OPNsense Forum

Hello All,

So I've noticed that the gateway it self makes number of udp requests to 208.67.222.222:443 which is a OpenDNS host.
The frequency varies between 10s of requests per minutes to 1 every few minutes.
I have never enabled OpenDNS support nor do I plan to.

I want to learn about why are these requests made and what will be affected if they are disabled.

So far I've setup a firewall rule to block such requests and I've seen no degradation in the GW performance. But I would prefer if no such requests are made at all unless I've opendns enabled.

The router would only be contacting opendns if you have settings that tell it to.

What is configured under Systen-->Settings-->General for dns.

There are no dns servers configures but "Allow DNS server list to be overridden by DHCP/PPP on WAN" is enabled

I just checked if my ISP is sending the opendns server in the DHCP response and they are not. 

What plugins do you use?

are you using unbound or dnsmasq?

Check Serivces--> OpenDNS did you enable it there by mistake? (It's not enabled by default)

installed plugins:

• os-acme-client
• os-api-backup
• os-bind
• os-firewall
• os-munin-node
• os-theme-cicada
• os-theme-rebellion
• os-theme-tukan
• os-theme-vicuna
• os-tinc
• os-tor
• os-wol

Both unbound and bind are enabled:
dns traffic from a particular internal host is redirected to bind
rest of the network is served using unbound

OpenDNS is not enabled and have never been enabled

can you get a pcap so we can see what it's looking up, might help with tracking it down.

False alarm!

I was able to trace to source to a visitors device. Strange why only the out going packages showed in the live view.

Anyway here is what the packets looked like if someone is interested (sensitive information have been removed)

Request:

0000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020   00 00 00 00 00 00 00 00 00 00 76 a2 81 80 00 01   ..........v.....
0030   00 00 00 00 00 00 01 32 0d 64 6e 73 63 52 59 50   .......2.dnscRYP
0040   74 2d 63 45 52 54 07 6f 70 45 6e 44 6e 73 03 43   t-cERT.opEnDns.C
0050   4f 6d 00 00 10 00 01                              Om.....



Response:

0000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0020   00 00 00 00 00 00 00 00 00 00 76 a2 81 80 00 01   ..........v.....
0030   00 01 00 00 00 00 01 32 0d 64 6e 73 63 52 59 50   .......2.dnscRYP
0040   74 2d 63 45 52 54 07 6f 70 45 6e 44 6e 73 03 43   t-cERT.opEnDns.C
0050   4f 6d 00 00 10 00 01 c0 0c 00 10 00 01 00 00 06   Om..............
0060   ba 00 7d 7c 44 4e 53 43 00 01 00 00 bf 8f 81 b9   ..}|DNSC........
0070   2b 6e ce ef a3 1a 25 0e b8 b2 1d a7 1b b2 97 f5   +n....%.........
0080   22 3e 77 ae e1 04 66 ed dc 19 03 59 c9 0c e5 6a   ">w...f....Y...j
0090   73 be 19 3a 62 e8 1a ea e7 31 14 02 b9 76 8e 1a   s..:b....1...v..
00a0   79 3b f5 00 de 8e aa 35 56 66 cf 09 6f 08 19 a2   y;.....5Vf..o...
00b0   e0 63 60 b3 24 99 e5 34 0c 0e 8b 30 f5 cf b1 76   .c`.$..4...0...v
00c0   df 19 2b c7 2c 52 81 32 88 95 54 2a 71 6a 7a 6d   ..+.,R.2..T*qjzm
00d0   6d 48 6a 53 5f 90 d2 47 5f 90 d2 47 61 72 05 c7   mHjS_..G_..Gar..