FOG generates lots of DNS queries



  • Hi there,

    We just installed a pihole in our laboratory network, where our FOG (1.5.7.1, CentOS7) also is placed. Surprisingly FOG leads the list with a huge amount of DNS queries. Approximately every five minutes FOG asks pihole for the ip addresses of the devices that are in the FOG database. Why is that?

    pihole.PNG

    Best regards


  • Senior Developer

    @yas1 George is right, FOG is doing DNS queries mostly as part of a routine check to see if hosts are up. If you don’t like this you can disable the whole service in the web UI (FOG Configuration -> FOG Settings -> FOG Linux Service Enabled -> PINGHOSTGLOBALENABLED) or increase the service sleep/inactive time (FOG Configuration -> FOG Settings -> FOG Linux Service Sleep Times -> PINGHOSTSLEEPTIME) or you can take the big hammer and just disable the whole Linux service (systemctl stop FOGPingHosts ; systemctl disable FOGPingHosts).

    I think that’s why every device in the database is shown as offline(“unknown”).

    While this is related it’s not the fact that FOG cannot resolve it’s name but that it cannot connect to port 445 on your host(s). The word “ping” might be a bit misleading here, it’s not a standard ICMP ping we are doing but a kind of Windows specific check to see if TCP port 445 is available. Both checks definitely have drawbacks but some years ago the FOG devs decided to go the port 445 way and this is still the case today.

    If you got hooked up by the idea to use the host status more there is also a plugin you can enable called “host status”.



  • Thanks for clarifying. I think that’s why every device in the database is shown as offline(“unknown”). The hosts in the database have fictional names or the mac address because of quick registration, so these devices are not reachable via FQDN. Any chance to deactivate the up/down check or assign a static IP address to the host that can be polled for this purpose?


  • Moderator

    @yas1 said in FOG generates lots of DNS queries:

    FOG asks pihole for the ip addresses of the devices that are in the FOG database.

    The only thing I can think of is that the FOG server will reach out to the target computers to check to see if they are online or not. The results will be shown in the hosts management page list where there would be a red or green icon indicating up or down state. The fog php code mainly uses IP addresses to do its business, not DNS. But the up/down check would only know about system names that it would try to resolve by a DNS query.


Log in to reply
 

286
Online

7.4k
Users

14.5k
Topics

136.5k
Posts