JDPFu.com 2025

Here’s where it gets interesting. The top 10 clients for blocked DNS are:

Hostname        Number of queries

roku            311,036

PlexMS          184,075

Fire8HD         163,085   has a 132K /etc/hosts file

email srv       119,431

Android Phone   117,790

Win7            112,767

nextcloud       88,098

VM host         79,330

VM host         62,643

Old Desktop     28,265  (VM is shutdown)

New Desktop     26,220  (VM running about 2 weeks)

Blog            16,562

Proxy           5,221

r-pi3           3,993

email-gatewy    369

HDHR Tuners     250-ish each

Streaming media is causing, by far, the most DNS queries with a Roku that gets used perhaps 2 hours a day showing almost 2x the queries.
The 2nd offender is our Plex Media Server, which is used for storage and LAN streaming. We don’t watch content directly on that system.
The 3rd offender is an Amazon Fire 8HD tablet. That tablet has been rooted and has a huge adblocking and “bad guys” /etc/hosts file, so most of those DNS queries shouldn’t show up on the Pi-Hole at all. Without that hosts file, I can only imagine how many “phone home” requests it would send to Amazon and Amazon partners.
Next is an email server. I haven’t looked to closely, but anti-spam is often about validated the sender forward and reverse DNS entries match, plus queries to DNS for SPF and DMARC records. Probably a necessary evil for that server.
Next is my Android phone. Most of the time, that device isn’t on any network (no wifi or data plan), so the fact that over 100K DNS requests were sent by it really is alarming. After all, we’re all stuck at home, so who needs a cell phone on a network? I don’t.
Then there’s a Win7 machine that is still used for video editing, but really nothing else. I’ve disabled the IPv6 stack on it and blocked the constant attempt to connect to teredo.ipv6.microsoft.com which is an IPv6 tunnel service that bypassed firewalls. Even without IPv6 enabled, it is still trying to phone home.
Next is our nextcloud server. This pulls RSS news feeds every few hours to a central server here, so all our clients have the same view of the read/unread news.
The rest aren’t so concerning to me. I’m a little surprised by the email-gateway server not having much higher DNS query numbers. The job of that system is to block as much garbage email as possible, and to provide a in/out gateway for the real email server which used 10x more resources. The gateway is very light on resources.

Top Blocked Domains

For the last 24 hours, here are the top domains being blocked:

scribe.logs.roku.com            44499

analytics-ingestion.production-public.tubi.io   662

austin.logs.roku.com            576

pasta.esfile.duapps.com         455

api.parse.com                   397

graph.facebook.com              397 

reports.crashlytics.com         271

ssl.google-analytics.com        230

device-api.urbanairship.com     227

sb.scorecardresearch.com        224

All tracking sites. Look at scribe.logs.roku.com! 44K DNS queries in 24 hours!!! That’s just crazy.

What Do I Block?

Mostly it is advertising and tracking sites. So google and google partners. Facebook and facebook partners. General web tracking companies which I group amazon into.

But look at Roku trying to get data send home! That’s a bug. Sometimes when I reboot the roku, the pi-hole blocking has to be disabled for 30 seconds so the boot can finish. Adding new channels requires access to some of the blocked roku domains, as does some searching for content at the Roku level.

I’m a little crazier than most about being tracked.

Our media players running Kodi didn’t even show up on this list. Guess we know who wants to track us – companies with a profit motive. That’s fine, just wish they clearly advertise how much and why instead of taking our data and hiding behind less-than-clear Privacy/Tracking statements.

For more about using an /etc/hosts file to block parts of the internet you don’t want, click here.