Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Constant DNS request from firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: Constant DNS request from firewall (Read 2207 times)
deputycag
Newbie
Posts: 14
Karma: 0
Constant DNS request from firewall
«
on:
May 02, 2020, 07:40:00 am »
I am noticing that my firewall keeps sending dns request to 1.1.1.1:53. The domain it keeps sending is config.amcrestcloud.com. This is probably from my cameras originally. But to test out things I disabled all amcrest cameras and the dns keeps going, every few seconds and does not stop.
__timestamp__ May 2 01:38:11
action [pass]
anchorname
datalen 49
dir [out]
dst 1.1.1.1 [one.one.one.one]
dstport 53
ecn
id 51000
interface bge1
ipflags DF
label let out anything from firewall host itself (force gw)
length 69
offset 0
proto 17
protoname udp
reason match
rid b982490a613ebfd2d24f6162e719143b
ridentifier 0
rulenr 83
src MY FIREWALL
srcport 45417
subrulenr
tos 0x0
ttl 63
version 4
Any suggestions? Rebooted a few times. I attached a ntopng screenshot. I can see the DNS request also on here.
«
Last Edit: May 02, 2020, 07:45:37 am by deputycag
»
Logged
Mitheor
Newbie
Posts: 36
Karma: 1
Re: Constant DNS request from firewall
«
Reply #1 on:
May 02, 2020, 08:54:37 am »
Why don´t you try a tcpdump and check if these queries are still being generated by a device in your network?
tcpdump -i eth0 udp port 53 (could be a stricter filter if needed)
Logged
deputycag
Newbie
Posts: 14
Karma: 0
Re: Constant DNS request from firewall
«
Reply #2 on:
May 02, 2020, 03:00:44 pm »
Problem solved. Found the device using tcpdump. Corrected the problem and dns requests stopped. Thank you.
Logged
Mitheor
Newbie
Posts: 36
Karma: 1
Re: Constant DNS request from firewall
«
Reply #3 on:
May 02, 2020, 04:05:55 pm »
Good to know, good job
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Constant DNS request from firewall
