Print Page - DNS calls to opnsense.emergingthreats.net

Title: DNS calls to opnsense.emergingthreats.net
Post by: vecchiostupido on November 30, 2020, 07:37:44 PM

I have installed Suricata and I use the ET Telemetry. I also have a Pihole as my local DNS, resolves back to Unbound in OPNSense

The Pihole has hundreds of calls per minute to opnsense.emergingthreats.net, see example from Pihole log below. The calls are from my OPNsense firewall (192.168.121.1), that's why I am posting on this forum

Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25
Nov 29 10:01:11 dnsmasq[580]: query[AAAA] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is NODATA-IPv6
Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25

I checked my Suricata logs and the Unbound logs in OPNSense, nothing going on (e.g. no calls out to 72.12.200.25 - Wintek.com - data provider).

Any suggestions on how to diagnose what is going on ?

Title: Re: DNS calls to opnsense.emergingthreats.net
Post by: dancwilliams on February 13, 2023, 04:34:34 PM

Did you ever figure this out? I am seeing the same thing!

OPNsense Forum

English Forums => General Discussion => Topic started by: vecchiostupido on November 30, 2020, 07:37:44 PM