RT-AC68U, 386.9, constant DNS lookups of www.google.com

[JoeTheDownloader]

This is more a "what's going on" than an actual problem, but I learn a lot this way so here goes and thanks in advance for any help:

Scenario:

• RT-AC68U, Merlin 386.9, henceforth "the router"
• Everything is working just fine
• The router is the D/G for the local LAN only, a flat /24 network
• DHCP is on the router only - it hands out DHCP leases with the DNS pointing to a pi-hole (which is itself not a DHCP server)
• DNSDirector is also configured on the router to push any stubborn devices towards the pi-hole
• The router's own DNS is pointed at Google 8.8.8.8/8.8.4.4 with DNSSEC enabled, DNS Rebind protection on and Prevent client auto DoH set to auto. DNS priv protocol is set to none.
• The router has a DNSDirector exemption allowing the pi-hole to be exempt from filtering
• The pi-hole's own DNS is set to be the router, since I need to resolve internal things too
• Forward local domain queries to upstream DNS is enabled since I use my domain name internally but also externally to give split horizon DNS for convenience

Question:

The pi-hole receives frequent DNS requests for www.google.com (A and AAAA records) and occasional other subdomains of google from the router itself.

I don't understand why the router is generating this traffic, or if perhaps it is forwarding it on behalf of another device. I don't understand why it is forwarding it to the pi-hole recursively, rather than looking it up using the DNS configured on the WAN.

Weird!

Thanks again for reading, if indeed you still are.

 

[bennor]

If I understand what you posted; are you saying you set the router as the DNS server on the Pi-Hole > Setting > DNS page? If so I assume you are using the custom DNS field correct? If so why have you set your router and Pi-hole up that way?

Normally the intial general setup of an Asus router running Merlin and using Pi-Hole along with DNS Director would go something like what is detailed in the following link:
https://www.snbforums.com/threads/pihole-dns.74646/page-3#post-712319

When using DNS Director with Pi-Hole it shouldn't be uncommon to see router DNS request entries show up in the Pi-Hole query list. In your case because you have configured your router (I assume WAN DNS entries) for Google DNS servers and have configured your Pi-Hole to use the router as the DNS that would may explain why you are seeing Google DNS requests showing up from the router.

There are ways to block a DNS server request using the LAN> Route tab in the router's GUI. An example of how to do so is explained in this link: https://12vpx.com/docs/block-google-dns/asus

 

[JoeTheDownloader]

Thanks for replying. Mine is basically like that example, yes.