1
20.1 Legacy Series / Constant DNS request from firewall
« on: May 02, 2020, 07:40:00 am »
I am noticing that my firewall keeps sending dns request to 1.1.1.1:53. The domain it keeps sending is config.amcrestcloud.com. This is probably from my cameras originally. But to test out things I disabled all amcrest cameras and the dns keeps going, every few seconds and does not stop.
__timestamp__ May 2 01:38:11
action [pass]
anchorname
datalen 49
dir [out]
dst 1.1.1.1 [one.one.one.one]
dstport 53
ecn
id 51000
interface bge1
ipflags DF
label let out anything from firewall host itself (force gw)
length 69
offset 0
proto 17
protoname udp
reason match
rid b982490a613ebfd2d24f6162e719143b
ridentifier 0
rulenr 83
src MY FIREWALL
srcport 45417
subrulenr
tos 0x0
ttl 63
version 4
Any suggestions? Rebooted a few times. I attached a ntopng screenshot. I can see the DNS request also on here.
__timestamp__ May 2 01:38:11
action [pass]
anchorname
datalen 49
dir [out]
dst 1.1.1.1 [one.one.one.one]
dstport 53
ecn
id 51000
interface bge1
ipflags DF
label let out anything from firewall host itself (force gw)
length 69
offset 0
proto 17
protoname udp
reason match
rid b982490a613ebfd2d24f6162e719143b
ridentifier 0
rulenr 83
src MY FIREWALL
srcport 45417
subrulenr
tos 0x0
ttl 63
version 4
Any suggestions? Rebooted a few times. I attached a ntopng screenshot. I can see the DNS request also on here.