Help With DNS Proxy Rule
-
Good day,
I have a set of rules which pass DNS traffic for my preferred servers which are set in the firewall (CloudFlare), and block anything trying to proxy their DNS traffic to get around those servers.
So, continually getting blocks from the rule, I'm trying to figure out what is trying to connect...
I'm wondering where I can look to see why some element of ExpressVPN is trying to make these connections, even though I'm not currently connected to their VPN. Just to understand it, and whether I should allow these connections...
The output of 'resolvectl status' shows it's related to Express VPN, but I'm not actively connected to them right now...
Does anyone have any thoughts that cold help me understand this better, or any advice whether to keep blocking the connections. Everything works without these connections passing.
-
@wormuths
What's the device at 172.16.0.60? That's where the request is coming from. Could it be an ExpressVPN app on the device? Or an "always on" VPN connection on a phone or tablet? Or some other service that is trying to connect to the DNS server? -
@dma_pf It’s a laptop, and yes, Express VPN is installed. My curiosity is why is it flooding requests to its own DNS even when the VPN is disconnected?
I turn the VPN on from the CLI when I want to activate it, but it’s constantly bombarding with requests when it’s off. Also, when I pass the traffic, it makes connections on, I believe, port 3000. If I remember correctly.
And I traced the connection it makes back to some Google/Mozilla thing. mozgcp.net
https://support.mozilla.org/en-US/questions/1352614
But all this happens even with the VPN connection turned off? If Mozilla and Google are constantly connected using my VPN, how is the VPN providing anonymity?