@ssullivan556 said in So why is Netflix hitting me with Dradis?:
DNS is NOT google
And apps and devices like "tvs" love to use their own dns..
Quite possible that was a dns query to check for an update or something, or telemetry - so no it wouldn't "break" your internet or anything. Or stop netflix from working.
I block lots of dns queries - stuff still works.
Why do they rate something at a 1? Is that what your asking - well if it wasn't a false positive, then yeah it would be bad ;)
Snort or any sort of ids/ips is going to have lots and lots of false positives - which is why users shouldn't be using it unless they understand that, and how to deal with it, and how to address them, etc.
Was it actually blocked? Snort normally would default to monitor only mode.
edit: here as example - did a quick sniff on the segment my rokus and tvs are on..
[image: 1763718575767-example.jpg]
I sure don't have them set to google, If you look at their network settings in their gui, they don't list google as dns, etc.. But as you can see - they are asking google.
You could block that if you want, but when they can't talk they tend to get more chatty about it - asking more and more often, etc..
But just because they talked to google, and your ips/ids flagged something as possible bad - doesn't mean it is..
