at home I have installed a pihole server on a raspberry pi3b and dietpi on a raspberry pi 0 W 2. In this latter server I have installed wireguard to use as a vpn to access my home local network from outside. For some time I have known, from the logs of my pihole, that the dietpi server makes strange DNS PTR requests to weird IPs (Chinese, Iranian, etc). I tried to analyze the situation, but I can’t figure it out. The only thing I have done at the moment is blacklist those IPs on pihole (but once blackslisted some other new IP addresses appear).
Maybe he looked up the reversed IP (184.108.40.206) which would be from Bahrain.
In reverse lookups the IP is shown in reversed order, so 220.127.116.11.in-addr.arpa is a lookup for the domain that belongs to the IP 18.104.22.168.
@ enzo.ionico So my guess is an app tried to contact this google IP 22.214.171.124. and PiHole tries to find out to which domain this IP belongs.
That’s why it’s called a reverse lookup, normally it’s the other way around: You know the domain and want to find out the IP for this domain.