-02 08:00	A	Allowed
2021-03-02 07:05	A	Allowed
2021-03-02 07:05	A	Allowed
2021-03-02 07:05	A	Allowed
2021-03-02 07:01	A	Allowed
2021-03-02 07:00	A	Allowed

The Plasma NetworkManager applet has an exclamation point next to the wifi indicator. I occasionally get the following notification, even though I clearly have Internet access:


I believe this is related to as well.

; <<>> DiG 9.16.12 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58149
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2701e624038e3e4747a38dce603f39ca17c9125311e9f474 (good)
;		IN	A


;; AUTHORITY SECTION:		2187	IN	NS		2187	IN	NS		2187	IN	NS

;; ADDITIONAL SECTION:	18658	IN	A	3372	IN	A	104580	IN	AAAA	2001:67c:192c::add:a3

Somewhere the settings for your network is incorrect - most likely a zone file.

If the settings for your dns/dhcp your local domain is not terminated with a dot (.) and thus extensions can be appended.

Examples for bind zone files

CNAME record host.domain.lan.
Domain record domain.lan.

1 Like

Good point. I see you are running your own recursive DNS resolver. On my Pihole I have simply set a number of the predefined DNS providers.

I have set my Pihole as the default DNS in my lan and I get DNS requests from all the hosts in my lan on the Pihole. But, I still also get DNS requests from my router on the Pihole. This is not an issue, they get resolved normally, passed back to the router and the router passes them on to whoever queried the router for that domain. It’s the last bit of configuration hackery that I have not solved, because I don’t want any DNS requests going through my router, but it’s not a biggie.

I use Openwrt on my router and I have set my Pihole as the default DNS in the DHCP/DNS settings and as the custom DNS for each applicable interface.

The AAAA record gives me a NODATA response as well, so that’s not the issue.

When looking at the requests, they are only for the AAAA record, never for the A record. They only come directly from my Manjaro machines and not via the router. They get a NXDOMAIN response, so that’s correct.

The two main issues are:

  1. where is that .lan appended to the DNS requests… I don’t know and it could well be configuration error on my end, but it never misbehaved with the previous setting for the Arch Linux domain which does resolve to an IP address for the AAAA record
  2. the request for gets passed on to the authoritative DNS resolvers I have set and this most likely is something I can prevent in Pihole, but have not yet figured out how.

I’m probably being dense. I can’t seem to find any bind zone files. Not on my pc, nor router, nor Pihole.

I have no proof to give, other than my gut: this stinks of avahi interference.

That’s tied in with IPv6. I see the same thing, and I hate it-although I’ve been able to tame it to only the wireless devices used in the house.

Have you set your pi-hole’s IPv6 address as the IPv6 DNS server in your DHCP configuration (DHCP - option6)?

I think this should resolve it:

Server:		192.168.XX.Y
Address:	192.168.XX.Y#ZZ

Non-authoritative answer:
Address: 2a01:4f8:150:448b::1

I’ll now add to all our other services the AAAA record.