Nighthawk MR60 spying on my Internet usage

To get more insight into what is going on here, I grabbed the /var/log/pihole.log* files for the last 7 days and checked just what the MR60 (as client 192.168.1.2) is trying to resolve.  The list is pretty "telling."   It's definitely doing all the queries that any/all of my devices are doing, but also a huge number of reverse IP lookups.

$ grep 'from 192.168.1.2' pihole.log* | sed -n 's/.*] \([^ ]*\) from.*/\1/p' | sort | uniq -c | tee mr60.txt

I'll show just the most-used lookups.  For sure many of these are Netgear related, but a ton of them are not.

And when I look at the complete list I can see many many domains being referenced which are unique to my own Internet usage, such as certain podcasts and such that only I listen to and nobody else does.

5419 www.netgear.com
1516 time-b.netgear.com
1031 advisor.ngxcld.com
186 mesu.apple.com
126 www.apple.com
121 time-c.netgear.com
117 init-p01st.push.apple.com
92 lb._dns-sd._udp.net
88 1-courier.push.apple.com
85 1-courier.sandbox.push.apple.com
69 apple.com
62 suconfig.apple.com
56 xbroker-z2-i12.ngxcld.com
52 xbroker-z2-i16.ngxcld.com
52 api.smoot.apple.com
51 gspe1-ssl.ls.apple.com
51 e6858.dscx.akamaiedge.net
50 gsa.apple.com
48 cl2.apple.com
48 appleid.apple.com
46 xbroker-z2-i17.ngxcld.com
44 xbroker-z2-i24.ngxcld.com
43 init-p01md.apple.com
43 init.ess.apple.com
42 gs-loc.apple.com
42 gateway.icloud.com
41 uemm.dynatrace.ford.com
40 xbroker-z2-i8.ngxcld.com
40 xbroker-z2-i11.ngxcld.com
40 guzzoni.apple.com
38 xbroker-z2-i22.ngxcld.com
38 xbroker-z2-i13.ngxcld.com
38 radarsubmissions.apple.com
37 outlook.office365.com
37 gsp-ssl.ls.apple.com
36 init.itunes.apple.com
35 configuration.apple.com
34 xbroker-z2-i23.ngxcld.com
34 xbroker-z2-i15.ngxcld.com
33 p101-keyvalueservice.icloud.com
33 p101-fmfmobile.icloud.com
33 http.fw.updates1.netgear.com
32 xbroker-z2-i6.ngxcld.com
32 xbroker-z2-i4.ngxcld.com
32 xbroker-z2-i14.ngxcld.com
31 gateway.fe.apple-dns.net
30 xbroker-z2-i7.ngxcld.com
30 xbroker-z2-i19.ngxcld.com
30 gspe35-ssl.ls.apple.com
28 xbroker-z2-i5.ngxcld.com

Looking into the top reverse lookups it's almost all cloudfront:

$ cat /tmp/mr60arpa.txt | while read count rev ; do ip=$(echo $rev | awk -F. '{print $4 "." $3 "." $2 "." $1}'); echo $count $(getent hosts $ip) ; done
1121 13.226.13.13 server-13-226-13-13.ord51.r.cloudfront.net
1121 13.226.13.120 server-13-226-13-120.ord51.r.cloudfront.net
1120 13.226.13.99 server-13-226-13-99.ord51.r.cloudfront.net
1120 13.226.13.124 server-13-226-13-124.ord51.r.cloudfront.net
660 99.84.160.7 server-99-84-160-7.ord52.r.cloudfront.net
660 99.84.160.32 server-99-84-160-32.ord52.r.cloudfront.net
660 99.84.160.25 server-99-84-160-25.ord52.r.cloudfront.net
660 99.84.160.115 server-99-84-160-115.ord52.r.cloudfront.net
180 99.84.174.69 server-99-84-174-69.ord52.r.cloudfront.net
180 99.84.174.66 server-99-84-174-66.ord52.r.cloudfront.net
180 99.84.174.6 server-99-84-174-6.ord52.r.cloudfront.net
180 99.84.174.22 server-99-84-174-22.ord52.r.cloudfront.net
1 99.84.79.90 server-99-84-79-90.hio50.r.cloudfront.net
1 54.239.169.81 server-54-239-169-81.kix56.r.cloudfront.net
1 13.33.165.77 server-13-33-165-77.yto50.r.cloudfront.net
1 99.84.79.70 server-99-84-79-70.hio50.r.cloudfront.net
1 54.230.155.66 server-54-230-155-66.icn51.r.cloudfront.net
1 54.239.169.58 server-54-239-169-58.kix56.r.cloudfront.net
1 54.230.155.52 server-54-230-155-52.icn51.r.cloudfront.net
1 54.230.155.50 server-54-230-155-50.icn51.r.cloudfront.net
1 13.33.165.49 server-13-33-165-49.yto50.r.cloudfront.net
1 99.84.79.2 server-99-84-79-2.hio50.r.cloudfront.net
1 54.230.155.23 server-54-230-155-23.icn51.r.cloudfront.net
1 13.33.165.2 server-13-33-165-2.yto50.r.cloudfront.net
1 54.239.169.123 server-54-239-169-123.kix56.r.cloudfront.net
1 13.33.165.107 server-13-33-165-107.yto50.r.cloudfront.net
1 54.239.169.102 server-54-239-169-102.kix56.r.cloudfront.net
1 99.84.79.101 server-99-84-79-101.hio50.r.cloudfront.net

That's just the IPv4 stuff.  I need to see if I can do similar analysis for the IPv6 lookups.