DNS Lookups going to Google DNS even though I have OpenDNS configured?

JimPhreak

Is it possible that there is an application running on .208 that is doing the resolving for whatever reason, like a DNS benchmark for instance?

Nope, I have nothing that would do any resolving running on .208. It's a linux storage box that just has a few Dockers running (like Plex and a few others but nothing that has any DNS configured).

@Derelict:

Dude. Those logs say 192.168.4.208 is making requests to google's 8.8.8.8 and 8.8.4.4. and they are being blocked by the rules on the LAN interface.

That's correct, I purposely am blocking them. The question is why are they making requests to Google?

Derelict

That is a great question for the makers of that box. it has nothing to do with pfSense.

JimPhreak

@Derelict:

That is a great question for the makers of that box. it has nothing to do with pfSense.

I wasn't blaming pfsense I was just looking for some insight from others running pfsense. Being that I'm pretty new to pfsense I wasn't sure if I misconfigured something on it. But I'll look more closely at my server now.

Derelict

dig/drill are your friends

On 192.168.4.208:

You can selectively do DNS queries to various servers:

dig @8.8.8.8 www.google.com
dig @192.168.4.1 www.google.com

KOM

It could also be something as simple as someone running nslookup from the command line and then specifying the Google DNS.

dns.png_thumb

JimPhreak

@KOM:

It could also be something as simple as someone running nslookup from the command line and then specifying the Google DNS.

I would but it's a linux box. And the dig/drill commands don't appear to be present.

It looks like it's an issue with one of my dockers though so I'm looking into that.

KOM

I would but it's a linux box.

cough

dns.png_thumb

johnpoz

"I would but it's a linux box. And the dig/drill commands don't appear to be present."

Well then install them.. What linux distro are you using that nslookup is not installed?

Last login: Wed Jul 8 12:02:03 2015 from 10.0.8.6
user@ubuntu:~$ nslookup

JimPhreak

@johnpoz:

"I would but it's a linux box. And the dig/drill commands don't appear to be present."

Well then install them.. What linux distro are you using that nslookup is not installed?

Last login: Wed Jul 8 12:02:03 2015 from 10.0.8.6
user@ubuntu:~$ nslookup

It's an unRAID server which is built off Slackware. But I've determined it's definitely an issue with a particular Docker. I see the nameserver's listed as the Google DNS servers in the Docker's log so it's not even really a Linux issue.

KOM

But I've determined it's definitely an issue with a particular Docker.

For me, playing detective is the funnest part of the job.