How do I determine what device is making a query?


If you happen to notice something strange or unexpected in your query log or dashboard, you may want to try to find out what device made the query. If you’ve setup the Pi-hole dashboard to use hostnames instead if IP addresses, this shouldn’t be difficult because you can just look at the name of the device.

But if you haven’t done this, it may be more difficult to track down the device. If you don’t know what IP addresses your devices have, you can usually check in your router. But if a long time has passed and you are using DHCP, the IP may be assigned to a different device than when the query was logged.

In any case, if you want to find the IPs of the devices on your network so you can match them up with what’s in the query log, you can use nmap.

A command like this would scan your network for live hosts:

sudo nmap -sP

This will return a list of IPs and the vendor so you can help narrow down what the device is.

Starting Nmap 7.60 ( ) at 2018-03-24 21:55 CDT
Nmap scan report for
Host is up (0.26s latency).
MAC Address: 40:BF:T4:D6:43:BG (Apple)
Nmap scan report for
Host is up (0.10s latency).
MAC Address: HH:BF:3Z:65:89:33 (Nest Labs)
Nmap scan report for
Host is up (0.16s latency).

You can then match this IP to the query in question via the Pi-hole Web interface.