Show Posts
1
23.7 Legacy Series / Re: Suspicious DNS queries with new Draytek Vigor 166 setup
« on: May 23, 2024, 10:37:57 am »
Have you made any progress in your analysis?
I stumbled across this topic as I have a similar setup and behaviour.
I have a DrayTek Vigor 165 with firmware 4.1.1_STD set up in bridge mode.
In my FW logs I see many requests on the WAN interface to (unknown to me) IP's on port 53 (attached screenshot).
I wonder a) where these requests are coming from and b) what strange DNS (?) servers these are.
I stumbled across this topic as I have a similar setup and behaviour.
I have a DrayTek Vigor 165 with firmware 4.1.1_STD set up in bridge mode.
In my FW logs I see many requests on the WAN interface to (unknown to me) IP's on port 53 (attached screenshot).
I wonder a) where these requests are coming from and b) what strange DNS (?) servers these are.