I have installed pi-hole on my server and used it as DNS in my router. On all other devices in my network DNS is 192.168.2.228, not 192.168.2.1.
I noticed that my router sending suspicious queries from my IP address.
What it could be and how can i fix it? Would resetting the router to default cfg work?
ANY §h§i§g§i§.§c§o§m§
ANY §p§e§a§c§e§c§o§r§p§s§.§g§o§v§
ANY §f§e§r§c§.§g§o§v§
ANY sl
The topic seems to be made just to spam links on the forum for those organizations,
just to increase the ranking on Google & Co.
To attach an image to the post, use “Attachments” tab, and do not use third party sites (for monetize or not).
The randomly thrown IP numbers don’t say anything.
You have not even made a diagram on how the devices are connected or even how they are configured.
Virtually no useful data to understand something.
Your router has the resolver open to the world and you’re currently a victim of some sort of DNS abuse. Secure your resolver.
@rextended: no.
Bravo (Brava?)
mikrotik.com
Server: 176.59.§§.§§
Address: 176.59.§§.§§
Risposta da un server non autorevole:
Nome: mikrotik.com
Addresses: 2a02:610:7501:1000::2
159.148.147.196
Ok thanks for info abt the forum. Devices are connected as i show it on the attachment
On all of these devices DNS is 192.168.2.228 (pi-hole server)
THX you helped me so much. added drop filter for dns queries and now it stopped.
Can you take a screenshot of your DNS settings? In Winbox, IP → DNS. Do you have it set to allow remote requests?
Obviously the answer to that question is “yes”.
Wait and hold the fort! You created a hole in your network with your PI device, mission accomplished! Its what you wanted is it not…Pi-Hole! 
Only that the Pi has nothing to do with it 
At last, I see the missing default “drop all” at the end of the input firewall chain…
Which is why I was going to advise him to uncheck that since he’s using pihole for dns.
Perhaps you meant I noticed a missing command, because no matter how good you are, you cannot see something that is not there..........
If you can, please send me a bottle of what you are drinking,,,,,,, or airplane tickets to visit.
@anav, the message was for everyone in general, not related to what you wrote.
If the default input firewall rules are in place, the internal DNS can not be reached from outside.
I based what I wrote on this consideration.
Ahh, okay but who would want DNS queries originating outside from coming into the router.
The user probably deleted the default configuration and didn’t put a valid alternative…
…and the “world” uses its DNS as a DNS relay or to perpetuate cyber attacks
Yes. It was on
Would my DNS work from my wireguard setup, if i disable “Allow Remove Requests” in DNS settings?
Popping some popcorn now before anav sees the previous post.
Let me try to spare you a lashing…
Please order your firewall rules with input ones at the top and forward ones at the bottom. You would have been better served to keep the default rules as I can confidently say you set these up from scratch without understanding 100% what you’re doing…thus the DNS hijacking.
Your input chain should have an accept established, related rule at the top and a drop invalid rule next. Then put your input rules and at the end put a drop all rule.
Your forward chain should look the same way: accept established, related. Followed by a drop invalid. Put your forward rules and at the end you have a drop all rule.
Get that mess you currently have in order and resend your screenshot please.
