"
Hi,
I just did some regular maintenance and took the time to disable isc-dhcpd and move to Dnsmasq.
I now have both unbound and Dnsmasq running in a config closely resembling the docs at https://docs.opnsense.org/manual/dnsmasq.html
As I was debugging a connection issue with one of the devices on my network, I noticed there is a lot (on the order of 20 requests per second) of traffic outgoing from my network on UDP port 53. All this traffic is being passed under "let out anything from firewall host itself" and the "(force gw)" rules
I assume this is either Dnsmasq or unbound doing their thing, but I am surprised at the sheer volume of requests, considering my phone and laptop are the only active devices on the network right now.
It doesn't look particularly malicious, as it appears to be contacting registries, dns providers, aws, Akamai et all.
On the other hand I don't particularly see a reason for my dns to be querying LACNIC or AFRINIC as I am fairly unlikely to connect to services in Latin America or Africa.
Am I being overly cautious and does running DNS locally just cause lots of requests, or is there something I might have to look into, if only to be a better netizen and not spam the DNS providers unnecessarily?
I just did some regular maintenance and took the time to disable isc-dhcpd and move to Dnsmasq.
I now have both unbound and Dnsmasq running in a config closely resembling the docs at https://docs.opnsense.org/manual/dnsmasq.html
As I was debugging a connection issue with one of the devices on my network, I noticed there is a lot (on the order of 20 requests per second) of traffic outgoing from my network on UDP port 53. All this traffic is being passed under "let out anything from firewall host itself" and the "(force gw)" rules
I assume this is either Dnsmasq or unbound doing their thing, but I am surprised at the sheer volume of requests, considering my phone and laptop are the only active devices on the network right now.
It doesn't look particularly malicious, as it appears to be contacting registries, dns providers, aws, Akamai et all.
On the other hand I don't particularly see a reason for my dns to be querying LACNIC or AFRINIC as I am fairly unlikely to connect to services in Latin America or Africa.
Am I being overly cautious and does running DNS locally just cause lots of requests, or is there something I might have to look into, if only to be a better netizen and not spam the DNS providers unnecessarily?
