• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Weird DNS queries on localhost

Scheduled Pinned Locked Moved DHCP and DNS
5 Posts 4 Posters 2.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rolandk
    last edited by Jun 28, 2017, 8:32 AM

    We are switching from using dnsmasq on pfsense back to separate bind dns servers.

    I conifgured pfsense to use external DNS Servers and i also set the following option in general setup (and rebootet afterwards):

    "Do not use the DNS Forwarder or Resolver as a DNS server for the firewall"

    • By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on Localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers.

    Still, i see sporadic dns queries from localhost in dnsmasq log - but i don`t get a clue which pfsense component is making those and why.

    I`d like to know who is making these queries before disable dnsmasq

    any clues?

    it`s all reverse lookups like these:

    Jun 27 19:07:34 fwkn01 dnsmasq[43263]: query[PTR] 66.159.193.116.in-addr.arpa from 127.0.0.1
    Jun 27 19:12:23 fwkn01 dnsmasq[43263]: query[PTR] 243.202.6.71.in-addr.arpa from 127.0.0.1
    Jun 27 22:36:31 fwkn01 dnsmasq[43263]: query[PTR] 106.9.55.45.in-addr.arpa from 127.0.0.1
    Jun 27 23:32:52 fwkn01 dnsmasq[43263]: query[PTR] 2.111.33.200.in-addr.arpa from 127.0.0.1
    Jun 28 00:18:20 fwkn01 dnsmasq[43263]: query[PTR] 131.110.199.198.in-addr.arpa from 127.0.0.1
    Jun 28 00:21:29 fwkn01 dnsmasq[43263]: query[PTR] 8.117.19.139.in-addr.arpa from 127.0.0.1
    Jun 28 01:46:30 fwkn01 dnsmasq[43263]: query[PTR] 48.178.139.211.in-addr.arpa from 127.0.0.1
    Jun 28 01:46:30 fwkn01 dnsmasq[43263]: query[PTR] 40.165.196.120.in-addr.arpa from 127.0.0.1
    Jun 28 01:46:31 fwkn01 dnsmasq[43263]: query[PTR] 12.192.136.211.in-addr.arpa from 127.0.0.1
    Jun 28 03:23:41 fwkn01 dnsmasq[43263]: query[PTR] 42.47.82.74.in-addr.arpa from 127.0.0.1
    Jun 28 06:32:48 fwkn01 dnsmasq[43263]: query[PTR] 109.96.126.209.in-addr.arpa from 127.0.0.1
    Jun 28 07:17:52 fwkn01 dnsmasq[43263]: query[PTR] 30.246.143.83.in-addr.arpa from 127.0.0.1
    Jun 28 09:17:10 fwkn01 dnsmasq[43263]: query[PTR] 237.113.149.80.in-addr.arpa from 127.0.0.1
    Jun 28 09:17:10 fwkn01 dnsmasq[43263]: query[PTR] 199.26.16.172.in-addr.arpa from 127.0.0.1
    Jun 28 09:17:10 fwkn01 dnsmasq[43263]: query[PTR] 237.113.149.80.in-addr.arpa from 127.0.0.1
    Jun 28 09:40:54 fwkn01 dnsmasq[43263]: query[PTR] 25.8.6.185.in-addr.arpa from 127.0.0.1
    Jun 28 09:40:55 fwkn01 dnsmasq[43263]: query[PTR] 4.0.248.151.in-addr.arpa from 127.0.0.1
    Jun 28 09:42:01 fwkn01 dnsmasq[43263]: query[PTR] 234.81.161.192.in-addr.arpa from 127.0.0.1

    list of successfully resolved reverse queries since jun23:

    [admin@fwkn01]/var/log: clog resolver.log | egrep "127.0.0.1|reply" | grep -v NXDOMAIN | grep -v ixsys | grep reply | cut -d " " -f 9 | sort | uniq -c|sort -rn
      5 127.0.0.1
      4 ns3.cloudflare.com
      4 ns0.ja.net
      3 ns4.cloudflare.com
      2 z.nic.de
      2 support.mesch.dtag.de
      2 secondary006.dtag.net
      2 secondary000.dtag.net
      2 scanresearch1.syssec.ruhr-uni-bochum.de
      2 scan-out.mmci.uni-saarland.de
      2 researchscan311.eecs.umich.edu
      2 researchscan310.eecs.umich.edu
      2 pns.DTAG.DE
      2 pete.ns.cloudflare.com
      2 pdns196.ultradns.org
      2 pdns196.ultradns.info
      2 pdns196.ultradns.com
      2 pdns196.ultradns.co.uk
      2 pdns196.ultradns.biz
      2 nsd.nic.uk
      2 nsc.nic.uk
      2 nsb8.schlundtech.de
      2 nsb.nic.uk
      2 nsb.domain-robot.org
      2 nsa.nic.uk
      2 ns7.cloudflare.com
      2 ns62.1and1.fr
      2 ns6.nameserverservice.de
      2 ns6.dnsmadeeasy.com
      2 ns6.cloudflare.com
      2 ns5.lithium.com
      2 ns5.dns.nl
      2 ns5.cloudflare.com
      2 ns5.cbsig.net
      2 ns4.no-ip.com
      2 ns4.google.com
      2 ns4.dnsmadeeasy.com
      2 ns4.dns.nl
      2 ns4.cbsig.net
      2 ns4-66.akam.net
      2 ns3.lo-res.org
      2 ns3.google.com
      2 ns3.dns.nl
      2 ns3.denic.de
      2 ns3-64.akam.net
      2 ns2.pop-hannover.net
      2 ns2.plusline.net
      2 ns2.plusline.de
      2 ns2.no-ip.com
      2 ns2.nic.fr
      2 ns2.nameserverservice.de
      2 ns2.google.com
      2 ns2.globvill.de
      2 ns2.cbsig.net
      2 ns2.audi.de
      2 ns11.cbsig.net
      2 ns1.zurich.surf.net
      2 ns1.surfnet.nl
      2 ns1.plusline.net
      2 ns1.plusline.de
      2 ns1.no-ip.com
      2 ns1.ja.net
      2 ns1.google.com
      2 ns1.globvill.de
      2 ns1.denic.de
      2 ns1.cbsig.net
      2 ns1-67.akam.net
      2 ns1-66.akam.net
      2 ns.txx.plusline.de
      2 ns.s.plusline.de
      2 ns.pop-hannover.de
      2 ns.plusline.de
      2 ns.asys-h.de
      2 ns-org.ui-dns.org
      2 ns-de.ui-dns.de
      2 ns-com.ui-dns.com
      2 ns-biz.ui-dns.biz
      2 ns-940.awsdns-53.net
      2 ns-798.awsdns-35.net
      2 ns-781.awsdns-33.net
      2 ns-709.awsdns-24.net
      2 ns-628.awsdns-14.net
      2 ns-622.awsdns-13.net
      2 ns-618.awsdns-13.net
      2 ns-460.awsdns-57.com
      2 ns-450.awsdns-56.com
      2 ns-43.awsdns-05.com
      2 ns-421.awsdns-52.com
      2 ns-400.awsdns-50.com
      2 ns-380.awsdns-47.com
      2 ns-371.awsdns-46.com
      2 ns-1and1.ui-dns.com
      2 ns-1and1.ui-dns.biz
      2 ns-1958.awsdns-52.co.uk
      2 ns-1948.awsdns-51.co.uk
      2 ns-1778.awsdns-30.co.uk
      2 ns-1774.awsdns-29.co.uk
      2 ns-1631.awsdns-11.co.uk
      2 ns-161.awsdns-20.com
      2 ns-1603.awsdns-08.co.uk
      2 ns-1382.awsdns-44.org
      2 n.de.net
      2 m.gtld-servers.net
      2 l.root-servers.net
      2 l.gtld-servers.net
      2 l.de.net
      2 k.root-servers.net
      2 k.gtld-servers.net
      2 j.root-servers.net
      2 j.gtld-servers.net
      2 i.root-servers.net
      2 hk-sec4.apnic.net
      2 he-mgt.network.i22.de
      2 g.gtld-servers.net
      2 g.ext.nic.fr
      2 f.root-servers.net
      2 f.nic.de
      2 f.gtld-servers.net
      2 e.root-servers.net
      2 e.ext.nic.fr
      2 dojo.census.shodan.io
      2 dns50.t-ipnet.de
      2 dns4.nic.uk
      2 dns3.nic.uk
      2 dns2.nic.uk
      2 dns1.nic.uk
      2 dns01.sul.t-online.de
      2 dns01.sda.t-online.de
      2 dns00.sul.t-online.de
      2 dns00.btx.dtag.de
      2 dns.voerde.globvill.de
      2 dns.dns3.de
      2 census9.shodan.io
      2 c.ns14.net
      2 c.gtld.biz
      2 c.gtld-servers.net
      2 b2.info.afilias-nst.org
      2 b0.org.afilias-nst.org
      2 b.root-servers.net
      2 b.ns14.net
      2 b.gtld-servers.net
      2 b.cctld.us
      2 b.au
      2 auth60.ns.uu.net
      2 auth54.ns.de.uu.net
      2 auth50.ns.de.uu.net
      2 auth200.ns.uu.net
      2 auth04.ns.de.uu.net
      2 auth00.ns.de.uu.net
      2 au.gamma.aridns.net.au
      2 au.delta.aridns.net.au
      2 au.beta.aridns.net.au
      2 ari.gamma.aridns.net.au
      2 ari.delta.aridns.net.au
      2 ari.beta.aridns.net.au
      2 ari.alpha.aridns.net.au
      2 a96-7-50-192.deploy.akamaitechnologies.com
      2 a96-7-49-194.deploy.akamaitechnologies.com
      2 a96-7-49-193.deploy.akamaitechnologies.com
      2 a95-101-36-192.deploy.akamaitechnologies.com
      2 a95-100-173-192.deploy.akamaitechnologies.com
      2 a95-100-168-194.deploy.akamaitechnologies.com
      2 a95-100-168-193.deploy.akamaitechnologies.com
      2 a88-221-254-28.deploy.akamaitechnologies.com
      2 a88-221-118-159.deploy.akamaitechnologies.com
      2 a84-53-139-192.deploy.akamaitechnologies.com
      2 a7-64.akam.net
      2 a6-67.akam.net
      2 a23-74-25-192.deploy.static.akamaitechnologies.com
      2 a23-61-199-194.deploy.static.akamaitechnologies.com
      2 a23-211-61-193.deploy.static.akamaitechnologies.com
      2 a22-67.akam.net
      2 a2-22-230-192.deploy.akamaitechnologies.com
      2 a2-16-60-22.deploy.akamaitechnologies.com
      2 a2-16-60-133.deploy.akamaitechnologies.com
      2 a2-16-60-132.deploy.akamaitechnologies.com
      2 a2-16-40-192.deploy.akamaitechnologies.com
      2 a184-85-248-193.deploy.static.akamaitechnologies.com
      2 a184-26-161-192.deploy.static.akamaitechnologies.com
      2 a184-26-160-192.deploy.static.akamaitechnologies.com
      2 a18-64.akam.net
      2 a12-67.akam.net
      2 a11-66.akam.net
      2 a1-67.akam.net
      2 a1-66.akam.net
      2 a0.org.afilias-nst.info
      2 a.gtld.biz
      2 a.au
      2 G.ROOT-SERVERS.NET
      2 Debian8202243.aspadmin.net
      2 C0.INFO.AFILIAS-NST.INFO
      2 7-202-237-104.reverse-dns.denver
      2 203-76-174-59.revdns.8toinfinity.com.sg
      2 116-193-159-66.pacswitch.com
      1 z.dns.eu
      1 z.arin.net
      1 y.dns.eu
      1 xo.cybercon.de
      1 xenon.bund.de
      1 xe-0.telnetscanproject.org.dllstx09.us.bb.gin.ntt.net
      1 x.dns.eu
      1 x.arin.net
      1 www.rainbowisp.co.in
      1 www.otans.com
      1 www.highflyexchange.com
      1 worker-06-23-9.stretchoid.com
      1 worker-06-23-81.stretchoid.com
      1 worker-06-23-46.stretchoid.com
      1 worker-06-23-44.stretchoid.com
      1 worker-06-23-37.stretchoid.com
      1 worker-06-23-12.stretchoid.com
      1 worker-05-31-88.stretchoid.com
      1 worker-05-31-81.stretchoid.com
      1 worker-05-31-63.stretchoid.com
      1 worker-05-31-59.stretchoid.com
      1 worker-05-31-15.stretchoid.com
      1 wombat.dhs.org
      1 webhost1.mel.xi.com.au
      1 vpn-gw-prod-009.dal0-sfl.ff.avast.com
      1 v49.gametris.com
      1 usve255809.serverprofi24.net
      1 uk.dns.eu
      1 u2.amazonaws.com
      1 u1.amazonaws.com
      1 u.ns.at
      1 u.arin.net
      1 srv3-bmcecapitalgestion.ma
      1 srv3-bmcecapitalgestion.com
      1 srv3-bkg.ma
      1 slcheong.com
      1 sky.census.shodan.io
      1 si.dns.eu
      1 serveur.statistic.gov.ma
      1 server1.ecopaper.com.br
      1 sck.stargard.pl
      1 researchscan318.eecs.umich.edu
      1 researchscan317.eecs.umich.edu
      1 researchscan316.eecs.umich.edu
      1 researchscan315.eecs.umich.edu
      1 researchscan314.eecs.umich.edu
      1 researchscan313.eecs.umich.edu
      1 researchscan312.eecs.umich.edu
      1 researchscan309.eecs.umich.edu
      1 researchscan308.eecs.umich.edu
      1 researchscan307.eecs.umich.edu
      1 researchscan306.eecs.umich.edu
      1 researchscan305.eecs.umich.edu
      1 researchscan304.eecs.umich.edu
      1 researchscan303.eecs.umich.edu
      1 res2.is.centurylink.net
      1 remote.tramontaklima.cz
      1 rc.hotkeys.com
      1 r.ns.at
      1 pwmbrasil.static.gvt.net.br
      1 posta.gmm.com.tr
      1 posta.corobo.com
      1 posta.bloway.com.tr
      1 posta.ankaelektrik.com
      1 pool-108-18-165-252.washdc.east.verizon.net
      1 pirate.census.shodan.io
      1 pdns249.ultradns.net
      1 pdns196.ultradns.net
      1 orion.kriegisch.at
      1 orcldns3.ultradns.biz
      1 orcldns2.ultradns.net
      1 orcldns1.ultradns.com
      1 obdns02.myexchangehost.com
      1 nuernberg.bund.de
      1 nsd8.schlundtech.de
      1 nsd.domain-robot.org
      1 nsc8.schlundtech.de
      1 nsc0.schlundtech.de
      1 nsc.domain-robot.org
      1 nsa8.schlundtech.de
      1 nsa.domain-robot.org
      1 ns9.univie.ac.at
      1 ns9.host1plus.com
      1 ns8.dnsmadeeasy.com
      1 ns7.markmonitor.com
      1 ns7.dynamicnetworkservices.net
      1 ns7.dnsmadeeasy.com
      1 ns7-67.akam.net
      1 ns6.skybroadband.com.ph
      1 ns6.markmonitor.com
      1 ns6.kasserver.com
      1 ns6.dynamicnetworkservices.net
      1 ns5.skybroadband.com.ph
      1 ns5.nameserverservice.de
      1 ns5.maxis.net.my
      1 ns5.markmonitor.com
      1 ns5.kasserver.com
      1 ns5.inwx.net
      1 ns5.dynamicnetworkservices.net
      1 ns5.dnsmadeeasy.com
      1 ns5-67.akam.net
      1 ns42.hostforweb.net
      1 ns41.hostforweb.net
      1 ns4.skybroadband.com.ph
      1 ns4.p31.dynect.net
      1 ns4.markmonitor.com
      1 ns4.dynamicnetworkservices.net
      1 ns4.bbc.co.uk
      1 ns39.1und1.de
      1 ns34.skybroadband.com.ph
      1 ns33.skybroadband.com.ph
      1 ns3.skybroadband.com.ph
      1 ns3.p31.dynect.net
      1 ns3.no-ip.com
      1 ns3.markmonitor.com
      1 ns3.inwx.eu
      1 ns3.dynamicnetworkservices.net
      1 ns3.dnsmadeeasy.com
      1 ns3.bbc.co.uk
      1 ns3-eu.123ns.eu
      1 ns3-67.akam.net
      1 ns20.domaincontrol.com
      1 ns2.wikimedia.org
      1 ns2.upc.biz
      1 ns2.univie.ac.at
      1 ns2.telefonica-data.com
      1 ns2.surfnet.nl
      1 ns2.serversure.net
      1 ns2.pnap.net
      1 ns2.p31.dynect.net
      1 ns2.nodesecure.de
      1 ns2.markmonitor.com
      1 ns2.inwx.de
      1 ns2.dynamicnetworkservices.net
      1 ns2.dnsmadeeasy.com
      1 ns2.connect.net.pk
      1 ns2.anycastdns.ch
      1 ns2.anet.net.tr
      1 ns2-i.rollernet.us
      1 ns2-eu.123ns.de
      1 ns19.domaincontrol.com
      1 ns14.domaincontrol.com
      1 ns1.wikimedia.org
      1 ns1.volsolutions.pl
      1 ns1.upc.biz
      1 ns1.telkom.net.id
      1 ns1.palcom.com.tw
      1 ns1.p31.dynect.net
      1 ns1.p16.dynect.net
      1 ns1.nodesecure.com
      1 ns1.nameserverservice.de
      1 ns1.gd.cnmobile.net
      1 ns1.gd.chinamobile.com
      1 ns1.gchao.com
      1 ns1.dynamicnetworkservices.net
      1 ns1.dnsmadeeasy.com
      1 ns1.compalcomm.com
      1 ns1.communitydns.net
      1 ns1.bermanblake.com
      1 ns1.anet.net.tr
      1 ns1-i.rollernet.us
      1 ns1-eu.123ns.eu
      1 ns1-198.akam.net
      1 ns0.wikimedia.org
      1 ns0.thdow.bbc.co.uk
      1 ns0.rbsov.bbc.co.uk
      1 ns0.fft.bbc.co.uk
      1 ns0.dnsmadeeasy.com
      1 ns.udag.org
      1 ns.udag.net
      1 ns.udag.de
      1 ns.serversure.net
      1 ns.metro.info
      1 ns.metro.de
      1 ns.lzptt.gx.cn
      1 ns.km20127.keymachine.de
      1 ns.immobilienscout24.de
      1 ns.gxnnptt.net.cn
      1 ns.domrobot.net
      1 ns-lacnic.nic.mx
      1 ns-de.ui-dns.org
      1 ns-com.ui-dns.de
      1 ns-com.ui-dns.biz
      1 ns-cloud-d1.googledomains.com
      1 ns-cloud-c1.googledomains.com
      1 ns-biz.ui-dns.de
      1 ns-967.awsdns-56.net
      1 ns-956.awsdns-55.net
      1 ns-952.awsdns-55.net
      1 ns-923.awsdns-51.net
      1 ns-919.awsdns-50.net
      1 ns-906.awsdns-49.net
      1 ns-903.awsdns-48.net
      1 ns-821.awsdns-38.net
      1 ns-817.awsdns-38.net
      1 ns-815.awsdns-37.net
      1 ns-813.awsdns-37.net
      1 ns-758.awsdns-30.net
      1 ns-739.awsdns-28.net
      1 ns-730.awsdns-27.net
      1 ns-707.awsdns-24.net
      1 ns-666.awsdns-19.net
      1 ns-63.awsdns-07.com
      1 ns-576.awsdns-08.net
      1 ns-572.awsdns-07.net
      1 ns-500.awsdns-62.com
      1 ns-494.awsdns-61.com
      1 ns-492.awsdns-61.com
      1 ns-489.awsdns-61.com
      1 ns-461.awsdns-57.com
      1 ns-456.awsdns-57.com
      1 ns-425.awsdns-53.com
      1 ns-4.awsdns-00.com
      1 ns-358.awsdns-44.com
      1 ns-347.awsdns-43.com
      1 ns-341.awsdns-42.com
      1 ns-327.awsdns-40.com
      1 ns-27.awsdns-03.com
      1 ns-2023.awsdns-60.co.uk
      1 ns-1960.awsdns-53.co.uk
      1 ns-1852.awsdns-39.co.uk
      1 ns-1838.awsdns-37.co.uk
      1 ns-1823.awsdns-35.co.uk
      1 ns-1817.awsdns-35.co.uk
      1 ns-1790.awsdns-31.co.uk
      1 ns-1780.awsdns-30.co.uk
      1 ns-1772.awsdns-29.co.uk
      1 ns-1742.awsdns-25.co.uk
      1 ns-1725.awsdns-23.co.uk
      1 ns-1707.awsdns-21.co.uk
      1 ns-1614.awsdns-09.co.uk
      1 ns-1613.awsdns-09.co.uk
      1 ns-1537.awsdns-00.co.uk
      1 ns-1498.awsdns-59.org
      1 ns-1496.awsdns-59.org
      1 ns-142.awsdns-17.com
      1 ns-1395.awsdns-46.org
      1 ns-1393.awsdns-46.org
      1 ns-139.awsdns-17.com
      1 ns-1387.awsdns-45.org
      1 ns-1372.awsdns-43.org
      1 ns-1363.awsdns-42.org
      1 ns-1351.awsdns-40.org
      1 ns-131.awsdns-16.com
      1 ns-129.awsdns-16.com
      1 ns-1214.awsdns-23.org
      1 ns-1209.awsdns-23.org
      1 ns-1196.awsdns-21.org
      1 ns-1194.awsdns-21.org
      1 ns-119.awsdns-14.com
      1 ns-1113.awsdns-11.org
      1 ns-1060.awsdns-04.org
      1 ns-1059.awsdns-04.org
      1 ns-1053.awsdns-03.org
      1 ns-1038.awsdns-01.org
      1 ns-1030.awsdns-00.org
      1 ns-1028.awsdns-00.org
      1 nl.dns.eu
      1 ninja.census.shodan.io
      1 nina.ns.cloudflare.com
      1 mxout1.serverproof.net
      1 mo-71-51-209-17.dhcp.embarqhsd.net
      1 mate.lo-res.org
      1 mason.census.shodan.io
      1 mailhost.techtarget.com
      1 mail1.companya1.pw
      1 mail.passaromarron.com.br
      1 mail.menhoo.com
      1 mail.icaslegal.com
      1 mail.gunaydesign.com
      1 mail.e-turn.net
      1 m4705.contaboserver.net
      1 ll212-34-27-217-212.ll212.iam.net.ma
      1 ll194-210-233-204-194.ll194.iam.net.ma
      1 li1610-103.members.linode.com
      1 lb-182-207.above.com
      1 k.cctld.us
      1 jenkins-edamame.osuosl.org
      1 j.ns.at
      1 isr82.internetdsl.tpnet.pl
      1 isp-dns1.fpt.vn
      1 ip66-3-44-167.z44-3-66.customer.algx.net
      1 ip59.ip-217-182-39.eu
      1 ip50.ip-188-165-24.eu
      1 ip198.ip-79-137-3.eu
      1 ip03.block01.shieldy.eu
      1 ip-space-by.osso.nl
      1 ip-177-77-151-32.user.vivozap.com.br
      1 ip-173-254-179-200.ragingwire.net
      1 ip-15-214-239-173.east.us.northamericancoax.com
      1 i.gtld-servers.net
      1 host42-35-static.46-85-b.business.telecomitalia.it
      1 hcm-dns1.sctv.vn
      1 h.gtld-servers.net
      1 gqf91.internetdsl.tpnet.pl
      1 gateny.fame.com
      1 fra14.ff.avast.com
      1 fra03-016.ff.avast.com
      1 fl-184-0-239-188.dhcp.centurylinkservices.net
      1 f.gtld.biz
      1 eser02-dns.xenet.de
      1 eser01-dns.xenet.de
      1 e.gtld.biz
      1 e.gtld-servers.net
      1 e.cctld.us
      1 dominus.nettron.net.br
      1 dnsresearch.cymru.com
      1 dns5.registrar-servers.com
      1 dns4.registrar-servers.com
      1 dns3.registrar-servers.com
      1 dns2.viettel.com.vn
      1 dns2.vietel.com.vn
      1 dns2.telkom.net.id
      1 dns2.telekom.de
      1 dns2.registrar-servers.com
      1 dns2.psychz.net
      1 dns2.namecheaphosting.com
      1 dns1.wocloud.cn
      1 dns1.viettel.com.vn
      1 dns1.vietel.com.vn
      1 dns1.telstra.net
      1 dns1.telkom.net.id
      1 dns1.shahrad.net
      1 dns1.registrar-servers.com
      1 dns1.namecheaphosting.com
      1 dns1.hcm.fpt.vn
      1 dns1.bmcek.co.ma
      1 dns01.thinkcsc.net
      1 dns01.germanwings.com
      1 dns00.sda.t-online.de
      1 dns.tsinghua.edu.cn
      1 dns.globvill.de
      1 dns.dns4.de
      1 dns.dns2.de
      1 dns.dns1.de
      1 dns.connect.net.pk
      1 dns.bmcek.co.ma
      1 dns-1.dfn.de
      1 dhcp-202-58-157-201.voip.canet.ne.jp
      1 dell.ns.cloudflare.com
      1 dauntless.sleepycat.com.au
      1 dana.ns.cloudflare.com
      1 damon.ns.cloudflare.com
      1 dalek.spiridon.org
      1 d33.verisigndns.com
      1 d32.verisigndns.com
      1 d31.verisigndns.com
      1 d3.verisigndns.com
      1 d23.verisigndns.com
      1 d22.verisigndns.com
      1 d21.verisigndns.com
      1 d2.verisigndns.com
      1 d0.org.afilias-nst.org
      1 d.root-servers.net
      1 d.ns14.net
      1 d.ns.at
      1 d.gtld-servers.net
      1 cz.dns.eu
      1 cmtu.mt.ns.els-gms.att.net
      1 census4.shodan.io
      1 census12.shodan.io
      1 census1.shodan.io
      1 c0.org.afilias-nst.org
      1 c0.nic.payu
      1 c.root-servers.net
      1 c.in-addr-servers.arpa
      1 c.customer-auth.net
      1 c.cctld.us
      1 burger.census.shodan.io
      1 ben.ns.cloudflare.com
      1 bamberg.bund.de
      1 b4-1.oneworlddns.net
      1 b3-1.oneworlddns.net
      1 b2.org.afilias-nst.org
      1 b0.nic.payu
      1 b.xnameserver.de
      1 b.gtld.biz
      1 b.customer-auth.net
      1 auth23.ns.gin.ntt.net
      1 auth22.ns.gin.ntt.net
      1 auth210.ns.uu.net
      1 auth2.ns.sxb.ps-intern.de
      1 auth1.ns.cgn.ps-intern.de
      1 auth00.ns.uu.net
      1 aut-mysql2.cybercon.de
      1 audac213.static.gvt.net.br
      1 au.alpha.aridns.net.au
      1 atlantic.census.shodan.io
      1 asia3.akam.net
      1 arin.authdns.ripe.net
      1 argon.bund.de
      1 anysec.apnic.net
      1 ans2.hinet.net
      1 ans02.domaincontrol.com
      1 ans01.domaincontrol.com
      1 ams01-029.ff.avast.com
      1 adsl-pool2-162.metrotel.net.co
      1 adsl-75-0-244-137.dsl.crchtx.sbcglobal.net
      1 adsl-065-012-227-142.sip.mia.bellsouth.net
      1 a95-101-91-84.deploy.akamaitechnologies.com
      1 a95-100-169-37.deploy.akamaitechnologies.com
      1 a95-100-169-36.deploy.akamaitechnologies.com
      1 a9-67.akam.net
      1 a88-221-81-194.deploy.akamaitechnologies.com
      1 a88-221-118-150.deploy.akamaitechnologies.com
      1 a88-221-118-148.deploy.akamaitechnologies.com
      1 a7-67.akam.net
      1 a5-67.akam.net
      1 a5-65.akam.net
      1 a4-67.akam.net
      1 a3-67.akam.net
      1 a28-67.akam.net
      1 a23-61-199-193.deploy.static.akamaitechnologies.com
      1 a23-211-133-192.deploy.static.akamaitechnologies.com
      1 a22-64.akam.net
      1 a2.org.afilias-nst.info
      1 a2.info.afilias-nst.info
      1 a2-67.akam.net
      1 a2-22-230-193.deploy.akamaitechnologies.com
      1 a184-85-248-194.deploy.static.akamaitechnologies.com
      1 a18-67.akam.net
      1 a18-65.akam.net
      1 a16-65.akam.net
      1 a13-67.akam.net
      1 a13-65.akam.net
      1 a12-65.akam.net
      1 a11-67.akam.net
      1 a11-64.akam.net
      1 a1-198.akam.net
      1 a0.nic.payu
      1 a.root-servers.net
      1 a.ns14.net
      1 a.nic.de
      1 a.gtld-servers.net
      1 a.dns.cn
      1 a.customer-auth.net
      1 a.cctld.us
      1 a.arpa.dns.br
      1 UNKNOWN-68-180-131-X.yahoo.com
      1 SIK4Landing-cns02.northlake.il.ndcchgo.comcast.net
      1 NODATA-IPv6
      1 M.ROOT-SERVERS.NET
      1 LNeuilly-656-1-148-64.w80-11.abo.wanadoo.fr
      1 HSI-KBW-095-208-208-250.hsi5.kabel-badenwuerttemberg.de
      1 B0.INFO.AFILIAS-NST.ORG
      1 A0.INFO.AFILIAS-NST.INFO
      1 92.36.77.222.broad.qz.fj.dynamic.163data.com.cn
      1 88.247.171.96.dynamic.ttnet.com.tr
      1 85.105.170.119.static.ttnet.com.tr
      1 85.105.133.229.static.ttnet.com.tr
      1 85.102.151.106.dynamic.ttnet.com.tr
      1 81.213.63.139.dynamic.ttnet.com.tr
      1 78.189.85.27.dynamic.ttnet.com.tr
      1 78.188.37.88.dynamic.ttnet.com.tr
      1 64.125.239.9.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.8.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.6.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.5.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.3.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.23.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.22.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.21.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.20.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.2.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.19.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.18.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.17.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.16.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.15.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.14.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.13.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.12.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.11.IPYX-103607-ZYO.zip.zayo.com
      1 64.125.239.10.IPYX-103607-ZYO.zip.zayo.com
      1 62.169.90.150.rev.optimus.pt
      1 62-210-152-191.rev.poneytelecom.eu
      1 59-124-225-233.HINET-IP.hinet.net
      1 59-124-140-68.HINET-IP.hinet.net
      1 53.139.28.117.broad.xm.fj.dynamic.163data.com.cn
      1 50-202-27-98-static.hfc.comcastbusiness.net
      1 44.205.164.60.dail.ln.gs.dynamic.163data.com.cn
      1 233.63.157.27.broad.zz.fj.dynamic.163data.com.cn
      1 212.175.250.232.static.ttnet.com.tr
      1 212-112-50-22.sajtus.se
      1 201-91-72-173.customer.tdatabrasil.net.br
      1 201-175-0-78.kionetworks.com
      1 200-113-125-82.static.tie.cl
      1 173-202-151-102.dyn.centurytel.net
      1 172.16.30.39
      1 105.161.92.117.broad.lyg.js.dynamic.163data.com.cn
      1 103-10-197-18.pacswitch.com
      1 103-10-197-106.pacswitch.com

    1 Reply Last reply Reply Quote 0
    • R
      rolandk
      last edited by Jun 28, 2017, 9:09 AM

      apparently, i see an entry being added when doing a portscan on the public interface from an external adress.

      so something on the firewall detects that somebody is trying to connect from remote and does a reverse lookup

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by Jun 28, 2017, 1:55 PM Jun 28, 2017, 1:29 PM

        I quite often see blocked DNS lookups from  *.stretchoid.com hitting my default deny on my WAN interface.

        Do you allow DNS requests to your WAN interface.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by Jun 28, 2017, 1:55 PM

          What DNS Servers do you have defined under System > General? If you have no DNS Servers configured, even if you omit localhost for DNS it will be used because the OS assumes localhost by default if no DNS servers are defined.

          @rolandk:

          apparently, i see an entry being added when doing a portscan on the public interface from an external adress.

          so something on the firewall detects that somebody is trying to connect from remote and does a reverse lookup

          Nothing in the default base system would do that, do you have any packages such as Snort or Suricata installed?

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • K
            Karun
            last edited by Mar 13, 2018, 8:01 PM

            My firewall is exhibiting the same symptoms. No unknown DNS calls on the LAN side, plenty on the WAN side. PFSense 2.4.2-RELEASE-p1 running the following packages.

            Suricata 4.0.3_1
            squid    0.4.43
            acme    0.2.2

            I'm not a fan of my firewall making connections to servers I did not explicitly state.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received