LE making 10000s of network requests to my NAS

  • Hi,

    Since the upgrade to the latest newest version of LE I noticed that my network requests went through the roof. I can see that in Pi-hole otherwise I wouldn't even have noticed it. I have no problems though.

    I use sql library which is stored on my Nas


    As you can see it made 22 requests within the same second.

    I 'think' its mostly when it updates the library but not everything.

    When I run kodi on my windows pc and do a lirbrary update I don't see this kind of spam.

  • With DNS servers, including pihole, you need to be careful. If, in addition to offering the DNS server IP to your devices, you configure your DNS server to use that same IP address as DNS, then screw yourself, DNS requests grow exponentially until the DNS server stops.

  • LE as far as I remember never had a caching resolver, where as Windows has a caching resolver as part of the OS.

    I suspect it's probably always worked this way and your just noticing it now. Here is a thread from 2018 that talks about using the connman DNS proxy:

    osen
    July 26, 2018 at 2:46 AM

    It appears to be intentional to avoid user confusion.

  • LE is using the default libc resolver and this caches records according to their TTL values so I doubt caching is the issue. I'd make an educated guess that Kodi makes some form of discovery request which is being denied or sinkholed by Pi Hole and so the request is being repeated (ad infinitum) hoping to get a response (which never comes). There is probably something in Kodi that could have better failure logic. In the same breath Pi Hole improvement to not break the world's most popular mediacentre app would be a good thing too. The decision to use Pi Hole also makes it a self-inflicted problem, sort of, so both sets of developers will probably point fingers at the other.

    More verbose logging from Pi Hole and/or perhaps a PCAP of the traffic to look at would be useful.

  • LE is using the default libc resolver and this caches records according to their TTL values so I doubt caching is the issue.

    glibc resolver doesn't cache at all, you have to pair it with nscd to get caching. I believe most Linux distributions are using systemd-resolved as a DNS proxy to get DNS caching (never actually cared enough to look, but would assume it does).

  • synologynas is likely a local hostname to be resolved.

    Unfortunately resolving host names via nmblookup was dropped from kodi 20, now DNS lookups are finally used.

    You can try to enable WS-Discovery via Settings->Services->SMB Client.

    Yes, it's local hostname of my NAS.

    I do see that the 'mediasources.xml' is using

    Code
      <mediasources>
    <network>
    <location id="1">smb://USER:PASSWORD@SynologyNAS/</location>
    </network>
    </mediasources>

    Along with passwords.xml

    Code
    <passwords>
    <path>
    <from pathversion="1">smb://SynologyNAS/SynologyNAS</from>
    <to pathversion="1">smb://USER:PASSWORD@SynologyNAS/SynologyNAS/Movies/</to>
    </path>
    </passwords>

    sources.xml

    I tried to enable WS-Discovery but didn't make any difference.


    LE is using the default libc resolver and this caches records according to their TTL values so I doubt caching is the issue. I'd make an educated guess that Kodi makes some form of discovery request which is being denied or sinkholed by Pi Hole and so the request is being repeated (ad infinitum) hoping to get a response (which never comes). There is probably something in Kodi that could have better failure logic. In the same breath Pi Hole improvement to not break the world's most popular mediacentre app would be a good thing too. The decision to use Pi Hole also makes it a self-inflicted problem, sort of, so both sets of developers will probably point fingers at the other.

    More verbose logging from Pi Hole and/or perhaps a PCAP of the traffic to look at would be useful.

    I made a pcap and verbose logging file. Is there any place where I can upload it safely (especially the pcap, not sure if sensitive data is in it and the file is almost 100mb big as well)

  • The screenshot in your first post is showing that your PiHole received a DNS A (address) request for "synologynas" and responded with NXDOMAIN (no address) - so your PiHole doesn't know anything about a "synologynas" host in your LAN.

    You may want to add your local domain name (eg ".lan") to the source hostname (eg "synologynas.lan") and make sure PiHole resolves the name to the IP correctly.

    so long,

    Hias

  • The screenshot in your first post is showing that your PiHole received a DNS A (address) request for "synologynas" and responded with NXDOMAIN (no address) - so your PiHole doesn't know anything about a "synologynas" host in your LAN.

    You may want to add your local domain name (eg ".lan") to the source hostname (eg "synologynas.lan") and make sure PiHole resolves the name to the IP correctly.

    so long,

    Hias

    It looks like you are right.

    I added it in pihole and don't see those massive requests again. I'm still at work so can't test a lot but will do when I get back.

    However it's still strange for me because I never used this feature and hardly make use of .local/lan domains.

    Thanks