I’ve got an IP address that I’ve discovered in my recently started pi-hole that doesn’t fit on my existing networks but is still making DNS requests. Blocking by MAC in pi-hole causes it to pop up again with a different MAC. Blocking the IP in ipfire with logging enabled doesn’t appear to have any effect. The IP is still making queries on pi-hole, and nothing is showing up in ipfire logs.
The IP address is 172.16.2.1. None of Green, Orange, or Blue should be able to work with that IP address. Does anyone have an idea of what might be going on or where I might be able to look for further information?
The lookup showed them to be either for docker containers or used as random MACs for when a device wants to just generate one. So maybe pi-hole itself is doing it?
What I can’t figure out is how it’s going anywhere on the network. Pi-hole says the address got DNS responses a few times, but with Green being 172.16.31 and Blue being 172.16.16, and Orange only on a physical interface that’s not even connected right now, how is it even getting passed on through the firewall, particularly since I added the block rule? I run into that same question if it’s the cable modem (which, since it’s in bridge mode, I don’t think I can access it to take a look at).