Is there any way to omit a blocked domain from the logs?
The msmetrics lookup from the sonos devices is skewing the graph of activity. I know it'll continue to make the requests, and they'll be blocked.. can I just have them omitted from logging entirely?
Currently you can not ignore domains from being logged, but you can prevent them from showing up in certain metrics by adding them to an exclusion list on the settings page.
The Sonos msmetrics.ws.sonos.com query doesn't happen a lot (about hourly) if it is not blocked so maybe look into spoofing the response to the query at your firewall and see if you can satisfy whatever it is looking for as a response locally?
I don't block it as I find the system analysis Sonos offers worth the minor loss of privacy. I haven't looked into the other Sonos queries like sonosapi-napster-ns-rhapsody.com for blocking either but it looks like you may get one for several of the different services accessed through your Sonos devices.
Sonos privacy policy: https://www.sonos.com/en-us/legal/privacy
Until you run Sonos on a client, then the client queries that domain every minute (at least when it is blocked). The Sonos speakers themselves query this blocked domain every 15 minutes.
I've been playing music on my Sonos all morning, 10 Sonos and 5 Android controllers, and the pi-hole logs are not showing very many lookups so it is probably the blocking causing your "too frequent" issue.
Since the Sonos internals are hidden and unchangeable I'd suggest spoofing is the answer to cut back on the number of lookups. Had to do that on my IP Cameras that went into panic mode and hammered my network several times per second with DNS and NTP stuff.
Here's an interesting blast of traffic from Sonos. In 2.5 hours, with music playing controlled from my wife's iPad Pro. Typically this Pi-Hole sees 30K requests a day or so, so the scale is very compressed due to the big influx of requests. The black is the iPad Pro.
Interesting, I'll have to try playing something from the services in your screenshot and see what I get, Napster/Rhapsody via an Android controller is doing nothing like that volume here. No Sonos stuff on the permitted domains sector of either dashboard. The Sonos component making the most queries is at number four with 2000 queries on the client sector.
I haven't sorted out my IPv6 DNS naming so I'm not sure which IPv6 client is doing what with it but looking at the logs for Sonos I'm only seeing scattered hits, 14:07, 15:02, 15:06 and 15:09, while actively playing from Napster. Interestingly all are coming from the Sonos via IPv6.
I think I'll ask about this issue on the Sonos forums and see if someone has found a method to keep the query interval reasonable while blocking them.
I should go back and configure DNS names for the rest of the Sonos gear that is using IPv6 so the pi-hole logs are easier to read, maybe this evening.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
